jab2870/Dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

BIN: Fix webtest script when : in cookies

Browse source 
If there was a colon in a cookie, the script would misidentify insecure
cookie configurations
This commit is contained in:
Jonathan Hodgson 2020-12-01 19:56:33 +00:00
parent ab2c56d9b5
commit c384064641
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
bin/.bin/webtest/analyse-headers
View file

@ -229,12 +229,14 @@ channel.\n\n"
} }
test_set-cookie(){ test_set-cookie(){
local value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)" local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
local cookieName="$(echo "$value" | cut -d '=' -f 1)" local cookieName="$(echo "$value" | cut -d '=' -f 1)"
local ret=0 local ret=0
local output="" local output=""
if ! echo "$value" | grep -q "HttpOnly"; then if ! echo "$value" | grep -q "HttpOnly"; then
echo "$value"
echo "$value" | grep -q "HttpOnly" --color always
output+="The HttpOnly flag isn't set which means the cookie value can \ output+="The HttpOnly flag isn't set which means the cookie value can \
be read by JavaScript. If a malicious actor manages to run JavaScript through \ be read by JavaScript. If a malicious actor manages to run JavaScript through \
methods like XSS, they may be able to steal the contents of cookies\n\n" methods like XSS, they may be able to steal the contents of cookies\n\n"