manikandan.kannan at gmail.com
Wed Sep 2 00:31:31 EDT 2009
I would suggest the following improvement points
1. MutableHTTPRequest is not adhering to the HTTPRequest specification.
Basically it does not support multi-valued parameter. Also as per the spec,
getParameter method should return null, if the name does not exist for a
single valued parameter or multivalued parameter. For multi-valued
parameter, if the name exists, then it should return the first value. As
this request goes down the chain, this would lead to issues otherwise. This
would require change in the Encode.java as well.
2. In the Stinger.java, the method checkMalformed...() has the violation
object created. While creating the violation, missing category is used
instead of malformed category.
Let me know your thoughts.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-stinger