Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-30 12:21:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

log cookie names without httponly or secure flag

Browse Source
This commit is contained in:
manuel 2020-02-06 10:55:50 +01:00
parent 787e575085
commit 547ad5ed46
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
testssl.sh
View File

@ -3022,6 +3022,16 @@ run_cookie_flags() { # ARG1: Path
else else
fileout "cookie_httponly" "INFO" "$nr_secure/$nr_cookies at \"$1\" marked as HttpOnly$msg302_" fileout "cookie_httponly" "INFO" "$nr_secure/$nr_cookies at \"$1\" marked as HttpOnly$msg302_"
fi fi
IFS=$'; ' read -r -a not_secure <<< $(echo $(awk -F"=" '{print$1}' <<< $(awk -F" " '{print$2}' <<< $(grep -iav secure $TMPFILE))))
if [[ -v not_secure ]]; then
not_secure_cookies=$(printf '%s,' "${not_secure[@]}")
fileout "cookie_not_secure" "INFO" "The cookie(s) with name(s) '${not_secure_cookies::-1}' does not have the secure flag set."
fi
IFS=$'; ' read -r -a not_httponly <<< $(echo $(awk -F"=" '{print$1}' <<< $(awk -F" " '{print$2}' <<< $(grep -iav httponly $TMPFILE))))
if [[ -v not_httponly ]]; then
not_httponly_cookies=$(printf '%s,' "${not_httponly[@]}")
fileout "cookie_not_httponly" "INFO" "The cookie(s) with name(s) '${not_httponly_cookies::-1}' does not have the httponly flag set."
fi
outln "$msg302" outln "$msg302"
allcookies="$(awk '/[Ss][Ee][Tt]-[Cc][Oo][Oo][Kk][Ii][Ee]:/ { print $2 }' "$TMPFILE")" allcookies="$(awk '/[Ss][Ee][Tt]-[Cc][Oo][Oo][Kk][Ii][Ee]:/ { print $2 }' "$TMPFILE")"
sub_f5_bigip_check "$allcookies" "$spaces" sub_f5_bigip_check "$allcookies" "$spaces"