Header操作:Cookies

Cookies型HTTP头部操作，HTTP报头中存在用户输入的字符串，造成HTTP响应截断等攻击。
<b>修复建议</b>
1、在操作HTTP报头的Cookie时，所有写入该区域的值必须去除\r和\n字符（%0d%0a、%0D%0A）。
2、创建一份安全字符白名单或正则表达式，只接受完全由这些受认可的字符组成的输入出现在HTTP响应头文件中，例如HTTP头部只允许传入字母和数字。
<b>修复示例</b>
如：
<pre>
	public void risk(HttpServletRequest request, HttpServletResponse response,
org.apache.log4j.Logger logger) {
		try {
			String author = request.getParameter(AUTHOR_PARAM);
			Cookie cookie = new Cookie("author", author);
			cookie.setMaxAge(cookieExpiration);
			response.addCookie(cookie);
			...
		} catch (SQLException e) {
			logger.warn(“Exception”, e);
		}
	}
</pre>
修复为：
<pre>
	public void fix(HttpServletRequest request, HttpServletResponse response,
org.apache.log4j.Logger logger) {
		try {
			String author = request.getParameter(AUTHOR_PARAM);
			author = author.replace("\r", "");
			author = author.replace("\n", "");
			String author = request.getParameter(AUTHOR_PARAM);
			Cookie cookie = new Cookie("author", author);
			cookie.setMaxAge(cookieExpiration);
			response.addCookie(cookie);
			...
		} catch (SQLException e) {
			logger.warn(“Exception”, e);
		}
	}
</pre>
或：
<pre>
	public void fix(HttpServletRequest request, HttpServletResponse response,
org.apache.log4j.Logger logger) {
		try {
			String author = request.getParameter(AUTHOR_PARAM);
			Cookie cookie = new Cookie("author", author);
			cookie.setMaxAge(cookieExpiration);
			if (Pattern.matches("[0-9A-Za-z]+", author)) {
				response.addCookie(cookie);
			}
		} catch (SQLException e) {
			logger.warn(“Exception”, e);
		}
	}
</pre>