Bug when scanning target that does not set cookie in response
Closed this issue · 0 comments
pealtrufo commented
- drHEADer version: 1.0.0
- Python version: 3.7.6
- Operating System: macOS 10.13.6
Description
Current rule for Set-Cookie header is:
Set-Cookie:
Required: Optional
Enforce: False
Value:
Must-Contain:
- HttpOnly
- Secure
It is an optional header (not required). However, when scanning a target that does not respond with a Set-Cookie header, DrHeader returns the following error:
----
rule | Set-Cookie
severity | high
message | Header not included in response
----
This is not expected behaviour, as policy mandates that Set-Cookie is not a required header. Hence, when there's no Set-Cookie set in response, no error should be returned.
What I Did
drheader scan single <target>