retiolus to Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ@lemmy.dbzer0.comEnglish • 7 months agoNaming Torrentsfiles.catbox.moeimagemessage-square108fedilinkarrow-up1591arrow-down126
arrow-up1565arrow-down1imageNaming Torrentsfiles.catbox.moeretiolus to Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ@lemmy.dbzer0.comEnglish • 7 months agomessage-square108fedilink
minus-square@[email protected]linkfedilinkEnglish1•7 months agoThe filter you’re using to avoid multiple encoding attacks creates multiple encoding attacks.
minus-squareAlien Nathan EdwardlinkfedilinkEnglish1•edit-27 months agoYou should tell that to OWASP then, they wrote it. org.owasp.esapi 2.5.2.0, class is Encoder, method is canonicalize(String, bool, bool)
minus-square@[email protected]linkfedilinkEnglish2•7 months agoThis method is a band-aid patch when your downstream code is all messed up and you can’t fix it. Instead of treating the input string correctly, it just removes anything that might possibly trigger some vulnerability in wrong code.
The filter you’re using to avoid multiple encoding attacks creates multiple encoding attacks.
You should tell that to OWASP then, they wrote it. org.owasp.esapi 2.5.2.0, class is Encoder, method is canonicalize(String, bool, bool)
This method is a band-aid patch when your downstream code is all messed up and you can’t fix it. Instead of treating the input string correctly, it just removes anything that might possibly trigger some vulnerability in wrong code.