private void CheckAllSessionIDCookies(HttpCookie cki, HttpResponse response)
{
var result = PatternMatchUtil.CheckPatternMatch(cki.Name, this.config.KnownTechCookiePatterns);
if (result.MatchFound)
{
this.CheckSessionIDForAcceptableLength(cki, response);
}
}
private void CheckCookieForServerFingerprinting(HttpResponse response, HttpCookie cki)
{
if (!string.IsNullOrWhiteSpace(cki.Name))
{
var cookieOfTechnology = PatternMatchUtil.CheckPatternMatch(cki.Name, this.Config.KnownTechCookiePatterns);
if (cookieOfTechnology.MatchFound)
{
this.AddResult(
new AnalysisResult(
$"Cookie {cki.Name} discloses the technologies and programming languages used by the web application [Found Technology: {cookieOfTechnology.MatchingPattern.Technology}].",
SeverityType.Error,
"Change the default cookie name used by the web development framework to a generic name, such as -id",
"Server fingerprinting",
response.GetAdditionalProperties(),
this.Config.References.Urls["SessionIDNameFingerprinting"]));
}
}
}
