hedra 2.0.0 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 124399236bba4ce146d076b83f5d47cfd4fd646f5ced61096a01efe0a9e80333
-  data.tar.gz: ae5c000c2421d787a9e6c28c6574aef21555bb1bbffbe3e1ae1ccd8169478bf9
+  metadata.gz: 29f821e98e18bbcc4bcf7fbc46ee4fa54f064c64b270af72e16311ab41c751e3
+  data.tar.gz: bbe84abcc44aa9e0329a5fac5537465fae853b6f29a0b7a07725f3eb2b9f6b65
 SHA512:
-  metadata.gz: 0cffa289a6c2d3413f118f160a6f57badab79b68bf2333573c9efd6e830e1970f33afcf0d24aa6f27740f50f03d45c65275b4c2951826bc8d3df081f4bd197f4
-  data.tar.gz: 02b4706392f72c1a42883eeb8dec92d7b7776856806fbab65aa4e7283c967be679ff471fb2e8da8677901f00db47be15afe9fb3fc0836ef275e05e3d38462a2b
+  metadata.gz: 1bea6171146693b87f815945d6c572d0336b3035d56eafeb382406f8e74578f408b4c2a1282e6cb3dc2a131d4e03d9606733173f669a5a8f9d1993ae15cb84b5
+  data.tar.gz: 0b14d12d73cfa5037ab5481d722ddbf399dbc8a634f9b856748d6b9411d282af66c1ffb14afcafebb7ea695fa92a25dc348bfc793bdee1fba8f04633acfc360b

data/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2025 BlackStack
+Copyright (c) 2025 bl4ckstack
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -7,6 +7,10 @@
 
 > Security header analyzer with SSL/TLS validation, baseline tracking, and CI/CD integration.
 
+<p align="center">
+  <img src="logo.png" width="380" alt="Hedra Logo"/>
+</p>
+
 ## Installation
 ```bash
 gem install hedra
@@ -500,4 +504,4 @@ MIT License - see [LICENSE](LICENSE) for details.
 
 ---
 
-**Built by [BlackStack](https://github.com/blackstack)** • Securing the web, one header at a time.
+**Built by [BlackStack](https://github.com/bl4ckstack)** • Securing the web, one header at a time.

data/lib/hedra/analyzer.rb

@@ -117,7 +117,14 @@ module Hedra
     private
 
     def normalize_headers(headers)
-      headers.transform_keys { |k| k.to_s.downcase }
+      normalized = {}
+      headers.each do |key, value|
+        normalized_key = key.to_s.downcase
+        # Handle array values (multiple header values)
+        normalized_value = value.is_a?(Array) ? value.join(', ') : value.to_s
+        normalized[normalized_key] = normalized_value
+      end
+      normalized
     end
 
     def validate_header_values(headers)
@@ -125,7 +132,7 @@ module Hedra
 
       # Validate CSP
       if headers['content-security-policy']
-        csp = headers['content-security-policy']
+        csp = headers['content-security-policy'].to_s.downcase
         if csp.include?('unsafe-inline') || csp.include?('unsafe-eval')
           findings << {
             header: 'content-security-policy',
@@ -134,11 +141,21 @@ module Hedra
             recommended_fix: 'Remove unsafe-inline and unsafe-eval, use nonces or hashes'
           }
         end
+        
+        # Check for wildcard sources
+        if csp =~ /\*(?!\.)/ && !csp.include?("'unsafe-inline'")
+          findings << {
+            header: 'content-security-policy',
+            issue: 'CSP uses wildcard (*) source',
+            severity: :info,
+            recommended_fix: 'Restrict sources to specific domains'
+          }
+        end
       end
 
       # Validate HSTS
       if headers['strict-transport-security']
-        hsts = headers['strict-transport-security']
+        hsts = headers['strict-transport-security'].to_s
         if hsts =~ /max-age=(\d+)/
           max_age = ::Regexp.last_match(1).to_i
           if max_age < 31_536_000
@@ -149,12 +166,29 @@ module Hedra
               recommended_fix: 'Set max-age to at least 31536000'
             }
           end
+        else
+          findings << {
+            header: 'strict-transport-security',
+            issue: 'HSTS header missing max-age directive',
+            severity: :critical,
+            recommended_fix: 'Add max-age directive with value >= 31536000'
+          }
+        end
+        
+        # Check for includeSubDomains
+        unless hsts.downcase.include?('includesubdomains')
+          findings << {
+            header: 'strict-transport-security',
+            issue: 'HSTS missing includeSubDomains directive',
+            severity: :info,
+            recommended_fix: 'Add includeSubDomains to protect all subdomains'
+          }
         end
       end
 
       # Validate X-Frame-Options
       if headers['x-frame-options']
