def extract_link_from_set_cookie_header(http_response, header_name, header_value): """ Extract links from the "path" key of a cookie Example headers we can parse: set-cookie: __cfduid=...; path=/; domain=.w3af.org; HttpOnly :param http_response: The http response object :param header_name: The http response header name :param header_value: The http response header value (where the URL lives) :return: Yield URL instances :see: https://github.com/andresriancho/w3af/issues/9493 """ try: cookie = parse_cookie(header_value) except: raise StopIteration for key in cookie.keys(): try: path = cookie[key]["path"] except KeyError: continue if path: try: yield http_response.get_url().url_join(path) except ValueError: msg = ( 'The application sent a "%s" header that w3af' " failed to correctly parse as an URL, the header" ' value was: "%s"' ) om.out.debug(msg % (header_name, header_value))
def _parse_cookie(self, request, response, cookie_header_value): """ If the response sets more than one Cookie, this method will be called once for each "Set-Cookie" header. BUGBUG: The urllib2 library concatenates , values of repeated headers. See HTTPMessage.addheader() in httplib.py :param request: The HTTP request object. :param response: The HTTP response object :param cookie_header_value: The cookie, as sent in the HTTP response :return: The cookie object or None if the parsing failed """ try: # Note to self: This line may print some chars to the console return parse_cookie(cookie_header_value) except Cookie.CookieError: desc = 'The remote Web application sent a cookie with an' \ ' incorrect format: "%s" that does NOT respect the RFC.' desc = desc % cookie_header_value i = CookieInfo('Invalid cookie', desc, response.id, self.get_name()) i.set_url(response.get_url()) i.set_cookie_string(cookie_header_value) # The cookie is invalid, this is worth mentioning ;) kb.kb.append(self, 'invalid-cookies', i) return None
def extract_link_from_set_cookie_header(http_response, header_name, header_value): """ Extract links from the "path" key of a cookie Example headers we can parse: set-cookie: __cfduid=...; path=/; domain=.w3af.org; HttpOnly :param http_response: The http response object :param header_name: The http response header name :param header_value: The http response header value (where the URL lives) :return: Yield URL instances :see: https://github.com/andresriancho/w3af/issues/9493 """ try: cookie = parse_cookie(header_value) except: raise StopIteration for key in cookie.keys(): try: path = cookie[key]['path'] except KeyError: continue if path: try: yield http_response.get_url().url_join(path) except ValueError: msg = ('The application sent a "%s" header that w3af' ' failed to correctly parse as an URL, the header' ' value was: "%s"') om.out.debug(msg % (header_name, header_value))
def test_with_path(self): cookie = parse_cookie('abc=def; path=/x') self.assertEqual(cookie['abc']['path'], '/x')
def test_basic(self): cookie = parse_cookie('abc=def') self.assertIn('abc', cookie)