From 4dd41d4ed4b20bd2afd5f5a2f7b66486b10cafcc Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Tue, 23 Apr 2024 11:12:51 +0100 Subject: [PATCH] Rename to response splitting --- python/ql/src/Security/CWE-113/HeaderInjection.ql | 4 ++-- .../src/change-notes/2024-04-08-header-injection-promotion.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/python/ql/src/Security/CWE-113/HeaderInjection.ql b/python/ql/src/Security/CWE-113/HeaderInjection.ql index e6f690754a09e..c21ee549378b4 100644 --- a/python/ql/src/Security/CWE-113/HeaderInjection.ql +++ b/python/ql/src/Security/CWE-113/HeaderInjection.ql @@ -1,12 +1,12 @@ /** - * @name HTTP Header Injection + * @name HTTP Response Splitting * @description Writing user input directly to an HTTP header * makes code vulnerable to attack by header splitting. * @kind path-problem * @problem.severity error * @security-severity 6.1 * @precision high - * @id py/header-injection + * @id py/http-response-splitting * @tags security * external/cwe/cwe-113 * external/cwe/cwe-079 diff --git a/python/ql/src/change-notes/2024-04-08-header-injection-promotion.md b/python/ql/src/change-notes/2024-04-08-header-injection-promotion.md index db71db818150e..4af457239b0c6 100644 --- a/python/ql/src/change-notes/2024-04-08-header-injection-promotion.md +++ b/python/ql/src/change-notes/2024-04-08-header-injection-promotion.md @@ -1,4 +1,4 @@ --- category: newQuery --- -* The `py/header-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of http header injection / response splitting vulnerabilities. \ No newline at end of file +* The `py/header-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack and renamed to `py/http-response-splitting`. This query finds instances of http header injection / response splitting vulnerabilities. \ No newline at end of file