BIN: Fix webtest script when : in cookies

If there was a colon in a cookie, the script would misidentify insecure
cookie configurations
Jonathan Hodgson 4 years ago
parent a3f75d9b32
commit 1f29c17ab5
  1. 4
      bin/.bin/webtest/analyse-headers

@ -229,12 +229,14 @@ channel.\n\n"
} }
test_set-cookie(){ test_set-cookie(){
local value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)" local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
local cookieName="$(echo "$value" | cut -d '=' -f 1)" local cookieName="$(echo "$value" | cut -d '=' -f 1)"
local ret=0 local ret=0
local output="" local output=""
if ! echo "$value" | grep -q "HttpOnly"; then if ! echo "$value" | grep -q "HttpOnly"; then
echo "$value"
echo "$value" | grep -q "HttpOnly" --color always
output+="The HttpOnly flag isn't set which means the cookie value can \ output+="The HttpOnly flag isn't set which means the cookie value can \
be read by JavaScript. If a malicious actor manages to run JavaScript through \ be read by JavaScript. If a malicious actor manages to run JavaScript through \
methods like XSS, they may be able to steal the contents of cookies\n\n" methods like XSS, they may be able to steal the contents of cookies\n\n"

Loading…
Cancel
Save