1 <p>This code directly writes an HTTP parameter to an HTTP header, which allows for a HTTP response splitting
2 vulnerability. See <a href="http://en.wikipedia.org/wiki/HTTP_response_splitting">http://en.wikipedia.org/wiki/HTTP_response_splitting</a>
3 for more information.</p>
4 <p>FindBugs looks only for the most blatant, obvious cases of HTTP response splitting.
5 If FindBugs found <em>any</em>, you <em>almost certainly</em> have more
6 vulnerabilities that FindBugs doesn't report. If you are concerned about HTTP response splitting, you should seriously
7 consider using a commercial static analysis or pen-testing tool.
projects / sonarqube.git / blob