-        xfo = headers['x-frame-options'].upcase
+        xfo = headers['x-frame-options'].to_s.upcase
         unless %w[DENY SAMEORIGIN].include?(xfo.split.first)
           findings << {
             header: 'x-frame-options',
@@ -167,7 +201,7 @@ module Hedra
 
       # Validate X-Content-Type-Options
       if headers['x-content-type-options']
-        xcto = headers['x-content-type-options'].downcase
+        xcto = headers['x-content-type-options'].to_s.downcase.strip
         unless xcto == 'nosniff'
           findings << {
             header: 'x-content-type-options',
@@ -177,6 +211,25 @@ module Hedra
           }
         end
       end
+      
+      # Check for information disclosure headers
+      if headers['server']
+        findings << {
+          header: 'server',
+          issue: 'Server header exposes server information',
+          severity: :info,
+          recommended_fix: 'Remove or obfuscate Server header'
+        }
+      end
+      
+      if headers['x-powered-by']
+        findings << {
+          header: 'x-powered-by',
+          issue: 'X-Powered-By header exposes technology stack',
+          severity: :info,
+          recommended_fix: 'Remove X-Powered-By header'
+        }
+      end
 
       findings
     end
@@ -186,8 +239,13 @@ module Hedra
       config_path = File.expand_path('~/.hedra/rules.yml')
       return unless File.exist?(config_path)
 
-      rules = YAML.load_file(config_path)
+      content = File.read(config_path)
+      return if content.strip.empty?
+
+      rules = YAML.safe_load(content, permitted_classes: [Symbol])
       @custom_rules = rules['rules'] || []
+    rescue Psych::SyntaxError => e
+      warn "Invalid YAML in rules file: #{e.message}"
     rescue StandardError => e
       warn "Failed to load custom rules: #{e.message}"
     end

data/lib/hedra/cache.rb

@@ -8,11 +8,14 @@ module Hedra
   # Simple file-based cache for HTTP responses
   class Cache
     DEFAULT_TTL = 3600 # 1 hour
+    MAX_CACHE_SIZE = 1000 # Maximum number of cache files
 
-    def initialize(cache_dir: nil, ttl: DEFAULT_TTL)
+    def initialize(cache_dir: nil, ttl: DEFAULT_TTL, verbose: false)
       @cache_dir = cache_dir || File.join(Config::CONFIG_DIR, 'cache')
       @ttl = ttl
+      @verbose = verbose
       FileUtils.mkdir_p(@cache_dir)
+      cleanup_if_needed
     end
 
     def get(key)
@@ -20,11 +23,19 @@ module Hedra
       return nil unless File.exist?(cache_file)
 
       data = JSON.parse(File.read(cache_file))
-      return nil if expired?(data['timestamp'])
+      
+      if expired?(data['timestamp'])
+        File.delete(cache_file) # Clean up expired file immediately
+        return nil
+      end
 
       data['value']
+    rescue JSON::ParserError
+      # Corrupted cache file, delete it
+      File.delete(cache_file) if File.exist?(cache_file)
+      nil
     rescue StandardError => e
-      warn "Cache read error: #{e.message}"
+      warn "Cache read error: #{e.message}" if @verbose
       nil
     end
 
@@ -34,9 +45,14 @@ module Hedra
         'timestamp' => Time.now.to_i,
         'value' => value
       }
-      File.write(cache_file, JSON.generate(data))
+      
+      # Atomic write to prevent corruption
+      temp_file = "#{cache_file}.tmp"
+      File.write(temp_file, JSON.generate(data))
+      File.rename(temp_file, cache_file)
     rescue StandardError => e
-      warn "Cache write error: #{e.message}"
+      warn "Cache write error: #{e.message}" if @verbose
+      File.delete(temp_file) if File.exist?(temp_file)
     end
 
     def clear
@@ -63,5 +79,15 @@ module Hedra
     def expired?(timestamp)
       (Time.now.to_i - timestamp) > @ttl
     end
+
+    def cleanup_if_needed
+      cache_files = Dir.glob(File.join(@cache_dir, '*'))
+      return if cache_files.length < MAX_CACHE_SIZE
+
+      # Remove oldest files if cache is too large
+      cache_files.sort_by { |f| File.mtime(f) }
+                 .first(cache_files.length - MAX_CACHE_SIZE + 100)
+                 .each { |f| File.delete(f) rescue nil }
+    end
   end
 end

data/lib/hedra/cli.rb

@@ -406,22 +406,59 @@ module Hedra
     end
 
     def read_urls_from_file(file)
-      File.readlines(file).map(&:strip).reject(&:empty?)
