def do_test(self, url): stsheader = "Strict-Transport-Security" u = urlparse(url) if u.scheme == "http": correct_header = False bad_redirect = False response1 = get_url(url, False) invalid_header = stsheader in response1.headers is_redirect = response1.status_code == 301 if is_redirect == True: redirect = response1.headers["location"] r = urlparse(redirect) if r.scheme == "https": response2 = get_url(redirect, False) correct_header = stsheader in response2.headers else: bad_redirect = True success = invalid_header == False and is_redirect == True and correct_header == True if success == True: message = "The STS upgrade occurs properly (no STS header on HTTP, a 301 redirect, and an STS header in the subsequent request." else: message = "%s%s%s%s" % ( "The initial HTTP response included an STS header (RFC violation)." if invalid_header else "", "" if is_redirect else "The initial HTTP response should be a 301 redirect (RFC violation see ).", "" if correct_header else "The followup to the 301 redirect must include the STS header.", "The 301 location must use the https scheme." if bad_redirect else "" ) result = self.result("Pass" if success else "Fail", message, None) return (result, response1)
def do_test(self, url): stsheader = "Strict-Transport-Security" u = urlparse(url) if u.scheme == "http": correct_header = False bad_redirect = False response1 = get_url(url, False) invalid_header = stsheader in response1.headers is_redirect = response1.status_code == 301 if is_redirect == True: redirect = response1.headers["location"] r = urlparse(redirect) if r.scheme == "https": response2 = get_url(redirect, False) correct_header = stsheader in response2.headers else: bad_redirect = True success = invalid_header == False and is_redirect == True and correct_header == True if success == True: message = "The STS upgrade occurs properly (no STS header on HTTP, a 301 redirect, and an STS header in the subsequent request." else: message = "%s%s%s%s" % ( "The initial HTTP response included an STS header (RFC violation)." if invalid_header else "", "" if is_redirect else "The initial HTTP response should be a 301 redirect (RFC violation see ).", "" if correct_header else "The followup to the 301 redirect must include the STS header.", "The 301 location must use the https scheme." if bad_redirect else "") result = self.result("Pass" if success else "Fail", message, None) return (result, response1)
def do_test(self, url): response = get_url(url, False) if response.status_code == 200: result = self.result("Pass", "The request returned an HTTP 200 response.", None) else: result = self.result("Fail", "The response code was %s" % response.status_code, None) return (result, response)