V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
addsrc
V2EX  ›  问与答

findbugs 找出来的 bug,网上找不到解决办法,求大佬看看

  •  
  •   addsrc · 2018-10-31 16:49:12 +08:00 · 1788 次点击
    这是一个创建于 2250 天前的主题,其中的信息可能已经有所发展或是发生改变。

    RT.
    此代码使用不受信任的 HTTP 参数构造一个 HTTP Cookie

    HTTP cookie formed from untrusted input
    This code constructs an HTTP Cookie using an untrusted HTTP parameter. If this cookie is added to an HTTP response, it will allow a HTTP response splitting vulnerability. See http://en.wikipedia.org/wiki/HTTP_response_splitting for more information. FindBugs looks only for the most blatant, obvious cases of HTTP response splitting. If FindBugs found any, you almost certainly have more vulnerabilities that FindBugs doesn't report. If you are concerned about HTTP response splitting, you should seriously consider using a commercial static analysis or pen-testing tool. Bug kind and pattern: HRS - HRS_REQUEST_PARAMETER_TO_COOKIE

    iRzDK0.md.png

    2 条回复    2018-10-31 17:36:52 +08:00
    whileFalse
        1
    whileFalse  
       2018-10-31 17:08:14 +08:00
    addsrc
        2
    addsrc  
    OP
       2018-10-31 17:36:52 +08:00
    @whileFalse 这个网址打开是乱码呢?
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2760 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 24ms · UTC 12:48 · PVG 20:48 · LAX 04:48 · JFK 07:48
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.