Fixes "origin reflected" check
Previously there was a missing call to `headers = requester(url, scheme, header_dict, origin)` in the "origin reflected" check. This meant that the code was not using the intended origin (`origin = root + '://' + 'example.com'`). Intead, the check incorreclty used the headers from the first request (with `origin = scheme + '://' + root`). This commit fixes this problem by making the missing request.
This commit is contained in:
Vasco Franco
144
core/tests.py
144
core/tests.py
@@ -25,85 +25,87 @@ def passive_tests(url, headers):
|
||||
def active_tests(url, root, scheme, header_dict, delay):
|
||||
origin = scheme + '://' + root
|
||||
headers = requester(url, scheme, header_dict, origin)
|
||||
if headers:
|
||||
origin = root + '://' + 'example.com'
|
||||
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
|
||||
if acao_header and acao_header == (origin):
|
||||
info = details['origin reflected']
|
||||
info['acao header'] = acao_header
|
||||
info['acac header'] = acac_header
|
||||
return {url : info}
|
||||
elif not acao_header:
|
||||
return
|
||||
time.sleep(delay)
|
||||
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
|
||||
if acao_header is None:
|
||||
return
|
||||
|
||||
origin = scheme + '://' + root + '.example.com'
|
||||
headers = requester(url, scheme, header_dict, origin)
|
||||
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
|
||||
if acao_header and acao_header == (origin):
|
||||
info = details['post-domain wildcard']
|
||||
info['acao header'] = acao_header
|
||||
info['acac header'] = acac_header
|
||||
return {url : info}
|
||||
time.sleep(delay)
|
||||
origin = root + '://' + 'example.com'
|
||||
headers = requester(url, scheme, header_dict, origin)
|
||||
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
|
||||
if acao_header and acao_header == (origin):
|
||||
info = details['origin reflected']
|
||||
info['acao header'] = acao_header
|
||||
info['acac header'] = acac_header
|
||||
return {url : info}
|
||||
time.sleep(delay)
|
||||
|
||||
origin = scheme + '://d3v' + root
|
||||
headers = requester(url, scheme, header_dict, origin)
|
||||
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
|
||||
if acao_header and acao_header == (origin):
|
||||
info = details['pre-domain wildcard']
|
||||
info['acao header'] = acao_header
|
||||
info['acac header'] = acac_header
|
||||
return {url : info}
|
||||
time.sleep(delay)
|
||||
origin = scheme + '://' + root + '.example.com'
|
||||
headers = requester(url, scheme, header_dict, origin)
|
||||
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
|
||||
if acao_header and acao_header == (origin):
|
||||
info = details['post-domain wildcard']
|
||||
info['acao header'] = acao_header
|
||||
info['acac header'] = acac_header
|
||||
return {url : info}
|
||||
time.sleep(delay)
|
||||
|
||||
origin = 'null'
|
||||
headers = requester(url, '', header_dict, origin)
|
||||
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
|
||||
if acao_header and acao_header == 'null':
|
||||
info = details['null origin allowed']
|
||||
info['acao header'] = acao_header
|
||||
info['acac header'] = acac_header
|
||||
return {url : info}
|
||||
time.sleep(delay)
|
||||
origin = scheme + '://d3v' + root
|
||||
headers = requester(url, scheme, header_dict, origin)
|
||||
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
|
||||
if acao_header and acao_header == (origin):
|
||||
info = details['pre-domain wildcard']
|
||||
info['acao header'] = acao_header
|
||||
info['acac header'] = acac_header
|
||||
return {url : info}
|
||||
time.sleep(delay)
|
||||
|
||||
origin = scheme + '://' + root + '_.example.com'
|
||||
origin = 'null'
|
||||
headers = requester(url, '', header_dict, origin)
|
||||
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
|
||||
if acao_header and acao_header == 'null':
|
||||
info = details['null origin allowed']
|
||||
info['acao header'] = acao_header
|
||||
info['acac header'] = acac_header
|
||||
return {url : info}
|
||||
time.sleep(delay)
|
||||
|
||||
origin = scheme + '://' + root + '_.example.com'
|
||||
headers = requester(url, scheme, header_dict, origin)
|
||||
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
|
||||
if acao_header and acao_header == origin:
|
||||
info = details['unrecognized underscore']
|
||||
info['acao header'] = acao_header
|
||||
info['acac header'] = acac_header
|
||||
return {url : info}
|
||||
time.sleep(delay)
|
||||
|
||||
origin = scheme + '://' + root + '%60.example.com'
|
||||
headers = requester(url, scheme, header_dict, origin)
|
||||
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
|
||||
if acao_header and '`.example.com' in acao_header:
|
||||
info = details['broken parser']
|
||||
info['acao header'] = acao_header
|
||||
info['acac header'] = acac_header
|
||||
return {url : info}
|
||||
time.sleep(delay)
|
||||
|
||||
if root.count('.') > 1:
|
||||
origin = scheme + '://' + root.replace('.', 'x', 1)
|
||||
headers = requester(url, scheme, header_dict, origin)
|
||||
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
|
||||
if acao_header and acao_header == origin:
|
||||
info = details['unrecognized underscore']
|
||||
info = details['unescaped regex']
|
||||
info['acao header'] = acao_header
|
||||
info['acac header'] = acac_header
|
||||
return {url : info}
|
||||
time.sleep(delay)
|
||||
|
||||
origin = scheme + '://' + root + '%60.example.com'
|
||||
headers = requester(url, scheme, header_dict, origin)
|
||||
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
|
||||
if acao_header and '`.example.com' in acao_header:
|
||||
info = details['broken parser']
|
||||
info['acao header'] = acao_header
|
||||
info['acac header'] = acac_header
|
||||
return {url : info}
|
||||
time.sleep(delay)
|
||||
|
||||
if root.count('.') > 1:
|
||||
origin = scheme + '://' + root.replace('.', 'x', 1)
|
||||
headers = requester(url, scheme, header_dict, origin)
|
||||
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
|
||||
if acao_header and acao_header == origin:
|
||||
info = details['unescaped regex']
|
||||
info['acao header'] = acao_header
|
||||
info['acac header'] = acac_header
|
||||
return {url : info}
|
||||
time.sleep(delay)
|
||||
origin = 'http://' + root
|
||||
headers = requester(url, 'http', header_dict, origin)
|
||||
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
|
||||
if acao_header and acao_header.startswith('http://'):
|
||||
info = details['http origin allowed']
|
||||
info['acao header'] = acao_header
|
||||
info['acac header'] = acac_header
|
||||
return {url : info}
|
||||
else:
|
||||
return passive_tests(url, headers)
|
||||
origin = 'http://' + root
|
||||
headers = requester(url, 'http', header_dict, origin)
|
||||
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
|
||||
if acao_header and acao_header.startswith('http://'):
|
||||
info = details['http origin allowed']
|
||||
info['acao header'] = acao_header
|
||||
info['acac header'] = acac_header
|
||||
return {url : info}
|
||||
else:
|
||||
return passive_tests(url, headers)
|
||||
|
||||
Reference in New Issue
Block a user