jab2870
/
Dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

BIN: Fix webtest script when : in cookies

Browse Source 
If there was a colon in a cookie, the script would misidentify insecure
cookie configurations
master
Jonathan Hodgson 4 years ago
parent ab2c56d9b5
commit c384064641
1 changed files with 3 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      bin/.bin/webtest/analyse-headers

4
bin/.bin/webtest/analyse-headers
Unescape View File

@ -229,12 +229,14 @@ channel.\n\n"
} }
test_set-cookie(){ test_set-cookie(){
local value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)" local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
local cookieName="$(echo "$value" | cut -d '=' -f 1)" local cookieName="$(echo "$value" | cut -d '=' -f 1)"
local ret=0 local ret=0
local output="" local output=""
if ! echo "$value" | grep -q "HttpOnly"; then if ! echo "$value" | grep -q "HttpOnly"; then
echo "$value"
echo "$value" | grep -q "HttpOnly" --color always
output+="The HttpOnly flag isn't set which means the cookie value can \ output+="The HttpOnly flag isn't set which means the cookie value can \
be read by JavaScript. If a malicious actor manages to run JavaScript through \ be read by JavaScript. If a malicious actor manages to run JavaScript through \
methods like XSS, they may be able to steal the contents of cookies\n\n" methods like XSS, they may be able to steal the contents of cookies\n\n"

Write Preview
Loading…
Cancel
Save