Open alwaysgoodtime opened 8 months ago
None
)[!TIP] I can email you when I complete this pull request if you set up your email here!
I found the following snippets in your repository. I will now analyze these snippets and come up with a plan.
src/main/java/org/secidea/controller/CRLFInjection.java
✓ https://github.com/alwaysgoodtime/sweep-personal-test/commit/a66981e97f67ee17bf87292d3e7f923080ab1596 Edit
Modify src/main/java/org/secidea/controller/CRLFInjection.java with contents:
• Update the `crlf` method to sanitize user input before setting headers and cookies in the HTTP response.
• Sanitize the input by removing any newline characters that could be used for CRLF injection.
• Ensure that the headers and cookies set in the response are safe and do not contain any user-controlled data.
--- +++ @@ -21,10 +21,13 @@ @RequestMapping("/safecode") @ResponseBody public void crlf(HttpServletRequest request, HttpServletResponse response) { - response.addHeader("test1", request.getParameter("test1")); - response.setHeader("test2", request.getParameter("test2")); - String author = request.getParameter("test3"); - Cookie cookie = new Cookie("test3", author); + String test1 = sanitizeInput(request.getParameter("test1")); + String test2 = sanitizeInput(request.getParameter("test2")); + String test3 = sanitizeInput(request.getParameter("test3")); + response.addHeader("test1", test1); + response.setHeader("test2", test2); + String test3 = sanitizeInput(request.getParameter("test3")); + Cookie cookie = new Cookie("test3", test3); response.addCookie(cookie); } }
src/main/java/org/secidea/controller/CRLFInjection.java
✓ Edit
Check src/main/java/org/secidea/controller/CRLFInjection.java with contents:
Ran GitHub Actions for a66981e97f67ee17bf87292d3e7f923080ab1596:
Working on it...
💡 To recreate the pull request edit the issue title or description. Something wrong? Let us know.
This is an automated message generated by Sweep AI.
Details
请帮我修复crlf问题
Checklist
- [X] Modify `src/main/java/org/secidea/controller/CRLFInjection.java` ✓ https://github.com/alwaysgoodtime/sweep-personal-test/commit/a66981e97f67ee17bf87292d3e7f923080ab1596 [Edit](https://github.com/alwaysgoodtime/sweep-personal-test/edit/sweep/crlf_c80a3/src/main/java/org/secidea/controller/CRLFInjection.java#L22-L27) - [X] Running GitHub Actions for `src/main/java/org/secidea/controller/CRLFInjection.java` ✓ [Edit](https://github.com/alwaysgoodtime/sweep-personal-test/edit/sweep/crlf_c80a3/src/main/java/org/secidea/controller/CRLFInjection.java#L22-L27)