From 0a873172c95404b43387c1a4302eecc1cdb8379e Mon Sep 17 00:00:00 2001 From: Jakub Roztocil Date: Mon, 7 Mar 2022 20:55:51 +0100 Subject: [PATCH] Tweak SECURITY and add a Security policy section to docs --- SECURITY.md | 18 +++++++++++------- docs/README.md | 8 ++++++-- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index b10980cb..6d1b95da 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,10 +1,14 @@ -# Security Policy +# Security policy -## Reporting a Vulnerability +## Reporting a vulnerability -To report a vulnerability, please send an email to `security@httpie.io` describing the: +When you identify a vulnerability in HTTPie, please report it privately using one of the following channels: -- The description of the vulnerability itself -- A short reproducer to verify it (you can submit a small HTTP server, a shell script, a docker image etc.) -- The severity level classification (`LOW`/`MEDIUM`/`HIGH`/`CRITICAL`) -- If associated with any, the [CWE](https://cwe.mitre.org/) ID. +- Email to [`security@httpie.io`](mailto:security@httpie.io) +- Report on [huntr.dev](https://huntr.dev/) + +In addition to the description of the vulnerability, please include also: + +- A short reproducer to verify it (it can be a small HTTP server, shell script, docker image, etc.) +- Your deemed severity level of the vulnerability (`LOW`/`MEDIUM`/`HIGH`/`CRITICAL`) +- [CWE](https://cwe.mitre.org/) ID, if available. diff --git a/docs/README.md b/docs/README.md index 50912955..836c478d 100644 --- a/docs/README.md +++ b/docs/README.md @@ -2252,7 +2252,7 @@ $ http --session=./session.json pie.dev/headers Cookie:foo=bar In summary: -- Cookies set via the CLI overwrite cookies of the same name inside session files. +- Cookies set via the CLI overwrite cookies of the same name inside session files. - Server-sent `Set-Cookie` header cookies overwrite any pre-existing ones with the same name. Cookie expiration handling: @@ -2293,7 +2293,7 @@ Upgraded 'session.json' @ 'pie.dev' to v3.1.0 These flags are available for both `sessions upgrade` and `sessions upgrade-all`: ------------------|------------------------------------------ -`--bind-cookies` | Bind all previously [unbound cookies](#host-based-cookie-policy) to the session’s host. +`--bind-cookies` | Bind all previously [unbound cookies](#host-based-cookie-policy) to the session’s host. ## Config @@ -2532,6 +2532,10 @@ Helpers to convert from other client tools: See [CONTRIBUTING](https://github.com/httpie/httpie/blob/master/CONTRIBUTING.md). +### Security policy + +See [github.com/httpie/httpie/security/policy](https://github.com/httpie/httpie/security/policy). + ### Change log See [CHANGELOG](https://github.com/httpie/httpie/blob/master/CHANGELOG.md).