def check_cors(request, response):
print("... checking CORS policy ...", end='')
check_creds(response.headers)
if 'Access-Control-Allow-Origin' in response.headers:
if check_origin(response.headers):
text = text_origin1
highlight = [corsheader]
if check_creds(response.headers):
text += text_creds
highlight.append(credheader)
code = format.create_both(request, response, highlight)
finding.create_finding("cors", text, code)
else:
#Check if origin depends on request header.
addheader = {
'Origin': dependencyheader,
'Referer': dependencyheader
}
response2 = webcall.call(addheader)
text = text_origin2
highlight = [dependencyheader]
if check_origin(response2.headers, dependencyheader):
if check_creds(response2.headers):
text += text_creds
highlight.append(credheader)
code = format.create_both(response2.request, response2,
highlight)
finding.create_finding("cors", text, code)
print("")
def check_hostheader(request, response):
print("... checking for arbitrary host header ...", end='')
addheader = {'Host': config['hostname-test']}
response2 = webcall.call(addheader)
highlight = ["Host: "]
if compare(response, response2):
code1 = format.create_both(request, response, highlight, [""],
"Request 1:", "Response 1:")
code2 = format.create_both(response2.request, response2, highlight,
[""], "Request 2:", "Response 2:")
finding.create_finding("arbitraryhost", text, code1 + code2)
print("")
def check_hsts(request, response):
print("... checking usage of HSTS ...", end='')
if "Strict-Transport-Security" not in response.headers:
code = format.create_both(request, response)
finding.create_finding("hsts", text, code)
print("")
def check_xssfilter(request, response):
print("... checking usage of XSS-filter ...", end='')
if 'X-XSS-Protection' in response.headers:
if (response.headers.get("X-XSS-Protection") == 0):
code = format.create_both(request, response, "X-XSS-Protection: 0")
finding.create_finding("xss-filter-disabled", text, code)
print("")
def info_disc(request, response):
print("... checking obvious information disclosures ...", end='')
headers = info_disc_headers(response.headers)
body = info_disc_body(response.text)
if (len(headers) > 0):
tmp = ""
for key in headers:
tmp += headers[key] + ", "
for key in body:
tmp += body[key] + ", "
tmp = tmp[:-2]
tmp = text + template.cursive_start + tmp + template.cursive_end
code = format.create_both(request, response, headers.keys())
#ToDo: fix that, it currently deletes nearly everything -.-
#code = format.highlight_ifall_inline(code, body.keys())
#ToDo: for every body finding a different file!
finding.create_finding("infodisc", tmp, code)
print("")
def all_cookie_findings(request, response, type, text, cookienames):
highlightings = []
for name in cookienames:
highlightings.append("Set-Cookie: " + name + "=")
code = format.create_both(request, response, highlightings)
finding.create_finding(type, text, code, "all")
def cookiefinding(request, response, cookiename, type, text):
# ToDo: ist es möglich format.create_both zu extrahieren? besser wäre wahrscheinlich soetwas wie "1" oder "2" als Übergabe ... bis auf bei arbitrary host header ...
code = format.create_both(request, response,
["Set-Cookie: " + cookiename + "="])
finding.create_finding(type, text, code, str(cookiename))