This repository was archived by the owner on Jul 17, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathheaderMisconfigured.go
More file actions
61 lines (51 loc) · 1.76 KB
/
headerMisconfigured.go
File metadata and controls
61 lines (51 loc) · 1.76 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
package utils
import (
"context"
"time"
methodwebtest "github.com/Method-Security/methodwebtest/generated/go"
utils "github.com/Method-Security/methodwebtest/utils"
)
func RunHeaderMisconfigurationEngine(ctx context.Context, config *methodwebtest.HeaderMisconfigurationEngineConfig) *methodwebtest.Report {
report := methodwebtest.Report{}
report.Config = methodwebtest.NewEngineConfigFromHeaderMisconfigurationEngineConfig(config)
var allErrors []string
var targets []*methodwebtest.TargetInfo
for targetIndex, target := range config.Targets {
targetInfo := methodwebtest.TargetInfo{Target: target, StartTimestamp: time.Now()}
baseURL, parsedPath, err := utils.SplitTarget(target)
if err != nil {
allErrors = append(allErrors, err.Error())
continue
}
attempts := []*methodwebtest.AttemptInfo{}
for _, headerGroup := range config.Payloads[targetIndex] {
for retry := 0; retry <= config.Retries; retry++ {
attempt := methodwebtest.AttemptInfo{}
startTime := time.Now()
requestParams := methodwebtest.RequestParams{}
if _, ok := headerGroup[""]; !ok {
requestParams = methodwebtest.RequestParams{HeaderParams: headerGroup}
}
request := utils.PerformRequestScan(baseURL,
parsedPath,
config.Method,
requestParams,
[]*methodwebtest.EventType{config.EventType},
config.Timeout,
config.FollowRedirects)
endTime := time.Now()
attempt.TimeSent = startTime
attempt.TimeReceived = &endTime
attempt.Request = &request
attempts = append(attempts, &attempt)
}
}
targetInfo.Attempts = attempts
targetInfo.RequestCount = len(attempts)
targetInfo.EndTimestamp = time.Now()
targets = append(targets, &targetInfo)
}
report.Targets = targets
report.Errors = allErrors
return &report
}