Skip to content

Commit

Permalink
Tweak SECURITY and add a Security policy section to docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@jkbrzt @isidentical
jkbrzt authored and isidentical committed Mar 7, 2022
1 parent 614866e commit 0a87317
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 9 deletions.
18 changes: 11 additions & 7 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,14 @@
# Security Policy
# Security policy

## Reporting a Vulnerability
## Reporting a vulnerability

To report a vulnerability, please send an email to `security@httpie.io` describing the:
When you identify a vulnerability in HTTPie, please report it privately using one of the following channels:

- The description of the vulnerability itself
- A short reproducer to verify it (you can submit a small HTTP server, a shell script, a docker image etc.)
- The severity level classification (`LOW`/`MEDIUM`/`HIGH`/`CRITICAL`)
- If associated with any, the [CWE](https://cwe.mitre.org/) ID.
- Email to [`security@httpie.io`](mailto:security@httpie.io)
- Report on [huntr.dev](https://huntr.dev/)

In addition to the description of the vulnerability, please include also:

- A short reproducer to verify it (it can be a small HTTP server, shell script, docker image, etc.)
- Your deemed severity level of the vulnerability (`LOW`/`MEDIUM`/`HIGH`/`CRITICAL`)
- [CWE](https://cwe.mitre.org/) ID, if available.
8 changes: 6 additions & 2 deletions docs/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2252,7 +2252,7 @@ $ http --session=./session.json pie.dev/headers Cookie:foo=bar
In summary:
- Cookies set via the CLI overwrite cookies of the same name inside session files.
- Cookies set via the CLI overwrite cookies of the same name inside session files.
- Server-sent `Set-Cookie` header cookies overwrite any pre-existing ones with the same name.
Cookie expiration handling:
Expand Down Expand Up @@ -2293,7 +2293,7 @@ Upgraded 'session.json' @ 'pie.dev' to v3.1.0
These flags are available for both `sessions upgrade` and `sessions upgrade-all`:
------------------|------------------------------------------
`--bind-cookies` | Bind all previously [unbound cookies](#host-based-cookie-policy) to the session’s host.
`--bind-cookies` | Bind all previously [unbound cookies](#host-based-cookie-policy) to the session’s host.
## Config
Expand Down Expand Up @@ -2532,6 +2532,10 @@ Helpers to convert from other client tools:
See [CONTRIBUTING](https://github.com/httpie/httpie/blob/master/CONTRIBUTING.md).
### Security policy
See [github.com/httpie/httpie/security/policy](https://github.com/httpie/httpie/security/policy).
### Change log
See [CHANGELOG](https://github.com/httpie/httpie/blob/master/CHANGELOG.md).
Expand Down

0 comments on commit 0a87317

Please sign in to comment.