Mirrors/Stirling-PDF
Mirrors/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2025-09-08 17:51:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Introduced protections against HTTP header injection / smuggling attacks

Browse Source
This commit is contained in:
pixeebot[bot] 2025-06-17 17:46:49 +00:00 committed by GitHub
parent 911c894023
commit 1ad5e9915f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
proprietary/src/main/java/stirling/software/proprietary/web/CorrelationIdFilter.java
View File

@ -1,5 +1,6 @@
package stirling.software.proprietary.web;
import io.github.pixee.security.Newlines;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
@ -36,11 +37,11 @@ public class CorrelationIdFilter extends OncePerRequestFilter {
}
req.setAttribute(MDC_KEY, id);
MDC.put(MDC_KEY, id);
res.setHeader(HEADER, id);
res.setHeader(HEADER, Newlines.stripAll(id));
chain.doFilter(req, res);
} finally {
MDC.remove(MDC_KEY);
}
}
}
}