CRLFInjection

Author: JoyChou93

README.md

@@ -6,3 +6,4 @@
 - [URLRedirect](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/URLRedirect.java)
 - [IPForge](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/IPForge.java)
 - [XSS](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/XSS.java)
+- [CRLFInjection](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/CRLFInjection.java)

src/main/java/org/joychou/controller/CRLFInjection.java

@@ -0,0 +1,30 @@
+package org.joychou.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * author: JoyChou ([email protected])
+ * date:   2018.01.03
+ * desc:   Java no http response splitting vuls
+ */
+
+@Controller
+@RequestMapping("/crlf")
+public class CRLFInjection {
+
+    @RequestMapping("/safecode")
+    @ResponseBody
+    private static void crlf(HttpServletRequest request, HttpServletResponse response) {
+        response.addHeader("test1", request.getParameter("test1"));
+        response.setHeader("test2", request.getParameter("test2"));
+        String author = request.getParameter("test3");
+        Cookie cookie = new Cookie("test3", author);
+        response.addCookie(cookie);
+    }
+}