BIN: Fix webtest script when : in cookies
If there was a colon in a cookie, the script would misidentify insecure cookie configurations
This commit is contained in:
parent
ab2c56d9b5
commit
c384064641
1 changed files with 3 additions and 1 deletions
|
@ -229,12 +229,14 @@ channel.\n\n"
|
|||
}
|
||||
|
||||
test_set-cookie(){
|
||||
local value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)"
|
||||
local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
|
||||
local cookieName="$(echo "$value" | cut -d '=' -f 1)"
|
||||
local ret=0
|
||||
local output=""
|
||||
|
||||
if ! echo "$value" | grep -q "HttpOnly"; then
|
||||
echo "$value"
|
||||
echo "$value" | grep -q "HttpOnly" --color always
|
||||
output+="The HttpOnly flag isn't set which means the cookie value can \
|
||||
be read by JavaScript. If a malicious actor manages to run JavaScript through \
|
||||
methods like XSS, they may be able to steal the contents of cookies\n\n"
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue