In some cases (a lot?) we need to disable following HTTP redirects on some plugins.
Which case for example?
If you need to check that there is no "/dashboard" url or to check that this url is secure, yet you do :
- uri: "/dashboard"
checks:
- name: "Too bad this entry point!"
remediation: "Secure it or delete it"
description: "Check a dashboard entry point"
severity: "High"
status_code: 200
But if you have a secure application the "/dashboard" will redirect to a "/login" url (for example), it's great but yet ChopChop will have a HTTP status code of 200 because the "/login" exists! So the check is "biased" 😢
So I have made a PR to add the ability to disable following HTTP redirects for each plugin :
- uri: "/dashboard"
checks:
- name: "Too bad this entry point!"
remediation: "Secure it or delete it"
description: "Check a dashboard entry point"
severity: "High"
status_code: 200
follow_redirects: false
Bonjour Clermont-Ferrand 👍
In some cases (a lot?) we need to disable following HTTP redirects on some plugins.
Which case for example? If you need to check that there is no "/dashboard" url or to check that this url is secure, yet you do :
But if you have a secure application the "/dashboard" will redirect to a "/login" url (for example), it's great but yet ChopChop will have a HTTP status code of 200 because the "/login" exists! So the check is "biased" 😢
So I have made a PR to add the ability to disable following HTTP redirects for each plugin :
🌞 Have a nice day!