http-headers-verifier 0.0.1 → 0.0.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +1 -0
  3. data/Gemfile.lock +4 -2
  4. data/README.md +7 -4
  5. data/Rakefile +6 -0
  6. data/exe/http-headers-verifier.rb +7 -7
  7. data/http-headers-verifier.gemspec +8 -5
  8. data/lib/http_headers_validations.rb +1 -1
  9. data/lib/version.rb +1 -1
  10. metadata +33 -10
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f47911e699a60879db447c6d25411e367d65dfc7ef459db22bce8fff74613868
4
- data.tar.gz: 9b16eacb1997b18effa0a7dfcdb1dfe7adfa476ad1c0d1270ac1e93da462d36a
3
+ metadata.gz: 1ac28a986024eb8379f484478e29f63a378d6ab2e12f9955474885a5bb8a3bc2
4
+ data.tar.gz: 698e183f25df82e2e6e2afe6fe97c0446e72c5dcbc51d1d02a343465e192ccb4
5
5
  SHA512:
6
- metadata.gz: 464460fce9599c6f9c2a3bf4bdba6349237a5bcbede82611a56f6f7f9e5ac1cbc30e6ca485f4a32db27ad2b02df22e69653f2eff738a0e1fb95301f7eae951b3
7
- data.tar.gz: c5546804ddc65920f3eedfe78d6646be858d9341244fbaf31bfc7e3f83341d21e3259c491905d0eac21598f81e1d371024c521aaed6e79f3a0ccd1b4af29da57
6
+ metadata.gz: f34a3175c17658c0f0a738462d1da368ec7ca5b157ba16d5aaf44156101466dd2eec7842f753ec60178368886db5cecb31266796f3bf1993b131634f8fbffd49
7
+ data.tar.gz: e95f8f01829f3de61397d4b1763299e6deb0534d5a0c9bef303b919cbb2fb5df679971c42fae68fa0305149b1a343d7c07c88027a99ec1b1cdfbf8ec30436f19
data/.gitignore CHANGED
@@ -9,3 +9,4 @@
9
9
 
10
10
  # rspec failure tracking
11
11
  .rspec_status
12
+ *.gem
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- http-headers-verifier (0.0.1)
4
+ http-headers-verifier (0.0.6)
5
5
  typhoeus (~> 1.4)
6
6
 
7
7
  GEM
@@ -12,6 +12,7 @@ GEM
12
12
  ethon (0.12.0)
13
13
  ffi (>= 1.3.0)
14
14
  ffi (1.13.1)
15
+ rake (13.0.1)
15
16
  rspec (3.9.0)
16
17
  rspec-core (~> 3.9.0)
17
18
  rspec-expectations (~> 3.9.0)
@@ -32,9 +33,10 @@ PLATFORMS
32
33
  ruby
33
34
 
34
35
  DEPENDENCIES
35
- bundler (~> 1.17)
36
+ bundler
36
37
  byebug (~> 9.0)
37
38
  http-headers-verifier!
39
+ rake (>= 10.0, < 14)
38
40
  rspec (~> 3.0)
39
41
 
40
42
  BUNDLED WITH
data/README.md CHANGED
@@ -1,5 +1,8 @@
1
1
  # Http Headers Verifier
2
2
 
3
+ [![Gem Version](https://badge.fury.io/rb/http-headers-verifier.svg)](https://badge.fury.io/rb/http-headers-verifier)
4
+ [![Build Status](https://travis-ci.org/AvnerCohen/http-headers-verifier.svg?branch=master)](https://travis-ci.org/AvnerCohen/http-headers-verifier)
5
+
3
6
  Verify a pre-defined HTTP headers configurations.
4
7
  Unlike some other similar projects, this is not meant to enforce best practices, instead it is meant to define policies on top of headers and enforce them.
5
8
  As a side effect, this means you can define specific OWASP (for example) best practices and verify them, but unlike testing for best practices, this is inteneded to verify an expected headers configuration behavior.
@@ -25,13 +28,13 @@ Or install it yourself as:
25
28
  ### Usage
26
29
 
27
30
  ```sh
28
- usage: http-headers-verifier [comma seperated policy names] [url] [?verbose]
31
+ usage: http-headers-verifier.rb [comma seperated policy names] [url] [?verbose]
29
32
  ```
30
33
 
