Disabling Python's `urllib3` warnings in the scanner output

Question

Disabling Python's `urllib3` warnings in the scanner output

jovyn opened this issue 7 years ago · 3 comments

While running ACSTIS today on the JS app hosted on heroku, I happen to get some warnings. Will this affect the scan (I am guessing no) is there a way we could ignore them in the acstis script.

I tried scanning other websites and I feel the scanner runs fine, Just that I am getting these warnings now. Somehow I did not get these errors the first time I tested this new version (Surprise !!)

_PS Angular-CSTI-Scanner\angularjs-csti-scanner-master> python .\extended.test.py -c -d "https://owaspjuiceshop221b.herokuapp.com/#/search" -tc "Burp_CA_Cert.pem"

[INFO] Looking for AngularJS version using a headless browser.
[INFO] Waiting until DOM is completely loaded.
[INFO] Found AngularJS version 1.5.11.
[INFO] Angular CSTI scanner started.
[INFO] Scanning https://owaspjuiceshop221b.herokuapp.com/#/search
C:\Python27\lib\site-packages\urllib3\connection.py:344: SubjectAltNameWarning: Certificate for owaspjuiceshop221b.herokuapp.com has no subjectAltName, falling back to check for a commonName for now. This feature is being
removed by major browsers and deprecated by RFC 2818. (See urllib3/urllib3#497 for details.)
SubjectAltNameWarning
C:\Python27\lib\site-packages\urllib3\connection.py:344: SubjectAltNameWarning: Certificate for owaspjuiceshop221b.herokuapp.com has no subjectAltName, falling back to check for a commonName for now. This feature is being
removed by major browsers and deprecated by RFC 2818. (See urllib3/urllib3#497 for details.)
SubjectAltNameWarning
C:\Python27\lib\site-packages\urllib3\connection.py:344: SubjectAltNameWarning: Certificate for owaspjuiceshop221b.herokuapp.com has no subjectAltName, falling back to check for a commonName for now. This feature is being
removed by major browsers and deprecated by RFC 2818. (See urllib3/urllib3#497 for details.)
SubjectAltNameWarning_

Answer 1 · 2017-09-19T06:23:17.000Z

@jovyn Thank you for reporting this issue. I will make sure these warnings will only be visible if debug mode is enabled.

Answer 2 · 2017-09-19T20:40:10.000Z

I just fixed this issue in the crawler develop tree. Issue #6 needs to be fixed in the crawler as well. I will release a new version of the crawler as soon as I fixed #6, then I'll update ACSTIS with the new version of the crawler.

Answer 3 · 2017-09-20T08:04:56.000Z

@jovyn I fixed this issue on the develop branch by disabling urllib3 warnings in N.Y.A.W.C. Could you test if this works for you?

Update: I just tested this and it worked. I merged it to the master.