retiolus@lemmy.cat to Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ@lemmy.dbzer0.comEnglish · 2 years agoNaming Torrentsfiles.catbox.moeimagemessage-square109linkfedilinkarrow-up1594arrow-down126
arrow-up1568arrow-down1imageNaming Torrentsfiles.catbox.moeretiolus@lemmy.cat to Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ@lemmy.dbzer0.comEnglish · 2 years agomessage-square109linkfedilink
minus-squareWarmApplePieShrek@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up2arrow-down1·2 years agoThe filter you’re using to avoid multiple encoding attacks creates multiple encoding attacks.
minus-squareAlien Nathan Edward@lemm.eelinkfedilinkEnglisharrow-up2arrow-down1·edit-22 years agoYou should tell that to OWASP then, they wrote it. org.owasp.esapi 2.5.2.0, class is Encoder, method is canonicalize(String, bool, bool)
minus-squareWarmApplePieShrek@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up2·2 years agoThis method is a band-aid patch when your downstream code is all messed up and you can’t fix it. Instead of treating the input string correctly, it just removes anything that might possibly trigger some vulnerability in wrong code.
The filter you’re using to avoid multiple encoding attacks creates multiple encoding attacks.
You should tell that to OWASP then, they wrote it. org.owasp.esapi 2.5.2.0, class is Encoder, method is canonicalize(String, bool, bool)
This method is a band-aid patch when your downstream code is all messed up and you can’t fix it. Instead of treating the input string correctly, it just removes anything that might possibly trigger some vulnerability in wrong code.