def test__get_cookie_issues_ssn(self): http_basic.reset() with requests_mock.Mocker() as m: url = "https://example.com" m.get( url, text="body", headers={ "Set-Cookie": "sessionid=38afes7a8; HttpOnly; Secure; SameSite=None; Path=/" }, ) resp = requests.get(url) res = get_cookie_issues(resp, url) self.assertEqual(1, len(res))
def test__get_cookie_issues_no_ho(self): http_basic.reset() with requests_mock.Mocker() as m: url = "http://example.com" m.get( url, text="body", headers={ "Set-Cookie": "sessionid=38afes7a8; SameSite=Lax; Path=/" }, ) resp = requests.get(url) res = get_cookie_issues(resp, url) self.assertEqual(1, len(res)) self.assertIn("Cookie Missing HttpOnly Flag", res[0].message)
def test__get_cookie_bigip_4(self): http_basic.reset() with requests_mock.Mocker() as m: url = "http://example.com" m.get( url, text="body", headers={ "Set-Cookie": "BIGipServerWEB=rd3o20010112000000000000000000000030o80; HttpOnly; SameSite=Lax; Path=/" }, ) resp = requests.get(url) res = get_cookie_issues(resp, url) self.assertEqual(1, len(res)) self.assertIn("Big-IP Internal IP Address Disclosure", res[0].message)
def test__get_cookie_issues_no_sec_ssn(self): http_basic.reset() with requests_mock.Mocker() as m: url = "https://example.com" m.get( url, text="body", headers={ "Set-Cookie": "sessionid=38afes7a8; HttpOnly; SameSite=None; Path=/" }, ) resp = requests.get(url) res = get_cookie_issues(resp, url) self.assertEqual(2, len(res)) self.assertIn("Cookie Missing Secure Flag", res[0].message) self.assertIn( "Cookie SameSite=None Flag Invalid (without Secure flag)", res[1].message)
def reset(): retirejs.reset() file_search.reset() error_checker.reset() http_basic.reset()