irakha63255
/
Web_engingeering
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Web_engingeering/news/venv/lib/python3.7/site-packages/django/core/checks/security/sessions.py

sessions.py 2.5KB
Raw Permalink Blame History

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697 
  1. from django.conf import settings

  2. 

  3. from .. import Tags, Warning, register

  4. 

  5. 

  6. def add_session_cookie_message(message):

  7.     return message + (

  8.         " Using a secure-only session cookie makes it more difficult for "

  9.         "network traffic sniffers to hijack user sessions."

  10.     )

  11. 

  12. 

  13. W010 = Warning(

  14.     add_session_cookie_message(

  15.         "You have 'django.contrib.sessions' in your INSTALLED_APPS, "

  16.         "but you have not set SESSION_COOKIE_SECURE to True."

  17.     ),

  18.     id='security.W010',

  19. )

  20. 

  21. W011 = Warning(

  22.     add_session_cookie_message(

  23.         "You have 'django.contrib.sessions.middleware.SessionMiddleware' "

  24.         "in your MIDDLEWARE, but you have not set "

  25.         "SESSION_COOKIE_SECURE to True."

  26.     ),

  27.     id='security.W011',

  28. )

  29. 

  30. W012 = Warning(

  31.     add_session_cookie_message("SESSION_COOKIE_SECURE is not set to True."),

  32.     id='security.W012',

  33. )

  34. 

  35. 

  36. def add_httponly_message(message):

  37.     return message + (

  38.         " Using an HttpOnly session cookie makes it more difficult for "

  39.         "cross-site scripting attacks to hijack user sessions."

  40.     )

  41. 

  42. 

  43. W013 = Warning(

  44.     add_httponly_message(

  45.         "You have 'django.contrib.sessions' in your INSTALLED_APPS, "

  46.         "but you have not set SESSION_COOKIE_HTTPONLY to True.",

  47.     ),

  48.     id='security.W013',

  49. )

  50. 

  51. W014 = Warning(

  52.     add_httponly_message(

  53.         "You have 'django.contrib.sessions.middleware.SessionMiddleware' "

  54.         "in your MIDDLEWARE, but you have not set "

  55.         "SESSION_COOKIE_HTTPONLY to True."

  56.     ),

  57.     id='security.W014',

  58. )

  59. 

  60. W015 = Warning(

  61.     add_httponly_message("SESSION_COOKIE_HTTPONLY is not set to True."),

  62.     id='security.W015',

  63. )

  64. 

  65. 

  66. @register(Tags.security, deploy=True)

  67. def check_session_cookie_secure(app_configs, **kwargs):

  68.     errors = []

  69.     if not settings.SESSION_COOKIE_SECURE:

  70.         if _session_app():

  71.             errors.append(W010)

  72.         if _session_middleware():

  73.             errors.append(W011)

  74.         if len(errors) > 1:

  75.             errors = [W012]

  76.     return errors

  77. 

  78. 

  79. @register(Tags.security, deploy=True)

  80. def check_session_cookie_httponly(app_configs, **kwargs):

  81.     errors = []

  82.     if not settings.SESSION_COOKIE_HTTPONLY:

  83.         if _session_app():

  84.             errors.append(W013)

  85.         if _session_middleware():

  86.             errors.append(W014)

  87.         if len(errors) > 1:

  88.             errors = [W015]

  89.     return errors

  90. 

  91. 

  92. def _session_middleware():

  93.     return 'django.contrib.sessions.middleware.SessionMiddleware' in settings.MIDDLEWARE

  94. 

  95. 

  96. def _session_app():

  97.     return "django.contrib.sessions" in settings.INSTALLED_APPS