def analyze_cors_security(self, url): ''' Send forged HTTP requests in order to test target application behavior. ''' origin_list = [self.origin_header_value, ] # TODO: Does it make any sense to add these Origins? If so, how will it # affect our tests? And which vulnerabilities are we going to # detect with them? #origin_list.append("http://www.google.com/") #origin_list.append("null") #origin_list.append("*") #origin_list.append("") #origin_list.append( url.url_string ) # Perform check(s) for origin in origin_list: # Build request forged_req = build_cors_request(url, origin) # Send forged request and retrieve response information response = self._uri_opener.send_mutant(forged_req) allow_origin = retrieve_cors_header( response, ACCESS_CONTROL_ALLOW_ORIGIN) allow_credentials = retrieve_cors_header( response, ACCESS_CONTROL_ALLOW_CREDENTIALS) allow_methods = retrieve_cors_header( response, ACCESS_CONTROL_ALLOW_METHODS) self._analyze_server_response(forged_req, url, origin, response, allow_origin, allow_credentials, allow_methods)
def analyze_cors_security(self, url): ''' Send forged HTTP requests in order to test target application behavior. ''' origin_list = [ self.origin_header_value, ] # TODO: Does it make any sense to add these Origins? If so, how will it # affect our tests? And which vulnerabilities are we going to # detect with them? #origin_list.append("http://www.google.com/") #origin_list.append("null") #origin_list.append("*") #origin_list.append("") #origin_list.append( url.url_string ) # Perform check(s) for origin in origin_list: # Build request forged_req = build_cors_request(url, origin) # Send forged request and retrieve response information response = self._uri_opener.send_mutant(forged_req) allow_origin = retrieve_cors_header(response, ACCESS_CONTROL_ALLOW_ORIGIN) allow_credentials = retrieve_cors_header( response, ACCESS_CONTROL_ALLOW_CREDENTIALS) allow_methods = retrieve_cors_header(response, ACCESS_CONTROL_ALLOW_METHODS) self._analyze_server_response(forged_req, url, origin, response, allow_origin, allow_credentials, allow_methods)
def test_build_cors_request_true(self): url = URL('http://moth/') fr = build_cors_request(url, 'http://foo.com/') self.assertEquals(fr.get_url(), url) self.assertEquals(fr.get_method(), 'GET') self.assertEquals(fr.get_headers(), {'Origin': 'http://foo.com/'})
def test_build_cors_request_false(self): url = URL('http://moth/') fr = build_cors_request(url, None) self.assertEquals(fr.get_url(), url) self.assertEquals(fr.get_method(), 'GET') self.assertEquals(fr.get_headers(), {})