fluidasserts.lang.dotnetconfig module

This module allows to check Web.config code vulnerabilities.

fluidasserts.lang.dotnetconfig.has_debug_enabled(webconf_dest, exclude=None)

Check if debug flag is enabled in Web.config.

Search for debug tag in compilation section in a Web.config source file or package.

Parameters
  • webconf_dest (str) – Path to a Web.config source file or package.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result

fluidasserts.lang.dotnetconfig.has_ssl_disabled(apphostconf_dest, exclude=None)

Check if SSL is disabled in ApplicationHost.config.

Search for access tag in security section in an ApplicationHost.config source file or package.

Parameters
  • apphostconf_dest (str) – Path to an ApplicationHost.config source file or package.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result

fluidasserts.lang.dotnetconfig.is_header_x_powered_by_present(webconf_dest, exclude=None)

Search for X-Powered-By headers in a Web.config source file or package.

Parameters
  • webconf_dest (str) – Path to a Web.config source file or package.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result

fluidasserts.lang.dotnetconfig.not_custom_errors(webconf_dest, exclude=None)

Check if customErrors flag is set to off in Web.config.

CWE-12: ASP.NET Misconfiguration: Missing Custom Error Page

Parameters
  • webconf_dest (str) – Path to a Web.config source file or package.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result