def _report_vuln(self, mutant, response, mod_value): """ Create a Vuln object and store it in the KB. :return: None """ csp_protects = site_protected_against_xss_by_csp(response) vuln_severity = severity.LOW if csp_protects else severity.MEDIUM desc = 'A Cross Site Scripting vulnerability was found at: %s' desc %= mutant.found_at() if csp_protects: desc += ('The risk associated with this vulnerability was lowered' ' because the site correctly implements CSP. The' ' vulnerability is still a risk for the application since' ' only the latest versions of some browsers implement CSP' ' checking.') v = Vuln.from_mutant('Cross site scripting vulnerability', desc, vuln_severity, response.id, self.get_name(), mutant) v.add_to_highlight(mod_value) self.kb_append_uniq(self, 'xss', v)
def _report_vuln(self, mutant, response, mod_value): """ Create a Vuln object and store it in the KB. :return: None """ csp_protects = site_protected_against_xss_by_csp(response) vuln_severity = severity.LOW if csp_protects else severity.MEDIUM desc = 'A Cross Site Scripting vulnerability was found at: %s' desc = desc % mutant.found_at() if csp_protects: desc += 'The risk associated with this vulnerability was lowered'\ ' because the site correctly implements CSP. The'\ ' vulnerability is still a risk for the application since'\ ' only the latest versions of some browsers implement CSP'\ ' checking.' v = Vuln.from_mutant('Cross site scripting vulnerability', desc, vuln_severity, response.id, self.get_name(), mutant) v.add_to_highlight(mod_value) self.kb_append_uniq(self, 'xss', v)
def test_site_protected_against_xss_by_csp_case01(self): """ Test case in witch site do not provide CSP features. """ hrds = {}.items() csp_headers = Headers(hrds) http_response = HTTPResponse(200, '', csp_headers, self.url, self.url) site_protected = site_protected_against_xss_by_csp(http_response) self.assertFalse(site_protected)
def test_site_protected_against_xss_by_csp_case06(self): """ Test case in witch site is secure """ header_value = "default-src 'self'" hrds = {CSP_HEADER_W3C: header_value}.items() csp_headers = Headers(hrds) http_response = HTTPResponse(200, '', csp_headers, self.url, self.url) site_protected = site_protected_against_xss_by_csp(http_response) self.assertTrue(site_protected)
def test_site_protected_against_xss_by_csp_case02(self): """ Test case in witch site provide CSP features and have a vuln on Script policies. """ header_value = "script-src *;" hrds = {CSP_HEADER_W3C: header_value}.items() csp_headers = Headers(hrds) http_response = HTTPResponse(200, '', csp_headers, self.url, self.url) site_protected = site_protected_against_xss_by_csp(http_response) self.assertFalse(site_protected)
def test_site_protected_against_xss_by_csp_case04(self): """ Test case in witch site provide CSP features and enable use of the javascript "eval()" function into is CSP Script policies BUT we do not accept theses configurations. """ header_value = "script-src 'self' unsafe-eval; script-nonce 'AADD'" hrds = {CSP_HEADER_W3C: header_value}.items() csp_headers = Headers(hrds) http_response = HTTPResponse(200, '', csp_headers, self.url, self.url) site_protected = site_protected_against_xss_by_csp(http_response) self.assertFalse(site_protected)
def _report_persistent_vuln(self, mutant, response, mutant_response_id, mod_value, fuzzable_request): """ Report a persistent XSS vulnerability to the core. :return: None, a vulnerability is saved in the KB. """ response_ids = [response.id, mutant_response_id] name = 'Persistent Cross-Site Scripting vulnerability' desc = 'A persistent Cross Site Scripting vulnerability'\ ' was found by sending "%s" to the "%s" parameter'\ ' at %s, which is echoed when browsing to %s.' desc = desc % (mod_value, mutant.get_var(), mutant.get_url(), response.get_url()) csp_protects = site_protected_against_xss_by_csp(response) vuln_severity = severity.MEDIUM if csp_protects else severity.HIGH if csp_protects: desc += 'The risk associated with this vulnerability was lowered'\ ' because the site correctly implements CSP. The'\ ' vulnerability is still a risk for the application since'\ ' only the latest versions of some browsers implement CSP'\ ' checking.' v = Vuln.from_mutant(name, desc, vuln_severity, response_ids, self.get_name(), mutant) v['persistent'] = True v['write_payload'] = mutant v['read_payload'] = fuzzable_request v.add_to_highlight(mutant.get_mod_value()) om.out.vulnerability(v.get_desc()) self.kb_append_uniq(self, 'xss', v)