31
34
  #### Example
32
35
 
33
36
  ```sh
34
- $> ./http-headers-verifier.rb default,hs-default https://my.login.page/login verbose
37
+ $> http-headers-verifier.rb default,hs-default https://my.login.page/login verbose
35
38
 
36
39
  Starting verification of policies default, hs-default, hs-production:
37
40
  🍏 Expected Header 'Cache-Control' matched!
@@ -55,7 +58,7 @@ Starting verification of policies default, hs-default, hs-production:
55
58
  Or in non-verbose mode:
56
59
 
57
60
  ```sh
58
- $>./http-headers-verifier.rb default,hs-default https://my.login.page/loginlogin
61
+ $> http-headers-verifier.rb default,hs-default https://my.login.page/loginlogin
59
62
  Starting verification of policies default, hs-default, hs-production:
60
63
  🛑 Invalid cookie config 'COOKIE_NAME':
61
64
  👺 Cookie not secure.
@@ -96,4 +99,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
96
99
 
97
100
  ## Code of Conduct
98
101
 
99
- Everyone interacting in the Http::Headers::Verifier project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/http-headers-verifier/blob/master/CODE_OF_CONDUCT.md).
102
+ Everyone interacting in the `Http Headers Verifier` project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/http-headers-verifier/blob/master/CODE_OF_CONDUCT.md).
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
data/exe/http-headers-verifier.rb CHANGED
@@ -1,29 +1,29 @@
1
1
  #!/usr/bin/env ruby
2
2
  require 'yaml'
3
- require 'byebug'
4
3
 
5
4
  require 'typhoeus'
6
5
 
7
- require_relative './lib/naive_cookie'
8
- require_relative './lib/http_headers_validations'
9
- require_relative './lib/http_headers_utils'
6
+ require_relative '../lib/naive_cookie'
7
+ require_relative '../lib/http_headers_validations'
8
+ require_relative '../lib/http_headers_utils'
10
9
 
11
10
  FILE_NAME_PREFIX = 'headers-rules-'
12
11
  HTTP_TIMEOUT_IN_SECONDS = 3
13
12
 
14
13
  if ARGV.length != 3 && ARGV.length != 2
15
- print "usage: http-headers-verifier.rb [comma seperated policy names] [url] [?verbose]"
14
+ puts "usage: http-headers-verifier.rb [comma seperated policy names] [url] [?verbose]"
16
15
  exit 2
17
16
  end
18
17
 
19
- policy_arg, url, verbose = ARGV
18
+ policy_arg, @url, verbose = ARGV
20
19
  @policies = policy_arg.split(',')
21
20
 
22
21
  HttpHeadersUtils.verbose = !verbose.nil?
23
22
 
24
- actual_headers = Typhoeus.get(url, timeout: HTTP_TIMEOUT_IN_SECONDS, followlocation: true).headers
23
+ actual_headers = Typhoeus.get(@url, timeout: HTTP_TIMEOUT_IN_SECONDS, followlocation: true).headers
25
24
 
26
25
  def verify_headers!(actual_headers, rules)
26
+ puts "Testing url: #{@url}"
27
27
  puts "Starting verification of policies #{HttpHeadersUtils.bold(@policies.join(", "))}:"
28
28
  errors = []
29
29
  checked_already = Set.new
data/http-headers-verifier.gemspec CHANGED
@@ -6,6 +6,7 @@ require_relative "./lib/version"
6
6
  Gem::Specification.new do |spec|
7
7
  spec.name = "http-headers-verifier"
8
8
  spec.version = HttpHeadersVerifier::VERSION
9
+ spec.platform = Gem::Platform::RUBY
9
10
  spec.authors = ["Avner Cohen"]
10
11
  spec.email = ["israbirding@gmail.com"]
11
12
 
@@ -18,8 +19,6 @@ Gem::Specification.new do |spec|
18
19
  spec.metadata["allowed_push_host"] = "https://rubygems.org"
19
20
 
