Update error messages

Santandersecurityresearch · Apr 13, 2022 · e276280 · e276280
1 parent a67536f
commit e276280
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 14 deletions.
diff --git a/drheader/report.py b/drheader/report.py
@@ -5,11 +5,11 @@
 
 class ErrorType(enum.Enum):
     AVOID = 'Must-Avoid directive included'
-    CONTAIN = 'Must-Contain directive missed. All of the expected items were expected'
+    CONTAIN = 'Must-Contain directive missed'
     CONTAIN_ONE = 'Must-Contain-One directive missed. At least one of the expected items was expected'
     DISALLOWED = '{} should not be returned'
     REQUIRED = '{} not included in response'
-    VALUE = 'Value does not match security policy. All of the expected items were expected'
+    VALUE = 'Value does not match security policy'
     VALUE_ANY = 'Value does not match security policy. At least one of the expected items was expected'
     VALUE_ONE = 'Value does not match security policy. Exactly one of the expected items was expected'
 

diff --git a/tests/integration_tests/test_drheader.py b/tests/integration_tests/test_drheader.py
@@ -51,7 +51,7 @@ def test_header__should_validate_an_optional_header_that_is_present(self):
         report = utils.process_test(headers=headers)
         expected = {
             'rule': 'Cache-Control',
-            'message': 'Value does not match security policy. All of the expected items were expected',
+            'message': 'Value does not match security policy',
             'severity': 'high',
             'value': 'no-cache',
             'expected': ['no-store']
@@ -89,7 +89,7 @@ def test_header__value_validation_ko(self):
         report = utils.process_test(headers=headers)
         expected = {
             'rule': 'Cache-Control',
-            'message': 'Value does not match security policy. All of the expected items were expected',
+            'message': 'Value does not match security policy',
             'severity': 'high',
             'value': 'no-cache',
             'expected': ['no-store']
@@ -148,7 +148,7 @@ def test_header__must_contain_validation_ko(self):
         report = utils.process_test(headers=headers)
         expected = {
             'rule': 'Cache-Control',
-            'message': 'Must-Contain directive missed. All of the expected items were expected',
+            'message': 'Must-Contain directive missed',
             'severity': 'high',
             'value': 'private',
             'expected': ['must-revalidate'],
@@ -177,7 +177,7 @@ def test_directive__value_validation_ko(self):
         report = utils.process_test(headers=headers)
         expected = {
             'rule': 'Content-Security-Policy - style-src',
-            'message': 'Value does not match security policy. All of the expected items were expected',
+            'message': 'Value does not match security policy',
             'severity': 'high',
             'value': 'https://example.com',
             'expected': ['self']
@@ -236,7 +236,7 @@ def test_directive__must_contain_validation_ko(self):
         report = utils.process_test(headers=headers)
         expected = {
             'rule': 'Content-Security-Policy - style-src',
-            'message': 'Must-Contain directive missed. All of the expected items were expected',
+            'message': 'Must-Contain directive missed',
             'severity': 'high',
             'value': "'self'",
             'expected': ['https://example.com'],
@@ -304,7 +304,7 @@ def test_cookie__must_contain_validation_ko(self):
         report = utils.process_test(headers=headers)
         expected = {
             'rule': 'Set-Cookie - session',
-            'message': 'Must-Contain directive missed. All of the expected items were expected',
+            'message': 'Must-Contain directive missed',
             'severity': 'high',
             'value': '657488329; HttpOnly; SameSite=Lax; Secure',
             'expected': ['HttpOnly', 'SameSite=Strict', 'Secure'],

diff --git a/tests/integration_tests/test_rules.py b/tests/integration_tests/test_rules.py
@@ -33,7 +33,7 @@ def test_cache_control__should_disable_caching(self):
         report = utils.process_test(headers=headers)
         expected = {
             'rule': 'Cache-Control',
-            'message': 'Value does not match security policy. All of the expected items were expected',
+            'message': 'Value does not match security policy',
             'severity': 'high',
             'value': 'no-cache',
             'expected': ['no-store', 'max-age=0'],
@@ -83,7 +83,7 @@ def test_coep__should_enforce_require_corp_when_cross_origin_isolated_is_true(se
         report = utils.process_test(headers=headers, cross_origin_isolated=True)
         expected = {
             'rule': 'Cross-Origin-Embedder-Policy',
-            'message': 'Value does not match security policy. All of the expected items were expected',
+            'message': 'Value does not match security policy',
             'severity': 'high',
             'value': 'unsafe-none',
             'expected': ['require-corp']
@@ -108,7 +108,7 @@ def test_coop__should_enforce_same_origin_when_cross_origin_isolated_is_true(sel
         report = utils.process_test(headers=headers, cross_origin_isolated=True)
         expected = {
             'rule': 'Cross-Origin-Opener-Policy',
-            'message': 'Value does not match security policy. All of the expected items were expected',
+            'message': 'Value does not match security policy',
             'severity': 'high',
             'value': 'same-origin-allow-popups',
             'expected': ['same-origin']
@@ -169,7 +169,7 @@ def test_set_cookie__should_enforce_secure_for_all_cookies(self):
         report = utils.process_test(headers=headers)
         expected = {
             'rule': 'Set-Cookie - session_id',
-            'message': 'Must-Contain directive missed. All of the expected items were expected',
+            'message': 'Must-Contain directive missed',
             'severity': 'high',
             'value': 'session_id=585733723; HttpOnly; SameSite=Strict',
             'expected': ['HttpOnly', 'Secure'],
@@ -184,7 +184,7 @@ def test_set_cookie__should_enforce_httponly_for_all_cookies(self):
         report = utils.process_test(headers=headers)
         expected = {
             'rule': 'Set-Cookie - session_id',
-            'message': 'Must-Contain directive missed. All of the expected items were expected',
+            'message': 'Must-Contain directive missed',
             'severity': 'high',
             'value': 'session_id=585733723; Secure; SameSite=Strict',
             'expected': ['HttpOnly', 'Secure'],
@@ -327,7 +327,7 @@ def test_x_xss_protection__should_disable_filter(self):
         report = utils.process_test(headers=headers)
         expected = {
             'rule': 'X-XSS-Protection',
-            'message': 'Value does not match security policy. All of the expected items were expected',
+            'message': 'Value does not match security policy',
             'severity': 'high',
             'value': '1; mode=block',
             'expected': ['0']