Skip to content

feat: prevent V1 cookie format use #4006

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Feb 21, 2025
Merged

feat: prevent V1 cookie format use #4006

merged 6 commits into from
Feb 21, 2025

Conversation

fzipi
Copy link
Member

@fzipi fzipi commented Feb 19, 2025

what

  • prevent using cookie V1 protocol

why

  • preventing cookie sandwich attacks

@fzipi fzipi requested a review from a team February 19, 2025 18:13
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 19, 2025
edited
Loading

📊 Quantitative test results for language: eng, year: 2023, size: 10K, paranoia level: 1:
🚀 Quantitative testing did not detect new false positives

@fzipi
feat: add old V1 detection to prevent cookie sandwich
f4972ad 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
@fzipi fzipi force-pushed the feat/cookie-sandwich branch from 52a2dca to f4972ad Compare February 19, 2025 18:15
theseion
theseion requested changes Feb 19, 2025
View reviewed changes
@fzipi
fix: update based on code review
e0822d7 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
@fzipi fzipi force-pushed the feat/cookie-sandwich branch from aae3aed to e0822d7 Compare February 20, 2025 14:04
@fzipi fzipi changed the title feat: add old V1 detection to prevent cookie sandwich feat: prevent V1 cookie format use Feb 20, 2025
airween
airween requested changes Feb 21, 2025
View reviewed changes
fzipi
fzipi commented Feb 21, 2025
View reviewed changes
airween
airween requested changes Feb 21, 2025
View reviewed changes
@fzipi @airween
Update rules/REQUEST-921-PROTOCOL-ATTACK.conf
3661cdb 
Co-authored-by: Ervin Hegedus <airween@gmail.com>
fzipi
fzipi commented Feb 21, 2025
View reviewed changes
@fzipi fzipi requested review from theseion and airween February 21, 2025 15:46
airween
airween approved these changes Feb 21, 2025
View reviewed changes
Copy link
Contributor

@airween airween left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fzipi fzipi added this pull request to the merge queue Feb 21, 2025
Merged via the queue into main with commit 954fb83 Feb 21, 2025
6 checks passed
@fzipi fzipi deleted the feat/cookie-sandwich branch February 21, 2025 18:53
@fzipi fzipi added the release:new-feature This PR introduces a new feature label Feb 21, 2025
@fzipi fzipi mentioned this pull request Mar 3, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@airween airween airween approved these changes

@theseion theseion theseion approved these changes

Assignees
No one assigned
Labels
release:new-feature This PR introduces a new feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fzipi @airween @theseion