http-headers-verifier 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/Gemfile.lock +3 -3
- data/README.md +2 -0
- data/exe/http-headers-verifier.rb +4 -5
- data/http-headers-verifier.gemspec +7 -5
- data/lib/version.rb +1 -1
- metadata +7 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3ca4c9049d2e31abe3169fcbec6279ac85ee414ffc8c52ddbb16b8ebb1a6fd98
|
|
4
|
+
data.tar.gz: e56125c9ce5d715efe6030a72691188497582cff6e141091080a2e07381c5255
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c52c1108d34df351f1da5cb3b00bb436c3b26934abecb060bbc5b9b526003d35088ca465a552d5338e0b89b874fee64b43e7e9835099cc35960e76289c814931
|
|
7
|
+
data.tar.gz: 2edf8133d86339754ec519528e0490710d8f2667e60f01b1c623ab769eb3b42bf570f0c04ac6dae00ce910bc13b7bcd002681bf86110b438f0f37e1c360d47bf
|
data/.gitignore
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
http-headers-verifier (0.0.
|
|
4
|
+
http-headers-verifier (0.0.2)
|
|
5
5
|
typhoeus (~> 1.4)
|
|
6
6
|
|
|
7
7
|
GEM
|
|
@@ -32,10 +32,10 @@ PLATFORMS
|
|
|
32
32
|
ruby
|
|
33
33
|
|
|
34
34
|
DEPENDENCIES
|
|
35
|
-
bundler
|
|
35
|
+
bundler
|
|
36
36
|
byebug (~> 9.0)
|
|
37
37
|
http-headers-verifier!
|
|
38
38
|
rspec (~> 3.0)
|
|
39
39
|
|
|
40
40
|
BUNDLED WITH
|
|
41
|
-
1.
|
|
41
|
+
2.1.4
|
data/README.md
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
# Http Headers Verifier
|
|
2
2
|
|
|
3
|
+
[](https://badge.fury.io/rb/http-headers-verifier)
|
|
4
|
+
|
|
3
5
|
Verify a pre-defined HTTP headers configurations.
|
|
4
6
|
Unlike some other similar projects, this is not meant to enforce best practices, instead it is meant to define policies on top of headers and enforce them.
|
|
5
7
|
As a side effect, this means you can define specific OWASP (for example) best practices and verify them, but unlike testing for best practices, this is inteneded to verify an expected headers configuration behavior.
|
|
@@ -1,18 +1,17 @@
|
|
|
1
1
|
#!/usr/bin/env ruby
|
|
2
2
|
require 'yaml'
|
|
3
|
-
require 'byebug'
|
|
4
3
|
|
|
5
4
|
require 'typhoeus'
|
|
6
5
|
|
|
7
|
-
require_relative '
|
|
8
|
-
require_relative '
|
|
9
|
-
require_relative '
|
|
6
|
+
require_relative '../lib/naive_cookie'
|
|
7
|
+
require_relative '../lib/http_headers_validations'
|
|
8
|
+
require_relative '../lib/http_headers_utils'
|
|
10
9
|
|
|
11
10
|
FILE_NAME_PREFIX = 'headers-rules-'
|
|
12
11
|
HTTP_TIMEOUT_IN_SECONDS = 3
|
|
13
12
|
|
|
14
13
|
if ARGV.length != 3 && ARGV.length != 2
|
|
15
|
-
|
|
14
|
+
puts "usage: http-headers-verifier.rb [comma seperated policy names] [url] [?verbose]"
|
|
16
15
|
exit 2
|
|
17
16
|
end
|
|
18
17
|
|
|
@@ -6,6 +6,7 @@ require_relative "./lib/version"
|
|
|
6
6
|
Gem::Specification.new do |spec|
|
|
7
7
|
spec.name = "http-headers-verifier"
|
|
8
8
|
spec.version = HttpHeadersVerifier::VERSION
|
|
9
|
+
spec.platform = Gem::Platform::RUBY
|
|
9
10
|
spec.authors = ["Avner Cohen"]
|
|
10
11
|
spec.email = ["israbirding@gmail.com"]
|
|
11
12
|
|
|
@@ -18,8 +19,6 @@ Gem::Specification.new do |spec|
|
|
|
18
19
|
spec.metadata["allowed_push_host"] = "https://rubygems.org"
|
|
19
20
|
|
|
20
21
|
spec.metadata["homepage_uri"] = spec.homepage
|
|
21
|
-
# spec.metadata["source_code_uri"] = "TODO: Put your gem's public repo URL here."
|
|
22
|
-
# spec.metadata["changelog_uri"] = "TODO: Put your gem's CHANGELOG.md URL here."
|
|
23
22
|
else
|
|
24
23
|
raise "RubyGems 2.0 or newer is required to protect against " \
|
|
25
24
|
"public gem pushes."
|
|
@@ -28,14 +27,17 @@ Gem::Specification.new do |spec|
|
|
|
28
27
|
spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do
|
|
29
28
|
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
|
30
29
|
end
|
|
31
|
-
|
|
32
|
-
spec.
|
|
30
|
+
|
|
31
|
+
spec.bindir = "exe"
|
|
32
|
+
spec.executables = ["http-headers-verifier.rb"]
|
|
33
33
|
spec.require_paths = ["lib"]
|
|
34
34
|
|
|
35
|
-
spec.add_development_dependency "bundler"
|
|
35
|
+
spec.add_development_dependency "bundler"
|
|
36
36
|
spec.add_development_dependency "rspec", "~> 3.0"
|
|
37
37
|
spec.add_development_dependency "byebug", "~> 9.0"
|
|
38
38
|
|
|
39
39
|
spec.add_runtime_dependency "typhoeus", "~> 1.4"
|
|
40
40
|
|
|
41
|
+
spec.metadata['source_code_uri'] = 'https://github.com/AvnerCohen/http-headers-verifier'
|
|
42
|
+
spec.metadata['bug_tracker_uri'] = 'https://github.com/AvnerCohen/http-headers-verifier/issues'
|
|
41
43
|
end
|
data/lib/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: http-headers-verifier
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Avner Cohen
|
|
@@ -14,16 +14,16 @@ dependencies:
|
|
|
14
14
|
name: bundler
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: '
|
|
19
|
+
version: '0'
|
|
20
20
|
type: :development
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - "
|
|
24
|
+
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '
|
|
26
|
+
version: '0'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: rspec
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -99,6 +99,8 @@ licenses:
|
|
|
99
99
|
metadata:
|
|
100
100
|
allowed_push_host: https://rubygems.org
|
|
101
101
|
homepage_uri: https://github.com/AvnerCohen/http-headers-verifier
|
|
102
|
+
source_code_uri: https://github.com/AvnerCohen/http-headers-verifier
|
|
103
|
+
bug_tracker_uri: https://github.com/AvnerCohen/http-headers-verifier/issues
|
|
102
104
|
post_install_message:
|
|
103
105
|
rdoc_options: []
|
|
104
106
|
require_paths:
|