def analyze_cors_security(self, url):
'''
Send forged HTTP requests in order to test target application behavior.
'''
origin_list = [self.origin_header_value, ]
# TODO: Does it make any sense to add these Origins? If so, how will it
# affect our tests? And which vulnerabilities are we going to
# detect with them?
#origin_list.append("http://www.google.com/")
#origin_list.append("null")
#origin_list.append("*")
#origin_list.append("")
#origin_list.append( url.url_string )
# Perform check(s)
for origin in origin_list:
# Build request
forged_req = build_cors_request(url, origin)
# Send forged request and retrieve response information
response = self._uri_opener.send_mutant(forged_req)
allow_origin = retrieve_cors_header(
response, ACCESS_CONTROL_ALLOW_ORIGIN)
allow_credentials = retrieve_cors_header(
response, ACCESS_CONTROL_ALLOW_CREDENTIALS)
allow_methods = retrieve_cors_header(
response, ACCESS_CONTROL_ALLOW_METHODS)
self._analyze_server_response(forged_req, url, origin, response,
allow_origin, allow_credentials,
allow_methods)
def analyze_cors_security(self, url):
'''
Send forged HTTP requests in order to test target application behavior.
'''
origin_list = [
self.origin_header_value,
]
# TODO: Does it make any sense to add these Origins? If so, how will it
# affect our tests? And which vulnerabilities are we going to
# detect with them?
#origin_list.append("http://www.google.com/")
#origin_list.append("null")
#origin_list.append("*")
#origin_list.append("")
#origin_list.append( url.url_string )
# Perform check(s)
for origin in origin_list:
# Build request
forged_req = build_cors_request(url, origin)
# Send forged request and retrieve response information
response = self._uri_opener.send_mutant(forged_req)
allow_origin = retrieve_cors_header(response,
ACCESS_CONTROL_ALLOW_ORIGIN)
allow_credentials = retrieve_cors_header(
response, ACCESS_CONTROL_ALLOW_CREDENTIALS)
allow_methods = retrieve_cors_header(response,
ACCESS_CONTROL_ALLOW_METHODS)
self._analyze_server_response(forged_req, url, origin, response,
allow_origin, allow_credentials,
allow_methods)
def test_retrieve_cors_header_false(self):
url = URL('http://moth/')
cors_headers = Headers({'Access-Control': 'Allow-Origin'}.items())
http_response = HTTPResponse(200, '', cors_headers, url, url)
value = retrieve_cors_header(http_response,
'Access-Control-Allow-Origin')
self.assertEqual(value, None)
def test_retrieve_cors_header_false(self):
url = URL('http://moth/')
cors_headers = Headers({'Access-Control': 'Allow-Origin'}.items())
http_response = HTTPResponse(200, '', cors_headers, url, url)
value = retrieve_cors_header(
http_response, 'Access-Control-Allow-Origin')
self.assertEqual(value, None)
def test_retrieve_cors_header_true(self):
url = URL('http://moth/')
w3af_url = 'http://www.w3af.org/'
hrds = {'Access-Control-Allow-Origin': w3af_url}.items()
cors_headers = Headers(hrds)
http_response = HTTPResponse(200, '', cors_headers, url, url)
value = retrieve_cors_header(http_response,
'Access-Control-Allow-Origin')
self.assertEqual(value, w3af_url)
def test_retrieve_cors_header_true(self):
url = URL('http://moth/')
w3af_url = 'http://www.w3af.org/'
hrds = {'Access-Control-Allow-Origin': w3af_url}.items()
cors_headers = Headers(hrds)
http_response = HTTPResponse(200, '', cors_headers, url, url)
value = retrieve_cors_header(
http_response, 'Access-Control-Allow-Origin')
self.assertEqual(value, w3af_url)
