Polish HTTP Response Splitting

Issue gh-3910
2016-09-23 12:49:01 -05:00 · 2016-09-23 12:49:01 -05:00 · 6fb564a629
parent 9ae163e92d
commit 6fb564a629
2 changed files with 10 additions and 10 deletions
--- a/web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java
+++ b/web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java
@ -40,35 +40,35 @@ class FirewalledResponse extends HttpServletResponseWrapper {
 	public void sendRedirect(String location) throws IOException {
 		// TODO: implement pluggable validation, instead of simple blacklisting.
 		// SEC-1790. Prevent redirects containing CRLF
-		validateCRLF(LOCATION_HEADER, location);
+		validateCrlf(LOCATION_HEADER, location);
 		super.sendRedirect(location);
 	}

 	@Override
 	public void setHeader(String name, String value) {
-		validateCRLF(name, value);
+		validateCrlf(name, value);
 		super.setHeader(name, value);
 	}

 	@Override
 	public void addHeader(String name, String value) {
-		validateCRLF(name, value);
+		validateCrlf(name, value);
 		super.addHeader(name, value);
 	}

 	@Override
 	public void addCookie(Cookie cookie) {
 		if(cookie != null) {
-			validateCRLF(SET_COOKIE_HEADER, cookie.getName());
-			validateCRLF(SET_COOKIE_HEADER, cookie.getValue());
-			validateCRLF(SET_COOKIE_HEADER, cookie.getPath());
-			validateCRLF(SET_COOKIE_HEADER, cookie.getDomain());
-			validateCRLF(SET_COOKIE_HEADER, cookie.getComment());
+			validateCrlf(SET_COOKIE_HEADER, cookie.getName());
+			validateCrlf(SET_COOKIE_HEADER, cookie.getValue());
+			validateCrlf(SET_COOKIE_HEADER, cookie.getPath());
+			validateCrlf(SET_COOKIE_HEADER, cookie.getDomain());
+			validateCrlf(SET_COOKIE_HEADER, cookie.getComment());
 		}
 		super.addCookie(cookie);
 	}

-	void validateCRLF(String name, String value) {
+	void validateCrlf(String name, String value) {
 		if (hasCrlf(name) || hasCrlf(value)) {
 			throw new IllegalArgumentException(
 					"Invalid characters (CR/LF) in header " + name);
--- a/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java
+++ b/web/src/test/java/org/springframework/security/web/firewall/FirewalledResponseTests.java
@ -180,7 +180,7 @@ public class FirewalledResponseTests {

 	private void validateLineEnding(String name, String value) {
 		try {
-			fwResponse.validateCRLF(name, value);
+			fwResponse.validateCrlf(name, value);
 			fail("IllegalArgumentException should have thrown");
 		}
 		catch (IllegalArgumentException expected) {