+      unless File.exist?(file)
+        log_error("File not found: #{file}")
+        exit 1
+      end
+
+      urls = File.readlines(file).map(&:strip).reject(&:empty?)
+      
+      if urls.empty?
+        log_error("No URLs found in file: #{file}")
+        exit 1
+      end
+
+      # Validate URLs
+      invalid_urls = urls.reject { |url| valid_url?(url) }
+      if invalid_urls.any?
+        log_error("Invalid URLs found: #{invalid_urls.join(', ')}")
+        exit 1
+      end
+
+      urls
     rescue StandardError => e
       log_error("Failed to read file #{file}: #{e.message}")
       exit 1
     end
 
+    def valid_url?(url)
+      uri = URI.parse(url)
+      uri.is_a?(URI::HTTP) || uri.is_a?(URI::HTTPS)
+    rescue URI::InvalidURIError
+      false
+    end
+
     def with_concurrency(items, concurrency)
       require 'concurrent'
       pool = Concurrent::FixedThreadPool.new(concurrency)
+      mutex = Mutex.new
+      errors = []
 
       items.each do |item|
-        pool.post { yield item }
+        pool.post do
+          yield item
+        rescue StandardError => e
+          mutex.synchronize { errors << { item: item, error: e } }
+        end
       end
 
       pool.shutdown
       pool.wait_for_termination
+      
+      # Log any errors that occurred
+      errors.each do |err|
+        log_error("Error processing #{err[:item]}: #{err[:error].message}")
+      end
     end
 
     def print_result(result)

data/lib/hedra/html_reporter.rb

@@ -15,97 +15,104 @@ module Hedra
         <title>Hedra Security Report</title>
         <style>
           * { margin: 0; padding: 0; box-sizing: border-box; }
-          body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: #f5f5f5; padding: 20px; }
-          .container { max-width: 1200px; margin: 0 auto; background: white; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); }
-          .header { background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); color: white; padding: 30px; border-radius: 8px 8px 0 0; }
-          .header h1 { font-size: 32px; margin-bottom: 10px; }
-          .header .meta { opacity: 0.9; font-size: 14px; }
-          .summary { display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 20px; padding: 30px; border-bottom: 1px solid #eee; }
-          .summary-card { text-align: center; padding: 20px; background: #f9f9f9; border-radius: 8px; }
-          .summary-card .value { font-size: 36px; font-weight: bold; margin: 10px 0; }
-          .summary-card .label { color: #666; font-size: 14px; }
-          .score-a { color: #10b981; }
-          .score-b { color: #f59e0b; }
-          .score-c { color: #ef4444; }
-          .results { padding: 30px; }
-          .result-item { margin-bottom: 30px; border: 1px solid #eee; border-radius: 8px; overflow: hidden; }
-          .result-header { background: #f9f9f9; padding: 20px; border-bottom: 1px solid #eee; }
-          .result-header h2 { font-size: 18px; margin-bottom: 10px; word-break: break-all; }
-          .result-header .score { display: inline-block; padding: 5px 15px; border-radius: 20px; font-weight: bold; font-size: 14px; }
-          .result-body { padding: 20px; }
-          .finding { padding: 15px; margin-bottom: 10px; border-left: 4px solid; border-radius: 4px; background: #f9f9f9; }
-          .finding.critical { border-color: #ef4444; background: #fef2f2; }
-          .finding.warning { border-color: #f59e0b; background: #fffbeb; }
-          .finding.info { border-color: #3b82f6; background: #eff6ff; }
-          .finding-header { font-weight: bold; margin-bottom: 5px; }
-          .finding-issue { margin-bottom: 5px; }
-          .finding-fix { font-size: 14px; color: #666; font-style: italic; }
-          .badge { display: inline-block; padding: 3px 8px; border-radius: 3px; font-size: 12px; font-weight: bold; text-transform: uppercase; }
-          .badge.critical { background: #ef4444; color: white; }
-          .badge.warning { background: #f59e0b; color: white; }
-          .badge.info { background: #3b82f6; color: white; }
-          .no-findings { text-align: center; padding: 40px; color: #10b981; font-size: 18px; }
-          .footer { text-align: center; padding: 20px; color: #666; font-size: 14px; border-top: 1px solid #eee; }
+          body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: #fafafa; color: #1a1a1a; line-height: 1.6; }
+          .container { max-width: 900px; margin: 40px auto; padding: 0 20px; }
+          .header { margin-bottom: 48px; }
