Implement MatchResponseAssertion

Implement a MatchResponseAssertion class that implements the match section of passive and active check definitions. This is likely to span multiple MRs as it's a good bit of work. Perhaps it could be broken down into additional issues.

Implementing this assertion is the majority of the work needed to support passive and active checks. Once done it will allow 205 attacks to function.

    match:
      type: "not-condition"
      condition:
        name: "not-http-only-cookie"
        type: "name_value_match"
        location: "authentication_cookie_attribute"
        name_expression: "(?i)httponly"
        value_expression: ".*"

Proposal

The MatchResponseAssertion is an abstract class who's final implementation is performed by the compiler. The compiler will implement the GetMatcher method, constructing a matcher based on the YAML definition.

• Matches can be recursive in nature via and-condition and or-condition
  • When using these conditions, the matching path's names are made available for templates
• The name of a condition can be used in the template to populate the matches value {not-http-only-cookie:value}
• Location of each match is also needed (cookie, path, query, body, etc.) to support some template substitutions like {cookie_name}.

Constructing a matcher

The compiler will construct a matcher based on the YAML definition. Each condition type is a class that implements the IMatchCondition interface. For or and and, the interface IMatchMultipleConditions is used which extends from IMatchCondition.

protected override IMatchCondition GetMatcher()
{
    return new MatchOrCondition(
        new MatchAndCondition(
            new MatchNotCondition("not-http-only-cookie", ...),
            new MatchLocationCondition("foo-in-header", ...)),
        new MatchRequrementCondition("no-http-body", ...));
}