def analyze_cors_security(self, url): ''' Send forged HTTP requests in order to test target application behavior. ''' origin_list = [self.origin_header_value, ] # TODO: Does it make any sense to add these Origins? If so, how will it # affect our tests? And which vulnerabilities are we going to # detect with them? #origin_list.append("http://www.google.com/") #origin_list.append("null") #origin_list.append("*") #origin_list.append("") #origin_list.append( url.url_string ) # Perform check(s) for origin in origin_list: # Build request forged_req = build_cors_request(url, origin) # Send forged request and retrieve response information response = self._uri_opener.send_mutant(forged_req) allow_origin = retrieve_cors_header( response, ACCESS_CONTROL_ALLOW_ORIGIN) allow_credentials = retrieve_cors_header( response, ACCESS_CONTROL_ALLOW_CREDENTIALS) allow_methods = retrieve_cors_header( response, ACCESS_CONTROL_ALLOW_METHODS) self._analyze_server_response(forged_req, url, origin, response, allow_origin, allow_credentials, allow_methods)
def analyze_cors_security(self, url): ''' Send forged HTTP requests in order to test target application behavior. ''' origin_list = [ self.origin_header_value, ] # TODO: Does it make any sense to add these Origins? If so, how will it # affect our tests? And which vulnerabilities are we going to # detect with them? #origin_list.append("http://www.google.com/") #origin_list.append("null") #origin_list.append("*") #origin_list.append("") #origin_list.append( url.url_string ) # Perform check(s) for origin in origin_list: # Build request forged_req = build_cors_request(url, origin) # Send forged request and retrieve response information response = self._uri_opener.send_mutant(forged_req) allow_origin = retrieve_cors_header(response, ACCESS_CONTROL_ALLOW_ORIGIN) allow_credentials = retrieve_cors_header( response, ACCESS_CONTROL_ALLOW_CREDENTIALS) allow_methods = retrieve_cors_header(response, ACCESS_CONTROL_ALLOW_METHODS) self._analyze_server_response(forged_req, url, origin, response, allow_origin, allow_credentials, allow_methods)
def test_retrieve_cors_header_false(self): url = URL('http://moth/') cors_headers = Headers({'Access-Control': 'Allow-Origin'}.items()) http_response = HTTPResponse(200, '', cors_headers, url, url) value = retrieve_cors_header(http_response, 'Access-Control-Allow-Origin') self.assertEqual(value, None)
def test_retrieve_cors_header_false(self): url = URL('http://moth/') cors_headers = Headers({'Access-Control': 'Allow-Origin'}.items()) http_response = HTTPResponse(200, '', cors_headers, url, url) value = retrieve_cors_header( http_response, 'Access-Control-Allow-Origin') self.assertEqual(value, None)
def test_retrieve_cors_header_true(self): url = URL('http://moth/') w3af_url = 'http://www.w3af.org/' hrds = {'Access-Control-Allow-Origin': w3af_url}.items() cors_headers = Headers(hrds) http_response = HTTPResponse(200, '', cors_headers, url, url) value = retrieve_cors_header(http_response, 'Access-Control-Allow-Origin') self.assertEqual(value, w3af_url)
def test_retrieve_cors_header_true(self): url = URL('http://moth/') w3af_url = 'http://www.w3af.org/' hrds = {'Access-Control-Allow-Origin': w3af_url}.items() cors_headers = Headers(hrds) http_response = HTTPResponse(200, '', cors_headers, url, url) value = retrieve_cors_header( http_response, 'Access-Control-Allow-Origin') self.assertEqual(value, w3af_url)