retiolus to Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ@lemmy.dbzer0.comEnglish • 2 years agoNaming Torrentsfiles.catbox.moeimagemessage-square104fedilinkarrow-up1592
arrow-up1592imageNaming Torrentsfiles.catbox.moeretiolus to Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ@lemmy.dbzer0.comEnglish • 2 years agomessage-square104fedilink
minus-square@[email protected]linkfedilinkEnglish2•2 years agoThe filter you’re using to avoid multiple encoding attacks creates multiple encoding attacks.
minus-squareAlien Nathan EdwardlinkfedilinkEnglish2•edit-22 years agoYou should tell that to OWASP then, they wrote it. org.owasp.esapi 2.5.2.0, class is Encoder, method is canonicalize(String, bool, bool)
minus-square@[email protected]linkfedilinkEnglish2•2 years agoThis method is a band-aid patch when your downstream code is all messed up and you can’t fix it. Instead of treating the input string correctly, it just removes anything that might possibly trigger some vulnerability in wrong code.
The filter you’re using to avoid multiple encoding attacks creates multiple encoding attacks.
You should tell that to OWASP then, they wrote it. org.owasp.esapi 2.5.2.0, class is Encoder, method is canonicalize(String, bool, bool)
This method is a band-aid patch when your downstream code is all messed up and you can’t fix it. Instead of treating the input string correctly, it just removes anything that might possibly trigger some vulnerability in wrong code.