def _report_vuln(self, mutant, response, mod_value):
"""
Create a Vuln object and store it in the KB.
:return: None
"""
csp_protects = site_protected_against_xss_by_csp(response)
vuln_severity = severity.LOW if csp_protects else severity.MEDIUM
desc = 'A Cross Site Scripting vulnerability was found at: %s'
desc %= mutant.found_at()
if csp_protects:
desc += ('The risk associated with this vulnerability was lowered'
' because the site correctly implements CSP. The'
' vulnerability is still a risk for the application since'
' only the latest versions of some browsers implement CSP'
' checking.')
v = Vuln.from_mutant('Cross site scripting vulnerability', desc,
vuln_severity, response.id, self.get_name(),
mutant)
v.add_to_highlight(mod_value)
self.kb_append_uniq(self, 'xss', v)
def _report_vuln(self, mutant, response, mod_value):
"""
Create a Vuln object and store it in the KB.
:return: None
"""
csp_protects = site_protected_against_xss_by_csp(response)
vuln_severity = severity.LOW if csp_protects else severity.MEDIUM
desc = 'A Cross Site Scripting vulnerability was found at: %s'
desc = desc % mutant.found_at()
if csp_protects:
desc += 'The risk associated with this vulnerability was lowered'\
' because the site correctly implements CSP. The'\
' vulnerability is still a risk for the application since'\
' only the latest versions of some browsers implement CSP'\
' checking.'
v = Vuln.from_mutant('Cross site scripting vulnerability', desc,
vuln_severity, response.id, self.get_name(),
mutant)
v.add_to_highlight(mod_value)
self.kb_append_uniq(self, 'xss', v)
def test_site_protected_against_xss_by_csp_case01(self):
"""
Test case in witch site do not provide CSP features.
"""
hrds = {}.items()
csp_headers = Headers(hrds)
http_response = HTTPResponse(200, '', csp_headers, self.url, self.url)
site_protected = site_protected_against_xss_by_csp(http_response)
self.assertFalse(site_protected)
def test_site_protected_against_xss_by_csp_case06(self):
"""
Test case in witch site is secure
"""
header_value = "default-src 'self'"
hrds = {CSP_HEADER_W3C: header_value}.items()
csp_headers = Headers(hrds)
http_response = HTTPResponse(200, '', csp_headers, self.url, self.url)
site_protected = site_protected_against_xss_by_csp(http_response)
self.assertTrue(site_protected)
def test_site_protected_against_xss_by_csp_case02(self):
"""
Test case in witch site provide CSP features and have a vuln
on Script policies.
"""
header_value = "script-src *;"
hrds = {CSP_HEADER_W3C: header_value}.items()
csp_headers = Headers(hrds)
http_response = HTTPResponse(200, '', csp_headers, self.url, self.url)
site_protected = site_protected_against_xss_by_csp(http_response)
self.assertFalse(site_protected)
def test_site_protected_against_xss_by_csp_case04(self):
"""
Test case in witch site provide CSP features and enable use of the
javascript "eval()" function into is CSP Script policies BUT we do not
accept theses configurations.
"""
header_value = "script-src 'self' unsafe-eval; script-nonce 'AADD'"
hrds = {CSP_HEADER_W3C: header_value}.items()
csp_headers = Headers(hrds)
http_response = HTTPResponse(200, '', csp_headers, self.url, self.url)
site_protected = site_protected_against_xss_by_csp(http_response)
self.assertFalse(site_protected)
def _report_persistent_vuln(self, mutant, response, mutant_response_id,
mod_value, fuzzable_request):
"""
Report a persistent XSS vulnerability to the core.
:return: None, a vulnerability is saved in the KB.
"""
response_ids = [response.id, mutant_response_id]
name = 'Persistent Cross-Site Scripting vulnerability'
desc = 'A persistent Cross Site Scripting vulnerability'\
' was found by sending "%s" to the "%s" parameter'\
' at %s, which is echoed when browsing to %s.'
desc = desc % (mod_value, mutant.get_var(), mutant.get_url(),
response.get_url())
csp_protects = site_protected_against_xss_by_csp(response)
vuln_severity = severity.MEDIUM if csp_protects else severity.HIGH
if csp_protects:
desc += 'The risk associated with this vulnerability was lowered'\
' because the site correctly implements CSP. The'\
' vulnerability is still a risk for the application since'\
' only the latest versions of some browsers implement CSP'\
' checking.'
v = Vuln.from_mutant(name, desc, vuln_severity,
response_ids, self.get_name(),
mutant)
v['persistent'] = True
v['write_payload'] = mutant
v['read_payload'] = fuzzable_request
v.add_to_highlight(mutant.get_mod_value())
om.out.vulnerability(v.get_desc())
self.kb_append_uniq(self, 'xss', v)
