forked from extern/httpie-cli
Tweak SECURITY and add a Security policy section to docs
This commit is contained in:
parent
614866eeb2
commit
0a873172c9
18
SECURITY.md
18
SECURITY.md
@ -1,10 +1,14 @@
|
||||
# Security Policy
|
||||
# Security policy
|
||||
|
||||
## Reporting a Vulnerability
|
||||
## Reporting a vulnerability
|
||||
|
||||
To report a vulnerability, please send an email to `security@httpie.io` describing the:
|
||||
When you identify a vulnerability in HTTPie, please report it privately using one of the following channels:
|
||||
|
||||
- The description of the vulnerability itself
|
||||
- A short reproducer to verify it (you can submit a small HTTP server, a shell script, a docker image etc.)
|
||||
- The severity level classification (`LOW`/`MEDIUM`/`HIGH`/`CRITICAL`)
|
||||
- If associated with any, the [CWE](https://cwe.mitre.org/) ID.
|
||||
- Email to [`security@httpie.io`](mailto:security@httpie.io)
|
||||
- Report on [huntr.dev](https://huntr.dev/)
|
||||
|
||||
In addition to the description of the vulnerability, please include also:
|
||||
|
||||
- A short reproducer to verify it (it can be a small HTTP server, shell script, docker image, etc.)
|
||||
- Your deemed severity level of the vulnerability (`LOW`/`MEDIUM`/`HIGH`/`CRITICAL`)
|
||||
- [CWE](https://cwe.mitre.org/) ID, if available.
|
||||
|
@ -2252,7 +2252,7 @@ $ http --session=./session.json pie.dev/headers Cookie:foo=bar
|
||||
|
||||
In summary:
|
||||
|
||||
- Cookies set via the CLI overwrite cookies of the same name inside session files.
|
||||
- Cookies set via the CLI overwrite cookies of the same name inside session files.
|
||||
- Server-sent `Set-Cookie` header cookies overwrite any pre-existing ones with the same name.
|
||||
|
||||
Cookie expiration handling:
|
||||
@ -2293,7 +2293,7 @@ Upgraded 'session.json' @ 'pie.dev' to v3.1.0
|
||||
These flags are available for both `sessions upgrade` and `sessions upgrade-all`:
|
||||
|
||||
------------------|------------------------------------------
|
||||
`--bind-cookies` | Bind all previously [unbound cookies](#host-based-cookie-policy) to the session’s host.
|
||||
`--bind-cookies` | Bind all previously [unbound cookies](#host-based-cookie-policy) to the session’s host.
|
||||
|
||||
## Config
|
||||
|
||||
@ -2532,6 +2532,10 @@ Helpers to convert from other client tools:
|
||||
|
||||
See [CONTRIBUTING](https://github.com/httpie/httpie/blob/master/CONTRIBUTING.md).
|
||||
|
||||
### Security policy
|
||||
|
||||
See [github.com/httpie/httpie/security/policy](https://github.com/httpie/httpie/security/policy).
|
||||
|
||||
### Change log
|
||||
|
||||
See [CHANGELOG](https://github.com/httpie/httpie/blob/master/CHANGELOG.md).
|
||||
|
Loading…
Reference in New Issue
Block a user