fluidasserts.format.cookie module

This module allows to check Cookies vulnerabilities.

fluidasserts.format.cookie.has_not_httponly_in_cookiejar(cookie_name, cookie_jar)

Check if the cookie in the cookie_jar has the HttpOnly attribute.

Parameters
  • cookie_name (str) – Name of the cookie to test.

  • cookie_jar (requests.cookies.RequestsCookieJar) – Collection of cookies as returned by the requests package, please see requests.cookies.RequestsCookieJar.

Returns

  • OPEN if the specified cookie has not the HttpOnly attribute set.

  • UNKNOWN on errors.

  • CLOSED otherwise.

Return type

fluidasserts.Result

fluidasserts.format.cookie.has_not_httponly_set(cookie_name, url, *args, **kwargs)

Check if the cookie in the url has the HttpOnly attribute.

Parameters
  • cookie_name (str) – Name of the cookie to test.

  • url (str) – URL to get cookies.

  • *args – Optional positional arguments for HTTPSession.

  • **kwargs – Optional keyword arguments for HTTPSession.

Returns

  • OPEN if the specified cookie has not the HttpOnly attribute set.

  • UNKNOWN on errors.

  • CLOSED otherwise.

Return type

fluidasserts.Result

fluidasserts.format.cookie.has_not_samesite_in_cookiejar(cookie_name, cookie_jar)

Check if the cookie in the cookie_jar has the samesite attribute.

Parameters
  • cookie_name (str) – Name of the cookie to test.

  • cookie_jar (requests.cookies.RequestsCookieJar) – Collection of cookies as returned by the requests package, please see requests.cookies.RequestsCookieJar.

Returns

  • OPEN if the specified cookie has not the SameSite attribute set.

  • UNKNOWN on errors.

  • CLOSED otherwise.

Return type

fluidasserts.Result

fluidasserts.format.cookie.has_not_samesite_set(cookie_name, url, *args, **kwargs)

Check if the cookie in the url has the samesite attribute.

Parameters
  • cookie_name (str) – Name of the cookie to test.

  • url (str) – URL to get cookies.

  • *args – Optional positional arguments for HTTPSession.

  • **kwargs – Optional keyword arguments for HTTPSession.

Returns

  • OPEN if the specified cookie has not the SameSite attribute set.

  • UNKNOWN on errors.

  • CLOSED otherwise.

Return type

fluidasserts.Result

fluidasserts.format.cookie.has_not_secure_in_cookiejar(cookie_name, cookie_jar)

Check if the cookie in the cookie_jar has the secure attribute set.

Parameters
  • cookie_name (str) – Name of the cookie to test.

  • cookie_jar (requests.cookies.RequestsCookieJar) – Collection of cookies as returned by the requests package, please see requests.cookies.RequestsCookieJar.

Returns

  • OPEN if the specified cookie has not the Secure attribute set.

  • UNKNOWN on errors.

  • CLOSED otherwise.

Return type

fluidasserts.Result

fluidasserts.format.cookie.has_not_secure_set(cookie_name, url, *args, **kwargs)

Check if the cookie in the url has the secure attribute.

Parameters
  • cookie_name (str) – Name of the cookie to test.

  • url (str) – URL to get cookies.

  • *args – Optional positional arguments for HTTPSession.

  • **kwargs – Optional keyword arguments for HTTPSession.

Returns

  • OPEN if the specified cookie has not the Secure attribute set.

  • UNKNOWN on errors.

  • CLOSED otherwise.

Return type

fluidasserts.Result