diff --git a/pom.xml b/pom.xml
index 9b83a72..dd4d3a4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,7 +12,8 @@
UTF-8
https://sonarcloud.io
pixee
-
+ 1.2.1
+
@@ -31,7 +32,7 @@
io.github.pixee
java-security-toolkit
- 1.2.0
+ ${versions.java-security-toolkit}
diff --git a/src/main/java/com/acme/headerinjection/HeaderInjectionVuln.java b/src/main/java/com/acme/headerinjection/HeaderInjectionVuln.java
index 8a9df00..301cc85 100644
--- a/src/main/java/com/acme/headerinjection/HeaderInjectionVuln.java
+++ b/src/main/java/com/acme/headerinjection/HeaderInjectionVuln.java
@@ -1,5 +1,6 @@
package com.acme.headerinjection;
+import io.github.pixee.security.Newlines;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.QueryParam;
@@ -11,7 +12,7 @@ public class HeaderInjectionVuln {
@GET
public String lookupResource(HttpServletResponse response, @QueryParam("q") final String q) {
- response.setHeader("X-Last-Search", q);
+ response.setHeader("X-Last-Search", Newlines.stripAll(q));
return "ok";
}
}
diff --git a/src/main/java/com/acme/headerinjection/HeaderInjectionVulnFixed.java b/src/main/java/com/acme/headerinjection/HeaderInjectionVulnFixed.java
index aae054a..e3975e3 100644
--- a/src/main/java/com/acme/headerinjection/HeaderInjectionVulnFixed.java
+++ b/src/main/java/com/acme/headerinjection/HeaderInjectionVulnFixed.java
@@ -1,5 +1,6 @@
package com.acme.headerinjection;
+import io.github.pixee.security.Newlines;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.QueryParam;
@@ -11,7 +12,7 @@ public class HeaderInjectionVulnFixed {
@GET
public String lookupResource(HttpServletResponse response, @QueryParam("q") final String q) {
- response.setHeader("X-Last-Search", stripNewlines(q));
+ response.setHeader("X-Last-Search", Newlines.stripAll(stripNewlines(q)));
return "ok";
}