RT.
此代码使用不受信任的 HTTP 参数构造一个 HTTP Cookie
HTTP cookie formed from untrusted input
This code constructs an HTTP Cookie using an untrusted HTTP parameter. If this cookie is added to an HTTP response, it will allow a HTTP response splitting vulnerability. See http://en.wikipedia.org/wiki/HTTP_response_splitting for more information. FindBugs looks only for the most blatant, obvious cases of HTTP response splitting. If FindBugs found any, you almost certainly have more vulnerabilities that FindBugs doesn't report. If you are concerned about HTTP response splitting, you should seriously consider using a commercial static analysis or pen-testing tool. Bug kind and pattern: HRS - HRS_REQUEST_PARAMETER_TO_COOKIE
Select Language