ajinabraham.njsscan.headers.header_injection.generic_header_injection
ajinabrahamAuthor
unknown
Download Count*
License
Untrusted user input in response header will result in HTTP Header Injection or Response Splitting Attacks.
Run Locally
Run in CI
Defintion
rules:
- id: generic_header_injection
patterns:
- pattern-either:
- pattern-inside: function ($REQ, $RES, ...) {...}
- pattern-inside: function $FUNC($REQ, $RES, ...) {...}
- pattern-inside: $X = function $FUNC($REQ, $RES, ...) {...}
- pattern-inside: var $X = function $FUNC($REQ, $RES, ...) {...};
- pattern-inside: $APP.$METHOD(..., function $FUNC($REQ, $RES, ...) {...})
- pattern-either:
- pattern: |
$INP = $REQ.$QUERY;
...
$RES.set(..., <... $INP ...>, ...)
- pattern: |
$INP = $REQ.$QUERY.$VAR;
...
$RES.set(..., <... $INP ...>, ...)
- pattern: |
$INP = $REQ.$VAR;
...
$RES.set(..., { $X: <... $INP ...>}, ...)
- pattern: |
$INP = $REQ.$QUERY.$FOO;
...
$RES.set(..., { $X: <... $INP ...>}, ...)
- pattern: |
$INP = $REQ.$VAR;
...
$RES.writeHead(..., { $X: <... $INP ...> }, ...)
- pattern: |
$INP = $REQ.$QUERY.$FOO;
...
$RES.writeHead(..., { $X: <... $INP ...> }, ...)
- pattern: |
$RES.set(..., <... $REQ.$QUERY ...>, ...)
- pattern: |
$RES.set(..., <... $REQ.$QUERY.$VAR ...>, ...)
- pattern: |
$RES.set(..., { $X: <... $REQ.$VAR ...>}, ...)
- pattern: |
$RES.set(..., { $X: <... $REQ.$QUERY.$FOO ...>}, ...)
- pattern: |
$RES.writeHead(..., { $X: <... $REQ.$VAR ...> }, ...)
- pattern: |
$RES.writeHead(..., { $X: <... $REQ.$QUERY.$FOO ...> }, ...)
message: Untrusted user input in response header will result in HTTP Header
Injection or Response Splitting Attacks.
languages:
- javascript
severity: ERROR
metadata:
owasp-web: a1
cwe: cwe-644
license: LGPL-3.0-or-later
vulnerability_class:
- Other
Short Link: https://sg.run/Oj6n