github
/
gixy
mirror of https://github.com/yandex/gixy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[http_splitting] Better reason message

pull/69/head
Andrew Krasichkov 2017-10-10 15:12:16 +03:00
parent ddd232a6b1
commit 05d4915901
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
gixy/plugins/http_splitting.py
View File

@ -19,7 +19,7 @@ class http_splitting(Plugin):
summary = 'Possible HTTP-Splitting vulnerability.' summary = 'Possible HTTP-Splitting vulnerability.'
severity = gixy.severity.HIGH severity = gixy.severity.HIGH
description = 'Using variables that can contain "\\n" may lead to http injection.' description = 'Using variables that can contain "\\n" or "\\r" may lead to http injection.'
help_url = 'https://github.com/yandex/gixy/blob/master/docs/en/plugins/httpsplitting.md' help_url = 'https://github.com/yandex/gixy/blob/master/docs/en/plugins/httpsplitting.md'
directives = ['rewrite', 'return', 'add_header', 'proxy_set_header', 'proxy_pass'] directives = ['rewrite', 'return', 'add_header', 'proxy_set_header', 'proxy_pass']
@ -29,9 +29,14 @@ class http_splitting(Plugin):
return return
for var in compile_script(value): for var in compile_script(value):
if not var.can_contain('\n') and not var.can_contain('\r'): char = ''
if var.can_contain('\n'):
char = '\\n'
elif var.can_contain('\r'):
char = '\\r'
else:
continue continue
reason = 'At least variable "${var}" can contain "\\n"'.format(var=var.name) reason = 'At least variable "${var}" can contain "{char}"'.format(var=var.name, char=char)
self.add_issue(directive=[directive] + var.providers, reason=reason) self.add_issue(directive=[directive] + var.providers, reason=reason)