+          .header h1 { font-size: 28px; font-weight: 600; margin-bottom: 8px; letter-spacing: -0.5px; }
+          .header .meta { color: #666; font-size: 14px; }
+          .summary { display: grid; grid-template-columns: repeat(auto-fit, minmax(180px, 1fr)); gap: 16px; margin-bottom: 48px; }
+          .summary-card { background: white; border: 1px solid #e5e5e5; border-radius: 6px; padding: 20px; }
+          .summary-card .label { color: #666; font-size: 13px; margin-bottom: 8px; text-transform: uppercase; letter-spacing: 0.5px; }
+          .summary-card .value { font-size: 32px; font-weight: 600; }
+          .score-a { color: #16a34a; }
+          .score-b { color: #ea580c; }
+          .score-c { color: #dc2626; }
+          .result-item { background: white; border: 1px solid #e5e5e5; border-radius: 6px; margin-bottom: 24px; overflow: hidden; }
+          .result-header { padding: 24px; border-bottom: 1px solid #e5e5e5; }
+          .result-header h2 { font-size: 16px; font-weight: 500; margin-bottom: 12px; word-break: break-all; color: #1a1a1a; }
+          .result-meta { display: flex; align-items: center; gap: 16px; font-size: 14px; }
+          .score-badge { display: inline-flex; align-items: center; padding: 4px 12px; border-radius: 4px; font-weight: 500; font-size: 14px; }
+          .score-badge.score-a { background: #dcfce7; color: #166534; }
+          .score-badge.score-b { background: #fed7aa; color: #9a3412; }
+          .score-badge.score-c { background: #fee2e2; color: #991b1b; }
+          .timestamp { color: #666; }
+          .result-body { padding: 24px; }
+          .finding { padding: 16px; margin-bottom: 12px; border-radius: 4px; border-left: 3px solid; }
+          .finding.critical { border-color: #dc2626; background: #fef2f2; }
+          .finding.warning { border-color: #ea580c; background: #fff7ed; }
+          .finding.info { border-color: #2563eb; background: #eff6ff; }
+          .finding-header { display: flex; align-items: center; gap: 8px; margin-bottom: 8px; }
+          .severity-badge { display: inline-block; padding: 2px 8px; border-radius: 3px; font-size: 11px; font-weight: 600; text-transform: uppercase; letter-spacing: 0.5px; }
+          .severity-badge.critical { background: #dc2626; color: white; }
+          .severity-badge.warning { background: #ea580c; color: white; }
+          .severity-badge.info { background: #2563eb; color: white; }
+          .header-name { font-family: 'Courier New', monospace; font-size: 13px; color: #666; }
+          .finding-issue { font-size: 14px; margin-bottom: 8px; color: #1a1a1a; }
+          .finding-fix { font-size: 13px; color: #666; padding-left: 16px; border-left: 2px solid #e5e5e5; }
+          .no-findings { text-align: center; padding: 32px; color: #16a34a; font-size: 15px; }
+          .footer { text-align: center; padding: 32px 0; color: #999; font-size: 13px; border-top: 1px solid #e5e5e5; margin-top: 48px; }
+          .footer a { color: #666; text-decoration: none; }
+          .footer a:hover { color: #1a1a1a; }
         </style>
       </head>
       <body>
         <div class="container">
           <div class="header">
-            <h1>🛡️ Hedra Security Report</h1>
-            <div class="meta">Generated: <%= Time.now.strftime('%Y-%m-%d %H:%M:%S %Z') %></div>
+            <h1>Security Report</h1>
+            <div class="meta"><%= Time.now.strftime('%B %d, %Y at %H:%M %Z') %></div>
           </div>
-      #{'    '}
+
           <div class="summary">
             <div class="summary-card">
-              <div class="label">URLs Scanned</div>
+              <div class="label">URLs</div>
               <div class="value"><%= results.length %></div>
             </div>
             <div class="summary-card">
-              <div class="label">Average Score</div>
-              <div class="value <%= score_class(avg_score) %>"><%= avg_score.round %>/100</div>
+              <div class="label">Avg Score</div>
+              <div class="value <%= score_class(avg_score) %>"><%= avg_score.round %></div>
             </div>
             <div class="summary-card">
-              <div class="label">Total Findings</div>
+              <div class="label">Findings</div>
               <div class="value"><%= total_findings %></div>
             </div>
             <div class="summary-card">
-              <div class="label">Critical Issues</div>
-              <div class="value" style="color: #ef4444;"><%= critical_count %></div>
+              <div class="label">Critical</div>
