retiolus@lemmy.cat to Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ@lemmy.dbzer0.comEnglish · 1 year agoNaming Torrentsfiles.catbox.moeimagemessage-square110linkfedilinkarrow-up1594arrow-down126
arrow-up1568arrow-down1imageNaming Torrentsfiles.catbox.moeretiolus@lemmy.cat to Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ@lemmy.dbzer0.comEnglish · 1 year agomessage-square110linkfedilink
minus-squareWarmApplePieShrek@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up2arrow-down1·1 year agoThe filter you’re using to avoid multiple encoding attacks creates multiple encoding attacks.
minus-squareAlien Nathan Edward@lemm.eelinkfedilinkEnglisharrow-up2arrow-down1·edit-21 year agoYou should tell that to OWASP then, they wrote it. org.owasp.esapi 2.5.2.0, class is Encoder, method is canonicalize(String, bool, bool)
minus-squareWarmApplePieShrek@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up2·1 year agoThis method is a band-aid patch when your downstream code is all messed up and you can’t fix it. Instead of treating the input string correctly, it just removes anything that might possibly trigger some vulnerability in wrong code.
The filter you’re using to avoid multiple encoding attacks creates multiple encoding attacks.
You should tell that to OWASP then, they wrote it. org.owasp.esapi 2.5.2.0, class is Encoder, method is canonicalize(String, bool, bool)
This method is a band-aid patch when your downstream code is all messed up and you can’t fix it. Instead of treating the input string correctly, it just removes anything that might possibly trigger some vulnerability in wrong code.