Create 3.3.5.yaml

Signed-off-by: AmirHossein Raeisi <[email protected]>

Author: Ahsraeisi

templates/code/3.3.5.yaml

@@ -0,0 +1,52 @@
+id: ASVS-5-0-0-V3-3-5
+
+info:
+  name: ASVS 3.3.5 Check
+  author: AmirHossein Raeisi
+  severity: info
+  classification:
+    cwe-id: CWE-613
+  reference:
+    - https://en.wikipedia.org/wiki/HTTP_cookie
+  tags: asvs,3.3.5
+  description: |
+    Verify that when the application writes a cookie, the cookie name and value length combined are not over 4096 bytes. Overly large cookies will not be stored by the browser and therefore not sent with requests, preventing the user from using application functionality which relies on that cookie.
+
+flow: |
+    http()
+    javascript()
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+    host-redirects: true
+    max-redirects: 2
+
+javascript:
+  - code: |
+      content = template.http_all_headers;
+      const setCookieLines = content
+        .split(/\r\n/)
+        .filter(line => line.trim().toLowerCase().startsWith('set-cookie:'));
+
+      const cookieDetails = setCookieLines
+        .map(line => {
+          const match = line.match(/set-cookie:\s*([^=]+)=([^;]+)/i);
+          if (match) {
+            const cookieName = match[1];
+            const cookieValue = match[2];
+            const cookieString = `${cookieName}=${cookieValue}`;
+            if (cookieString.length > 4096) {
+              return cookieName;
+            }
+          }
+        })
+        .filter(Boolean);
+
+      cookieDetails;
+      
+    extractors:
+      - type: regex
+        regex:
+          - '[a-zA-Z0-9_-]+'