def do_cookie_check(cookie):
multi_parameters = cookie.split(settings.COOKIE_DELIMITER)
# Check for inappropriate format in provided parameter(s).
if len([s
for s in multi_parameters if "=" in s]) != (len(multi_parameters)):
checks.inappropriate_format(multi_parameters)
# Grab the value of parameter.
value = re.findall(r'=(.*)', cookie)
value = ''.join(value)
# Replace the value of parameter with INJECT tag
# Check if single paramerter is supplied.
if len(multi_parameters) == 1:
# Ignoring the anti-CSRF parameter(s).
if checks.ignore_anticsrf_parameter(cookie):
return cookie
# Ignoring the Google analytics cookie parameter.
if checks.ignore_google_analytics_cookie(cookie):
return cookie
# Check for empty values (in provided parameters).
if checks.is_empty(multi_parameters, http_request_method="cookie"):
return cookie
# Check if defined the INJECT_TAG
if settings.INJECT_TAG not in cookie:
if len(value) == 0:
cookie = cookie + settings.INJECT_TAG
else:
cookie = cookie.replace(value, value + settings.INJECT_TAG)
return cookie
# Check if multiple parameters are supplied.
else:
cookies_list = []
all_params = settings.COOKIE_DELIMITER.join(multi_parameters)
all_params = all_params.split(settings.COOKIE_DELIMITER)
# Check if not defined the "INJECT_HERE" tag in parameter
if settings.INJECT_TAG not in cookie:
# Check for empty values (in provided parameters).
if checks.is_empty(multi_parameters, http_request_method="cookie"):
return cookie
for param in range(0, len(all_params)):
if param == 0:
old = re.findall(r'=(.*)', all_params[param])
old = ''.join(old)
else:
old = value
# Grab the value of cookie.
value = re.findall(r'=(.*)', all_params[param])
value = ''.join(value)
# Ignoring the anti-CSRF parameter(s)..
if checks.ignore_anticsrf_parameter(all_params[param]):
continue
# Ignoring the Google analytics cookie parameter.
if checks.ignore_google_analytics_cookie(all_params[param]):
continue
# Replace the value of parameter with INJECT tag
# Skip testing the parameter(s) with empty value(s).
if menu.options.skip_empty:
if len(value) != 0:
all_params[param] = all_params[param].replace(
value, value + settings.INJECT_TAG)
all_params[param - 1] = all_params[param - 1].replace(
value, "").replace(settings.INJECT_TAG, "")
cookie = settings.COOKIE_DELIMITER.join(all_params)
cookies_list.append(cookie)
cookie = cookies_list
else:
if len(value) == 0:
all_params[
param] = all_params[param] + settings.INJECT_TAG
else:
all_params[param] = all_params[param].replace(
value, value + settings.INJECT_TAG)
all_params[param - 1] = all_params[param - 1].replace(
value, "").replace(settings.INJECT_TAG, "")
cookie = settings.COOKIE_DELIMITER.join(all_params)
cookies_list.append(cookie)
cookie = cookies_list
else:
for param in range(0, len(multi_parameters)):
# Grab the value of parameter.
value = re.findall(r'=(.*)', multi_parameters[param])
value = ''.join(value)
cookie = settings.COOKIE_DELIMITER.join(multi_parameters)
return cookie
def do_cookie_check(cookie):
http_request_method = "cookie"
multi_parameters = cookie.split(settings.COOKIE_DELIMITER)
# Check for inappropriate format in provided parameter(s).
if len([s for s in multi_parameters if "=" in s]) != (len(multi_parameters)):
checks.inappropriate_format(multi_parameters)
#Grab the value of parameter.
value = re.findall(r'=(.*)', cookie)
value = ''.join(value)
# Replace the value of parameter with INJECT tag
inject_value = value.replace(value, settings.INJECT_TAG)
# Check if single paramerter is supplied.
if len(multi_parameters) == 1:
# Ignoring the anti-CSRF parameter(s).
if checks.ignore_anticsrf_parameter(cookie):
return cookie
# Ignoring the Google analytics cookie parameter.
if checks.ignore_google_analytics_cookie(cookie):
return cookie
# Check for empty values (in provided parameters).
checks.is_empty(multi_parameters, http_request_method)
# Check if defined the INJECT_TAG
if settings.INJECT_TAG not in cookie:
if len(value) == 0:
cookie = cookie + settings.INJECT_TAG
else:
cookie = cookie.replace(value, inject_value)
return cookie
# Check if multiple parameters are supplied.
else:
cookies_list = []
all_params = settings.COOKIE_DELIMITER.join(multi_parameters)
all_params = all_params.split(settings.COOKIE_DELIMITER)
# Check if not defined the "INJECT_HERE" tag in parameter
if settings.INJECT_TAG not in cookie:
# Check for empty values (in provided parameters).
checks.is_empty(multi_parameters, http_request_method)
for param in range(0, len(all_params)):
if param == 0 :
old = re.findall(r'=(.*)', all_params[param])
old = ''.join(old)
else :
old = value
# Grab the value of cookie.
value = re.findall(r'=(.*)', all_params[param])
value = ''.join(value)
# Ignoring the anti-CSRF parameter(s)..
if checks.ignore_anticsrf_parameter(all_params[param]):
continue
# Ignoring the Google analytics cookie parameter.
if checks.ignore_google_analytics_cookie(all_params[param]):
continue
# Replace the value of parameter with INJECT tag
inject_value = value.replace(value, settings.INJECT_TAG)
# Skip testing the parameter(s) with empty value(s).
if menu.options.skip_empty:
if len(value) == 0:
provided_value = re.findall(r'(.*)=', all_params[param])
provided_value = ''.join(provided_value)
else:
all_params[param] = all_params[param].replace(value, inject_value)
all_params[param-1] = all_params[param-1].replace(inject_value, old)
cookie = settings.COOKIE_DELIMITER.join(all_params)
cookies_list.append(cookie)
cookie = cookies_list
else:
if len(value) == 0:
all_params[param] = all_params[param] + settings.INJECT_TAG
else:
all_params[param] = all_params[param].replace(value, inject_value)
all_params[param-1] = all_params[param-1].replace(inject_value, old)
cookie = settings.COOKIE_DELIMITER.join(all_params)
cookies_list.append(cookie)
cookie = cookies_list
else:
for param in range(0, len(multi_parameters)):
# Grab the value of parameter.
value = re.findall(r'=(.*)', multi_parameters[param])
value = ''.join(value)
cookie = settings.COOKIE_DELIMITER.join(multi_parameters)
return cookie
