ajinabraham.njsscan.header_injection.generic_header_injection

profile photo of ajinabrahamajinabraham
Author
1,129
Download Count*
GPLv3
License

Untrusted user input in response header will result in HTTP Header Injection or Response Splitting Attacks.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: generic_header_injection
    patterns:
      - pattern-either:
          - pattern-inside: function ($REQ, $RES, ...) {...}
          - pattern-inside: function $FUNC($REQ, $RES, ...) {...}
          - pattern-inside: $X = function $FUNC($REQ, $RES, ...) {...}
          - pattern-inside: var $X = function $FUNC($REQ, $RES, ...) {...};
          - pattern-inside: $APP.$METHOD(..., function $FUNC($REQ, $RES, ...) {...})
      - pattern-either:
          - pattern: |
              $INP = $REQ.$QUERY;
              ...
              $RES.set(..., <... $INP ...>, ...)
          - pattern: |
              $INP = $REQ.$QUERY.$VAR;
              ...
              $RES.set(..., <... $INP ...>, ...)
          - pattern: |
              $INP = $REQ.$VAR;
              ...
              $RES.set(..., { $X: <... $INP ...>}, ...)
          - pattern: |
              $INP = $REQ.$QUERY.$FOO;
              ...
              $RES.set(..., { $X: <... $INP ...>}, ...)
          - pattern: |
              $INP = $REQ.$VAR;
              ...
              $RES.writeHead(..., { $X: <... $INP ...> }, ...)
          - pattern: |
              $INP = $REQ.$QUERY.$FOO;
              ...
              $RES.writeHead(..., { $X: <... $INP ...> }, ...)
          - pattern: |
              $RES.set(..., <... $REQ.$QUERY ...>, ...)
          - pattern: |
              $RES.set(..., <... $REQ.$QUERY.$VAR ...>, ...)
          - pattern: |
              $RES.set(..., { $X: <... $REQ.$VAR ...>}, ...)
          - pattern: |
              $RES.set(..., { $X: <... $REQ.$QUERY.$FOO ...>}, ...)
          - pattern: |
              $RES.writeHead(..., { $X: <... $REQ.$VAR ...> }, ...)
          - pattern: |
              $RES.writeHead(..., { $X: <... $REQ.$QUERY.$FOO ...> }, ...)
    message: Untrusted user input in response header will result in HTTP Header
      Injection or Response Splitting Attacks.
    languages:
      - javascript
    severity: ERROR
    metadata:
      owasp-web: a1
      cwe: cwe-644
      license: LGPL-3.0-or-later