Passing data from an untrusted source into a cookie or web response might expose the user to HTTP response splitting attacks. An attacker might send manipulated requests that could inject code into a cookie or the body of the response.
1public void headerSplittingProtectionDisabledNoncompliant() {
2 // Noncompliant: false argument disables header validation.
3 final DefaultHttpHeaders headers = new DefaultHttpHeaders(false);
4 headers.clear();
5}
1public void addToCookieWithoutSanitizationNoncompliant(HttpServletRequest request, HttpServletResponse response) {
2 final String name = request.getParameter("name");
3 // Noncompliant: parameter added to cookie might contain special chars.
4 Cookie cookie = new Cookie("name", name);
5 cookie.setSecure(true);
6 response.addCookie(cookie);
7}
1public void headerSplittingProtectionEnabledCompliant() {
2 // Compliant: header validation is enabled by default.
3 final DefaultHttpHeaders headers = new DefaultHttpHeaders();
4 headers.clear();
5 // Compliant: header validation is enabled explicitly.
6 final DefaultHttpHeaders moreHeaders = new DefaultHttpHeaders(true);
7 moreHeaders.clear();
8}
1public void addToCookieWithSanitizationCompliant(HttpServletRequest request, HttpServletResponse response) {
2 // Compliant: parameter sanitized before adding to cookie.
3 final String name = request.getParameter("name").replaceAll("[^a-zA-Z ]", "");
4 Cookie cookie = new Cookie("name", name);
5 cookie.setSecure(true);
6 response.addCookie(cookie);
7}