/** * Return Http Header Value after suitable validation * * @param headerValue Header Value which should be validated before being set * @return String Header Value sanitized for CRLF attack */ public static String getSafeHeaderValue(String headerValue) throws Exception { headerValue = removeLinearWhiteSpaces(headerValue); if (validateStringforCRLF(headerValue)) { throw new Exception("Header Value invalid characters"); } return headerValue; }
private Cookie getSafeCookie(String name, String value) { Cookie cookie = null; try { String safeName = InputValidationUtil.getSafeHeaderName(name); String safeValue = InputValidationUtil.getSafeCookieHeaderValue(value); cookie = new Cookie(safeName, safeValue); } catch (Exception e) { try { grizzlyResponse.sendError(403, "Forbidden"); } catch (Exception ex) { // just return } } return cookie; }
/** * Set the specified header to the specified value. * * @param name Name of the header to set * @param value Value to be set */ public void setHeader(String name, String value) { if (name == null || name.length() == 0 || value == null) { return; } if (isCommitted()) return; // Ignore any call from an included servlet if (included) return; try { String safeName = InputValidationUtil.getSafeHeaderName(name); String safeValue = InputValidationUtil.getSafeHeaderValue(value); coyoteResponse.setHeader(safeName, safeValue); } catch (Exception e) { try { coyoteResponse.sendError(403, "Forbidden"); } catch (IOException ex) { // just return } } }
/** * Return Http Header Name after suitable validation * * @param headerName Header Name which should be validated before being set * @return String Header Name sanitized for CRLF attack */ public static String getSafeHeaderName(String headerName) throws Exception { headerName = removeLinearWhiteSpaces(headerName); if (validateStringforCRLF(headerName)) { throw new Exception("Header Name invalid characters"); } return headerName; }
/** * Return Http Header Name after suitable validation * * @param headerName Header Name which should be validated before being set * @return String Header Name sanitized for CRLF attack */ public static String getSafeHeaderName(String headerName) throws Exception { headerName = removeLinearWhiteSpaces(headerName); if (validateStringforCRLF(headerName)) { throw new Exception("Header Name invalid characters"); } return headerName; }
/** * Return Cookie Http Header Value after suitable validation * * @param headerValue Header Value which should be validated before being set * @return String Header Value sanitized for CRLF attack */ public static String getSafeCookieHeaderValue(String headerValue) throws Exception { headerValue = removeLinearWhiteSpaces(headerValue); if (validateStringforCRLF(headerValue)) { throw new Exception (" Cookie Header Value has invalid characters"); } return headerValue; } }
/** * Return Http Header Value after suitable validation * * @param headerValue Header Value which should be validated before being set * @return String Header Value sanitized for CRLF attack */ public static String getSafeHeaderValue(String headerValue) throws Exception { headerValue = removeLinearWhiteSpaces(headerValue); if (validateStringforCRLF(headerValue)) { throw new Exception("Header Value invalid characters"); } return headerValue; }
/** * Return Cookie Http Header Value after suitable validation * * @param headerValue Header Value which should be validated before being set * @return String Header Value sanitized for CRLF attack */ public static String getSafeCookieHeaderValue(String headerValue) throws Exception { headerValue = removeLinearWhiteSpaces(headerValue); if (validateStringforCRLF(headerValue)) { throw new Exception (" Cookie Header Value has invalid characters"); } return headerValue; } }
if (InputValidationUtil.validateStringforCRLF(redirectPath)) { response.sendError(403, "Forbidden"); } else { response.sendRedirect(InputValidationUtil.removeLinearWhiteSpaces(redirectPath), false);