fluidasserts.proto.rest module

This module allows to check REST vulnerabilities.

fluidasserts.proto.rest.accepts_empty_content_type(url, *args, status_codes=None, **kwargs)

Check if given URL accepts empty Content-Type requests.

Parameters

  • url (str) – URL to test.

  • *args – Optional arguments for HTTPSession.

  • status_codes (typing.Optional[list]) – Allowed status codes for true matching.

  • **kwargs – Optional arguments for HTTPSession.

Return type

fluidasserts.Result

fluidasserts.proto.rest.accepts_insecure_accept_header(url, *args, **kwargs)

Check if given URL accepts insecure Accept request header value.

Parameters

  • url (str) – URL to test.

  • *args – Optional arguments for HTTPSession.

  • **kwargs – Optional arguments for HTTPSession.

Return type

fluidasserts.Result

fluidasserts.proto.rest.has_access(url, *args, **kwargs)

Check if HTTP access to given URL is possible (i.e. response 200 OK).

Parameters

  • url (str) – URL to test.

  • *args – Optional arguments for HTTPSession.

  • **kwargs – Optional arguments for HTTPSession.

Return type

fluidasserts.Result

fluidasserts.proto.rest.is_header_content_type_missing(url, *args, **kwargs)

Check if Content-Type HTTP header is properly set.

Parameters
Return type

fluidasserts.Result

fluidasserts.proto.rest.is_header_hsts_missing(url, *args, **kwargs)

Check if Strict-Transport-Security HTTP header is properly set.

Parameters
Return type

fluidasserts.Result

fluidasserts.proto.rest.is_header_x_content_type_options_missing(url, *args, **kwargs)

Check if X-Content-Type-Options HTTP header is properly set.

Parameters
Return type

fluidasserts.Result

fluidasserts.proto.rest.is_header_x_frame_options_missing(url, *args, **kwargs)

Check if X-Frame-Options HTTP header is properly set.

Parameters
Return type

fluidasserts.Result