Possible CLRF injection detected

• Rule ID: python_django_crlf_injection
• Languages: python
• Source: crlf_injection.yml

Description

CRLF (Carriage Return Line Feed) injection vulnerability occurs when an attacker is able to insert a sequence of line termination characters into a log message or a file. This can lead to forged log entries, compromising the integrity of log files, or worse, a denial-of-service (DoS) if an attacker abuses the vulnerability by using up all available disk space.

Remediations

• Do strip any carriage return and line feed characters from user input data before logging it or writing to a file. This prevents attackers from injecting malicious CRLF sequences.

  response.write(user_input.replaceAll("[\r\n]+", ""));

References

• OWASP CRLF Injection

Associated CWE

• CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')

OWASP Top 10

• A03:2021 - Injection

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=python_django_crlf_injection

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=python_django_crlf_injection