This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

AppSensor DetectionPoint CIE4

Revision as of 19:16, 4 June 2010 by John Melton (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Here is some sample code that can be used to detect CIE4. If you know that a CR/LF is never acceptable in your app, you could put this in a filter, and call it for all incoming data (request headers, cookie data, request parameters, etc)

String myInputParameter = ...;

//the execution of this line will create an exception if an attack is found 
boolean isParamSafe = AttackDetectorUtils.verifyCarriageReturnOrLineFeedDoesNotExist(myInputParameter); 
if (! isParamSafe) {
    notify user ... ???