hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rename to response splitting

Browse Source
This commit is contained in:
Joe Farebrother
2024-04-23 11:12:51 +01:00
parent 49e5f8a1a5
commit 1dce2eb325
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/src/Security/CWE-113/HeaderInjection.ql
View File

@@ -1,12 +1,12 @@
/**
* @name HTTP Header Injection
* @name HTTP Response Splitting
* @description Writing user input directly to an HTTP header
* makes code vulnerable to attack by header splitting.
* @kind path-problem
* @problem.severity error
* @security-severity 6.1
* @precision high
* @id py/header-injection
* @id py/http-response-splitting
* @tags security
* external/cwe/cwe-113
* external/cwe/cwe-079

2
python/ql/src/change-notes/2024-04-08-header-injection-promotion.md
View File

@@ -1,4 +1,4 @@
---
category: newQuery
---
* The `py/header-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of http header injection / response splitting vulnerabilities.
* The `py/header-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack and renamed to `py/http-response-splitting`. This query finds instances of http header injection / response splitting vulnerabilities.