fluidasserts.proto.rest module

This module allows to check REST vulnerabilities.

fluidasserts.proto.rest.HDR_RGX = {'content-type': '^(\\s)*.+(\\/|-).+(\\s)*;(\\s)*charset.*$', 'strict-transport-security': '^\\s*max-age=\\s*\\d+', 'x-content-type-options': '^\\s*nosniff\\s*$', 'x-frame-options': '^\\s*deny.*$'}
fluidasserts.proto.rest.accepts_empty_content_type(url, *args, **kwargs)

Check if given URL accepts empty Content-Type requests.

Parameters
  • url (str) – URL to test.

  • *args – Optional arguments for HTTPSession.

  • **kwargs – Optional arguments for HTTPSession.

Return type

bool

fluidasserts.proto.rest.accepts_insecure_accept_header(url, *args, **kwargs)

Check if given URL accepts insecure Accept request header value.

Parameters
  • url (str) – URL to test.

  • *args – Optional arguments for HTTPSession.

  • **kwargs – Optional arguments for HTTPSession.

Return type

bool

fluidasserts.proto.rest.has_access(url, *args, **kwargs)

Check if HTTP access to given URL is possible (i.e. response 200 OK).

Parameters
  • url (str) – URL to test.

  • *args – Optional arguments for HTTPSession.

  • **kwargs – Optional arguments for HTTPSession.

Return type

bool

fluidasserts.proto.rest.is_header_content_type_missing(url, *args, **kwargs)

Check if Content-Type HTTP header is properly set.

Parameters
Return type

bool

fluidasserts.proto.rest.is_header_hsts_missing(url, *args, **kwargs)

Check if Strict-Transport-Security HTTP header is properly set.

Parameters
Return type

bool

fluidasserts.proto.rest.is_header_x_content_type_options_missing(url, *args, **kwargs)

Check if X-Content-Type-Options HTTP header is properly set.

Parameters
Return type

bool

fluidasserts.proto.rest.is_header_x_frame_options_missing(url, *args, **kwargs)

Check if X-Frame-Options HTTP header is properly set.

Parameters
Return type

bool