Open KilledKenny opened 2 years ago
this fix is almost identical to #1555. The functional difference is that my fix ignores the header when its invalid while movitz-s fix will return nil if the header is invalid.
This looks good to me - @brendensoares thoughts?
I appreciate the unit tests you included, but could you also provide steps to reproduce the vulnerability so we can verify this correctly addresses it?
Thank you for contributing to Revel and OSS!
Added new code review comments.
Also, I got your proof of concept code to test for this vulnerability in gitter. Thank you.
Verify that the method in X-HTTP-Method-Override is a valid method before use using it. Validation is performed using the same logic as net/http dose. This prevents a routing confusion vulnerability that allowed an attacker to control the entire internal revel routing path (used to find a controller) via the override header. This issue can be problematic in instances where authentication is based on the path for example in a revel.Filter or if the revel app is behind a reverse proxy.