Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Polish HTTP Response Splitting

Issue gh-3910
Rob Winch 9 years ago
parent
9ae163e92d
commit
6fb564a629
2 changed files with 10 additions and 10 deletions
Split View Show Diff Stats
  1. 9 9
      web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java
  2. 1 1
      web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java

+ 9 - 9
web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java
View File 

@@ -40,35 +40,35 @@ class FirewalledResponse extends HttpServletResponseWrapper {
 
 	public void sendRedirect(String location) throws IOException {
 
 		// TODO: implement pluggable validation, instead of simple blacklisting.
 
 		// SEC-1790. Prevent redirects containing CRLF
 
-		validateCRLF(LOCATION_HEADER, location);
 
+		validateCrlf(LOCATION_HEADER, location);
 
 		super.sendRedirect(location);
 
 	}
 
 
 	@Override
 
 	public void setHeader(String name, String value) {
 
-		validateCRLF(name, value);
 
+		validateCrlf(name, value);
 
 		super.setHeader(name, value);
 
 	}
 
 
 	@Override
 
 	public void addHeader(String name, String value) {
 
-		validateCRLF(name, value);
 
+		validateCrlf(name, value);
 
 		super.addHeader(name, value);
 
 	}
 
 
 	@Override
 
 	public void addCookie(Cookie cookie) {
 
 		if(cookie != null) {
 
-			validateCRLF(SET_COOKIE_HEADER, cookie.getName());
 
-			validateCRLF(SET_COOKIE_HEADER, cookie.getValue());
 
-			validateCRLF(SET_COOKIE_HEADER, cookie.getPath());
 
-			validateCRLF(SET_COOKIE_HEADER, cookie.getDomain());
 
-			validateCRLF(SET_COOKIE_HEADER, cookie.getComment());
 
+			validateCrlf(SET_COOKIE_HEADER, cookie.getName());
 
+			validateCrlf(SET_COOKIE_HEADER, cookie.getValue());
 
+			validateCrlf(SET_COOKIE_HEADER, cookie.getPath());
 
+			validateCrlf(SET_COOKIE_HEADER, cookie.getDomain());
 
+			validateCrlf(SET_COOKIE_HEADER, cookie.getComment());
 
 		}
 
 		super.addCookie(cookie);
 
 	}
 
 
-	void validateCRLF(String name, String value) {
 
+	void validateCrlf(String name, String value) {
 
 		if (hasCrlf(name) || hasCrlf(value)) {
 
 			throw new IllegalArgumentException(
 
 					"Invalid characters (CR/LF) in header " + name);

+ 1 - 1
web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java
View File 

@@ -180,7 +180,7 @@ public class FirewalledResponseTests {
 
 
 	private void validateLineEnding(String name, String value) {
 
 		try {
 
-			fwResponse.validateCRLF(name, value);
 
+			fwResponse.validateCrlf(name, value);
 
 			fail("IllegalArgumentException should have thrown");
 
 		}
 
 		catch (IllegalArgumentException expected) {