Skip to main content

Veracode CRLF Error

CRLF Injection (1 flaw) 
Description
The acronym CRLF stands for "Carriage Return. Line Feed" and refers to the sequence of characters used to denote the end
of a line of text. CRLF injection vulnerabilities occur when data enters an application from an untrusted source and is not
properly validated before being used. For example. if an attacker is able to inject a CRLF into a log file, he could append
falsified log entries, thereby misleading administrators or cover traces of the attack. if an atlacker is able to inject CRLFS Into
an HTTP response header, he can use this ability to catry out other atlacks such as cache poisoning CRLF vulnerabilities
primarily affect dala integrity.

Recommendations
Apply robust inpul filtering for all user-supplied dala using.cehtralized.data valdation.routines when possible. Use output
fillers to sanitize ail output denved from user supplled inpat. replacing non alchanumenc. characters with their HTML entity
equivalents.
Associated Flaws by CWE ID.
Improper Output Neutralization for Logs (CWE ID 117)(1 flaw)
Description

Solution :

Log. info(ESAPI.encoder(). encodeForHTML(message)). 



Comments

Popular posts from this blog

Angular cli ng command is not working

Problem : angular cli command  ng is not working

C:\Windows\System32>ng
'ng' is not recognized as an internal or external command,
operable program or batch file.

Solution :

update .npmrc file at C:\Users\{USERNAME}
with the below line

prefix=${APPDATA}\npm

warning: LF will be replaced by CRLF in

Problem :

The file will have its original line endings in your working directory







Solution:

step1) open .gitconfig file

step2) paste the below code


[core]
autocrlf = false
[filter "lfs"]
required = true
clean = git-lfs clean -- %f
smudge = git-lfs smudge -- %f
process = git-lfs filter-process


Download file with extension for internet explorer and chrome using javascript

SOLVED Problem Statement :
Internet explorer download file does not shows file extension

Solution : java script code that append file type extension

function save() { var fileUrl = "${fileUrl}"; var fileName = "${fileName}"; var mimeType = "${mimeType}"; var ie = navigator.userAgent.match(/MSIE\s([\d.]+)/), ie11 = navigator.userAgent .match(/Trident\/7.0/) && navigator.userAgent.match(/rv:11/), ieEDGE = navigator.userAgent .match(/Edge/g), ieVer = (ie ? ie[1] : (ie11 ? 11 : (ieEDGE ? 12 : -1))); if (ie && ieVer < 10) { console.log("No blobs on IE ver<10"); return; } if (ieVer > -1) { console.log(" blobs on IE ver>10"); //window.open(fileUrl,"_self");        var xhr = new XMLHttpRequest(); xhr.open('GET', fileUrl, true); xhr.responseType = 'blob'; xhr.onload = function(e) { if (this.status == 200) { var myBlob = this.response; downloadFileForIE(myBlob, fileName, mimeType); } }; xh…