def test__get_cookie_issues_ssn(self):
http_basic.reset()
with requests_mock.Mocker() as m:
url = "https://example.com"
m.get(
url,
text="body",
headers={
"Set-Cookie":
"sessionid=38afes7a8; HttpOnly; Secure; SameSite=None; Path=/"
},
)
resp = requests.get(url)
res = get_cookie_issues(resp, url)
self.assertEqual(1, len(res))
def test__get_cookie_issues_no_ho(self):
http_basic.reset()
with requests_mock.Mocker() as m:
url = "http://example.com"
m.get(
url,
text="body",
headers={
"Set-Cookie": "sessionid=38afes7a8; SameSite=Lax; Path=/"
},
)
resp = requests.get(url)
res = get_cookie_issues(resp, url)
self.assertEqual(1, len(res))
self.assertIn("Cookie Missing HttpOnly Flag", res[0].message)
def test__get_cookie_bigip_4(self):
http_basic.reset()
with requests_mock.Mocker() as m:
url = "http://example.com"
m.get(
url,
text="body",
headers={
"Set-Cookie":
"BIGipServerWEB=rd3o20010112000000000000000000000030o80; HttpOnly; SameSite=Lax; Path=/"
},
)
resp = requests.get(url)
res = get_cookie_issues(resp, url)
self.assertEqual(1, len(res))
self.assertIn("Big-IP Internal IP Address Disclosure", res[0].message)
def test__get_cookie_issues_no_sec_ssn(self):
http_basic.reset()
with requests_mock.Mocker() as m:
url = "https://example.com"
m.get(
url,
text="body",
headers={
"Set-Cookie":
"sessionid=38afes7a8; HttpOnly; SameSite=None; Path=/"
},
)
resp = requests.get(url)
res = get_cookie_issues(resp, url)
self.assertEqual(2, len(res))
self.assertIn("Cookie Missing Secure Flag", res[0].message)
self.assertIn(
"Cookie SameSite=None Flag Invalid (without Secure flag)",
res[1].message)
def reset():
retirejs.reset()
file_search.reset()
error_checker.reset()
http_basic.reset()
