Rename to response splitting

github · Apr 23, 2024 · 4dd41d4 · 4dd41d4
1 parent 8635972
commit 4dd41d4
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/python/ql/src/Security/CWE-113/HeaderInjection.ql b/python/ql/src/Security/CWE-113/HeaderInjection.ql
@@ -1,12 +1,12 @@
 /**
- * @name HTTP Header Injection
+ * @name HTTP Response Splitting
  * @description Writing user input directly to an HTTP header
  *              makes code vulnerable to attack by header splitting.
  * @kind path-problem
  * @problem.severity error
  * @security-severity 6.1
  * @precision high
- * @id py/header-injection
+ * @id py/http-response-splitting
  * @tags security
  *       external/cwe/cwe-113
  *       external/cwe/cwe-079

diff --git a/python/ql/src/change-notes/2024-04-08-header-injection-promotion.md b/python/ql/src/change-notes/2024-04-08-header-injection-promotion.md
@@ -1,4 +1,4 @@
 ---
 category: newQuery
 ---
-* The `py/header-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of http header injection / response splitting vulnerabilities.
+* The `py/header-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack and renamed to `py/http-response-splitting`. This query finds instances of http header injection / response splitting vulnerabilities.