20
21
  spec.metadata["homepage_uri"] = spec.homepage
21
- # spec.metadata["source_code_uri"] = "TODO: Put your gem's public repo URL here."
22
- # spec.metadata["changelog_uri"] = "TODO: Put your gem's CHANGELOG.md URL here."
23
22
  else
24
23
  raise "RubyGems 2.0 or newer is required to protect against " \
25
24
  "public gem pushes."
@@ -28,14 +27,18 @@ Gem::Specification.new do |spec|
28
27
  spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do
29
28
  `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
30
29
  end
31
- spec.bindir = "exe"
32
- spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
30
+
31
+ spec.bindir = "exe"
32
+ spec.executables = ["http-headers-verifier.rb"]
33
33
  spec.require_paths = ["lib"]
34
34
 
35
- spec.add_development_dependency "bundler", "~> 1.17"
35
+ spec.add_development_dependency "bundler"
36
36
  spec.add_development_dependency "rspec", "~> 3.0"
37
37
  spec.add_development_dependency "byebug", "~> 9.0"
38
+ spec.add_development_dependency 'rake', '>= 10.0', '< 14'
38
39
 
39
40
  spec.add_runtime_dependency "typhoeus", "~> 1.4"
40
41
 
42
+ spec.metadata['source_code_uri'] = 'https://github.com/AvnerCohen/http-headers-verifier'
43
+ spec.metadata['bug_tracker_uri'] = 'https://github.com/AvnerCohen/http-headers-verifier/issues'
41
44
  end
data/lib/http_headers_validations.rb CHANGED
@@ -15,7 +15,7 @@ module HttpHeadersValidations
15
15
  text = "Expected Header '#{expected_header}' matched!"
16
16
  else
17
17
  failed = true
18
- text = "Expected Header '#{HttpHeadersUtils.bold(expected_header)}' failed! '#{expected_value}' was '#{actual_value}'."
18
+ text = "Expected Header '#{HttpHeadersUtils.bold(expected_header)}' failed! '#{expected_value}' #{HttpHeadersUtils.bold('was')} '#{actual_value}'."
19
19
  end
20
20
  icon = failed ? "🛑" : "🍏"
21
21
 
data/lib/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module HttpHeadersVerifier
2
- VERSION = "0.0.1"
2
+ VERSION = "0.0.7"
3
3
  end
metadata CHANGED
@@ -1,29 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: http-headers-verifier
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Avner Cohen
8
- autorequire:
8
+ autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-07-28 00:00:00.000000000 Z
11
+ date: 2020-08-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - "~>"
17
+ - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: '1.17'
19
+ version: '0'
20
20
  type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - "~>"
24
+ - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: '1.17'
26
+ version: '0'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rspec
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -52,6 +52,26 @@ dependencies:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
54
  version: '9.0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rake
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '10.0'
62
+ - - "<"
63
+ - !ruby/object:Gem::Version
64
+ version: '14'
65
+ type: :development
66
+ prerelease: false
67
+ version_requirements: !ruby/object:Gem::Requirement
68
+ requirements:
69
+ - - ">="
70
+ - !ruby/object:Gem::Version
71
+ version: '10.0'
72
+ - - "<"
73
+ - !ruby/object:Gem::Version
74
+ version: '14'
55
75
  - !ruby/object:Gem::Dependency
56
76
  name: typhoeus
57
77
  requirement: !ruby/object:Gem::Requirement
@@ -85,6 +105,7 @@ files:
85
105
  - Gemfile.lock
86
106
  - LICENSE.txt
87
107
  - README.md
108
+ - Rakefile
88
109
  - exe/http-headers-verifier.rb
89
110
  - headers-rules-default.yml
90
111
  - headers-rules-example.yml
@@ -99,7 +120,9 @@ licenses:
99
120
  metadata:
100
121
  allowed_push_host: https://rubygems.org
101
122
  homepage_uri: https://github.com/AvnerCohen/http-headers-verifier
102
- post_install_message:
123
+ source_code_uri: https://github.com/AvnerCohen/http-headers-verifier
124
+ bug_tracker_uri: https://github.com/AvnerCohen/http-headers-verifier/issues
125
+ post_install_message:
103
126
  rdoc_options: []
104
127
  require_paths:
105
128
  - lib
@@ -114,8 +137,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
114
137
  - !ruby/object:Gem::Version
115
138
  version: '0'
116
139
  requirements: []
117
- rubygems_version: 3.0.3
118
- signing_key:
140
+ rubygems_version: 3.1.4
141
+ signing_key:
119
142
  specification_version: 4
120
143
  summary: Verify a pre-defined HTTP headers configurations.
121
144
  test_files: []