RS-A1004 @ e99e7f0 • swarnim-deepsource / dummy-rust-test

Run summary

a year ago

0307230..e99e7f0

27 s

Audit required: Exposure of sensitive headers RS-A1004

Security

Major

1 occurrence in this check

cwe-201 owasp top 10

Exposure of sensitive header: SERVER

demo_format.rs

124fn header() {
125use http::header::{HeaderMap, SERVER, SET_COOKIE};
126let mut h = HeaderMap::new();
127    h.insert(SERVER, 5.into());128    h.insert(SET_COOKIE, 42.into());
129}

Description

Use of headers such as "Server", "X-Powered-By" and "X-AspNet-Version" can leak sensitive information of your application and server. Avoid using these headers if possible.

The following possible response headers should be avoided for security reasons:

Server - Specifies web server version.
X-Powered-By - Indicates that the website is "powered by ASP.NET."
X-AspNet-Version - Specifies the version of ASP.NET used.

Bad practice

use http::header::{HeaderMap, SERVER};

let mut map = HeaderMap::new();
map.insert(SERVER, "Apache/2.4.1 (Unix)".parse().unwrap());

References

CWE-201
Server header
Remove Unwanted HTTP Response Headers