def do_cookie_check(cookie): multi_parameters = cookie.split(settings.COOKIE_DELIMITER) # Check for inappropriate format in provided parameter(s). if len([s for s in multi_parameters if "=" in s]) != (len(multi_parameters)): checks.inappropriate_format(multi_parameters) # Grab the value of parameter. value = re.findall(r'=(.*)', cookie) value = ''.join(value) # Replace the value of parameter with INJECT tag # Check if single paramerter is supplied. if len(multi_parameters) == 1: # Ignoring the anti-CSRF parameter(s). if checks.ignore_anticsrf_parameter(cookie): return cookie # Ignoring the Google analytics cookie parameter. if checks.ignore_google_analytics_cookie(cookie): return cookie # Check for empty values (in provided parameters). if checks.is_empty(multi_parameters, http_request_method="cookie"): return cookie # Check if defined the INJECT_TAG if settings.INJECT_TAG not in cookie: if len(value) == 0: cookie = cookie + settings.INJECT_TAG else: cookie = cookie.replace(value, value + settings.INJECT_TAG) return cookie # Check if multiple parameters are supplied. else: cookies_list = [] all_params = settings.COOKIE_DELIMITER.join(multi_parameters) all_params = all_params.split(settings.COOKIE_DELIMITER) # Check if not defined the "INJECT_HERE" tag in parameter if settings.INJECT_TAG not in cookie: # Check for empty values (in provided parameters). if checks.is_empty(multi_parameters, http_request_method="cookie"): return cookie for param in range(0, len(all_params)): if param == 0: old = re.findall(r'=(.*)', all_params[param]) old = ''.join(old) else: old = value # Grab the value of cookie. value = re.findall(r'=(.*)', all_params[param]) value = ''.join(value) # Ignoring the anti-CSRF parameter(s).. if checks.ignore_anticsrf_parameter(all_params[param]): continue # Ignoring the Google analytics cookie parameter. if checks.ignore_google_analytics_cookie(all_params[param]): continue # Replace the value of parameter with INJECT tag # Skip testing the parameter(s) with empty value(s). if menu.options.skip_empty: if len(value) != 0: all_params[param] = all_params[param].replace( value, value + settings.INJECT_TAG) all_params[param - 1] = all_params[param - 1].replace( value, "").replace(settings.INJECT_TAG, "") cookie = settings.COOKIE_DELIMITER.join(all_params) cookies_list.append(cookie) cookie = cookies_list else: if len(value) == 0: all_params[ param] = all_params[param] + settings.INJECT_TAG else: all_params[param] = all_params[param].replace( value, value + settings.INJECT_TAG) all_params[param - 1] = all_params[param - 1].replace( value, "").replace(settings.INJECT_TAG, "") cookie = settings.COOKIE_DELIMITER.join(all_params) cookies_list.append(cookie) cookie = cookies_list else: for param in range(0, len(multi_parameters)): # Grab the value of parameter. value = re.findall(r'=(.*)', multi_parameters[param]) value = ''.join(value) cookie = settings.COOKIE_DELIMITER.join(multi_parameters) return cookie
def do_cookie_check(cookie): http_request_method = "cookie" multi_parameters = cookie.split(settings.COOKIE_DELIMITER) # Check for inappropriate format in provided parameter(s). if len([s for s in multi_parameters if "=" in s]) != (len(multi_parameters)): checks.inappropriate_format(multi_parameters) #Grab the value of parameter. value = re.findall(r'=(.*)', cookie) value = ''.join(value) # Replace the value of parameter with INJECT tag inject_value = value.replace(value, settings.INJECT_TAG) # Check if single paramerter is supplied. if len(multi_parameters) == 1: # Ignoring the anti-CSRF parameter(s). if checks.ignore_anticsrf_parameter(cookie): return cookie # Ignoring the Google analytics cookie parameter. if checks.ignore_google_analytics_cookie(cookie): return cookie # Check for empty values (in provided parameters). checks.is_empty(multi_parameters, http_request_method) # Check if defined the INJECT_TAG if settings.INJECT_TAG not in cookie: if len(value) == 0: cookie = cookie + settings.INJECT_TAG else: cookie = cookie.replace(value, inject_value) return cookie # Check if multiple parameters are supplied. else: cookies_list = [] all_params = settings.COOKIE_DELIMITER.join(multi_parameters) all_params = all_params.split(settings.COOKIE_DELIMITER) # Check if not defined the "INJECT_HERE" tag in parameter if settings.INJECT_TAG not in cookie: # Check for empty values (in provided parameters). checks.is_empty(multi_parameters, http_request_method) for param in range(0, len(all_params)): if param == 0 : old = re.findall(r'=(.*)', all_params[param]) old = ''.join(old) else : old = value # Grab the value of cookie. value = re.findall(r'=(.*)', all_params[param]) value = ''.join(value) # Ignoring the anti-CSRF parameter(s).. if checks.ignore_anticsrf_parameter(all_params[param]): continue # Ignoring the Google analytics cookie parameter. if checks.ignore_google_analytics_cookie(all_params[param]): continue # Replace the value of parameter with INJECT tag inject_value = value.replace(value, settings.INJECT_TAG) # Skip testing the parameter(s) with empty value(s). if menu.options.skip_empty: if len(value) == 0: provided_value = re.findall(r'(.*)=', all_params[param]) provided_value = ''.join(provided_value) else: all_params[param] = all_params[param].replace(value, inject_value) all_params[param-1] = all_params[param-1].replace(inject_value, old) cookie = settings.COOKIE_DELIMITER.join(all_params) cookies_list.append(cookie) cookie = cookies_list else: if len(value) == 0: all_params[param] = all_params[param] + settings.INJECT_TAG else: all_params[param] = all_params[param].replace(value, inject_value) all_params[param-1] = all_params[param-1].replace(inject_value, old) cookie = settings.COOKIE_DELIMITER.join(all_params) cookies_list.append(cookie) cookie = cookies_list else: for param in range(0, len(multi_parameters)): # Grab the value of parameter. value = re.findall(r'=(.*)', multi_parameters[param]) value = ''.join(value) cookie = settings.COOKIE_DELIMITER.join(multi_parameters) return cookie