+              <div class="value score-c"><%= critical_count %></div>
             </div>
           </div>
-      #{'    '}
-          <div class="results">
-            <% results.each do |result| %>
-              <div class="result-item">
-                <div class="result-header">
-                  <h2><%= result[:url] %></h2>
-                  <span class="score <%= score_class(result[:score]) %>">Score: <%= result[:score] %>/100</span>
-                  <span style="color: #666; margin-left: 15px; font-size: 14px;"><%= result[:timestamp] %></span>
+
+          <% results.each do |result| %>
+            <div class="result-item">
+              <div class="result-header">
+                <h2><%= result[:url] %></h2>
+                <div class="result-meta">
+                  <span class="score-badge <%= score_class(result[:score]) %>"><%= result[:score] %>/100</span>
+                  <span class="timestamp"><%= result[:timestamp] %></span>
                 </div>
-                <div class="result-body">
-                  <% if result[:findings].empty? %>
-                    <div class="no-findings">✓ All security headers properly configured</div>
-                  <% else %>
-                    <% result[:findings].each do |finding| %>
-                      <div class="finding <%= finding[:severity] %>">
-                        <div class="finding-header">
-                          <span class="badge <%= finding[:severity] %>"><%= finding[:severity] %></span>
-                          <%= finding[:header] %>
-                        </div>
-                        <div class="finding-issue"><%= finding[:issue] %></div>
-                        <% if finding[:recommended_fix] %>
-                          <div class="finding-fix">💡 <%= finding[:recommended_fix] %></div>
-                        <% end %>
+              </div>
+              <div class="result-body">
+                <% if result[:findings].empty? %>
+                  <div class="no-findings">✓ All security headers properly configured</div>
+                <% else %>
+                  <% result[:findings].each do |finding| %>
+                    <div class="finding <%= finding[:severity] %>">
+                      <div class="finding-header">
+                        <span class="severity-badge <%= finding[:severity] %>"><%= finding[:severity] %></span>
+                        <span class="header-name"><%= finding[:header] %></span>
                       </div>
-                    <% end %>
+                      <div class="finding-issue"><%= finding[:issue] %></div>
+                      <% if finding[:recommended_fix] %>
+                        <div class="finding-fix"><%= finding[:recommended_fix] %></div>
+                      <% end %>
+                    </div>
                   <% end %>
-                </div>
+                <% end %>
               </div>
-            <% end %>
-          </div>
-      #{'    '}
+            </div>
+          <% end %>
+
           <div class="footer">
-            Generated by Hedra <%= Hedra::VERSION %> | <a href="https://github.com/blackstack/hedra">GitHub</a>
+            Generated by Hedra <%= Hedra::VERSION %> · <a href="https://github.com/bl4ckstack/hedra">GitHub</a>
           </div>
         </div>
       </body>

data/lib/hedra/http_client.rb

@@ -94,9 +94,12 @@ module Hedra
     def retryable_error?(error)
       # Retry on network errors, timeouts, but not on HTTP errors like 404
       error.is_a?(HTTP::TimeoutError) ||
+        error.is_a?(HTTP::ConnectionError) ||
         error.is_a?(Errno::ECONNREFUSED) ||
         error.is_a?(Errno::ETIMEDOUT) ||
-        error.is_a?(Errno::EHOSTUNREACH)
+        error.is_a?(Errno::EHOSTUNREACH) ||
+        error.is_a?(Errno::ECONNRESET) ||
+        error.is_a?(Errno::EPIPE)
     end
 
     def log(message)

data/lib/hedra/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Hedra
-  VERSION = '2.0.0'
+  VERSION = '2.0.1'
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: hedra
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.0.1
 platform: ruby
 authors:
-- BlackStack
+- bl4ckstack
 bindir: bin
 cert_chain: []
-date: 2025-11-19 00:00:00.000000000 Z
+date: 2025-11-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby
@@ -96,7 +96,7 @@ dependencies:
 description: A comprehensive security header analyzer with scanning, auditing, and
   monitoring capabilities
 email:
-- info@blackstack.com
+- info@bl4ckstack.com
 executables:
 - hedra
 extensions: []