http-headers-verifier 0.0.1 → 0.0.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/Gemfile.lock +4 -2
- data/README.md +7 -4
- data/Rakefile +6 -0
- data/exe/http-headers-verifier.rb +7 -7
- data/http-headers-verifier.gemspec +8 -5
- data/lib/http_headers_validations.rb +1 -1
- data/lib/version.rb +1 -1
- metadata +33 -10
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1ac28a986024eb8379f484478e29f63a378d6ab2e12f9955474885a5bb8a3bc2
|
4
|
+
data.tar.gz: 698e183f25df82e2e6e2afe6fe97c0446e72c5dcbc51d1d02a343465e192ccb4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f34a3175c17658c0f0a738462d1da368ec7ca5b157ba16d5aaf44156101466dd2eec7842f753ec60178368886db5cecb31266796f3bf1993b131634f8fbffd49
|
7
|
+
data.tar.gz: e95f8f01829f3de61397d4b1763299e6deb0534d5a0c9bef303b919cbb2fb5df679971c42fae68fa0305149b1a343d7c07c88027a99ec1b1cdfbf8ec30436f19
|
data/.gitignore
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
http-headers-verifier (0.0.
|
4
|
+
http-headers-verifier (0.0.6)
|
5
5
|
typhoeus (~> 1.4)
|
6
6
|
|
7
7
|
GEM
|
@@ -12,6 +12,7 @@ GEM
|
|
12
12
|
ethon (0.12.0)
|
13
13
|
ffi (>= 1.3.0)
|
14
14
|
ffi (1.13.1)
|
15
|
+
rake (13.0.1)
|
15
16
|
rspec (3.9.0)
|
16
17
|
rspec-core (~> 3.9.0)
|
17
18
|
rspec-expectations (~> 3.9.0)
|
@@ -32,9 +33,10 @@ PLATFORMS
|
|
32
33
|
ruby
|
33
34
|
|
34
35
|
DEPENDENCIES
|
35
|
-
bundler
|
36
|
+
bundler
|
36
37
|
byebug (~> 9.0)
|
37
38
|
http-headers-verifier!
|
39
|
+
rake (>= 10.0, < 14)
|
38
40
|
rspec (~> 3.0)
|
39
41
|
|
40
42
|
BUNDLED WITH
|
data/README.md
CHANGED
@@ -1,5 +1,8 @@
|
|
1
1
|
# Http Headers Verifier
|
2
2
|
|
3
|
+
[![Gem Version](https://badge.fury.io/rb/http-headers-verifier.svg)](https://badge.fury.io/rb/http-headers-verifier)
|
4
|
+
[![Build Status](https://travis-ci.org/AvnerCohen/http-headers-verifier.svg?branch=master)](https://travis-ci.org/AvnerCohen/http-headers-verifier)
|
5
|
+
|
3
6
|
Verify a pre-defined HTTP headers configurations.
|
4
7
|
Unlike some other similar projects, this is not meant to enforce best practices, instead it is meant to define policies on top of headers and enforce them.
|
5
8
|
As a side effect, this means you can define specific OWASP (for example) best practices and verify them, but unlike testing for best practices, this is inteneded to verify an expected headers configuration behavior.
|
@@ -25,13 +28,13 @@ Or install it yourself as:
|
|
25
28
|
### Usage
|
26
29
|
|
27
30
|
```sh
|
28
|
-
usage: http-headers-verifier [comma seperated policy names] [url] [?verbose]
|
31
|
+
usage: http-headers-verifier.rb [comma seperated policy names] [url] [?verbose]
|
29
32
|
```
|
30
33
|
|
31
34
|
#### Example
|
32
35
|
|
33
36
|
```sh
|
34
|
-
$>
|
37
|
+
$> http-headers-verifier.rb default,hs-default https://my.login.page/login verbose
|
35
38
|
|
36
39
|
Starting verification of policies default, hs-default, hs-production:
|
37
40
|
🍏 Expected Header 'Cache-Control' matched!
|
@@ -55,7 +58,7 @@ Starting verification of policies default, hs-default, hs-production:
|
|
55
58
|
Or in non-verbose mode:
|
56
59
|
|
57
60
|
```sh
|
58
|
-
|
61
|
+
$> http-headers-verifier.rb default,hs-default https://my.login.page/loginlogin
|
59
62
|
Starting verification of policies default, hs-default, hs-production:
|
60
63
|
🛑 Invalid cookie config 'COOKIE_NAME':
|
61
64
|
👺 Cookie not secure.
|
@@ -96,4 +99,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
|
|
96
99
|
|
97
100
|
## Code of Conduct
|
98
101
|
|
99
|
-
Everyone interacting in the Http
|
102
|
+
Everyone interacting in the `Http Headers Verifier` project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/http-headers-verifier/blob/master/CODE_OF_CONDUCT.md).
|
data/Rakefile
ADDED
@@ -1,29 +1,29 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
require 'yaml'
|
3
|
-
require 'byebug'
|
4
3
|
|
5
4
|
require 'typhoeus'
|
6
5
|
|
7
|
-
require_relative '
|
8
|
-
require_relative '
|
9
|
-
require_relative '
|
6
|
+
require_relative '../lib/naive_cookie'
|
7
|
+
require_relative '../lib/http_headers_validations'
|
8
|
+
require_relative '../lib/http_headers_utils'
|
10
9
|
|
11
10
|
FILE_NAME_PREFIX = 'headers-rules-'
|
12
11
|
HTTP_TIMEOUT_IN_SECONDS = 3
|
13
12
|
|
14
13
|
if ARGV.length != 3 && ARGV.length != 2
|
15
|
-
|
14
|
+
puts "usage: http-headers-verifier.rb [comma seperated policy names] [url] [?verbose]"
|
16
15
|
exit 2
|
17
16
|
end
|
18
17
|
|
19
|
-
policy_arg, url, verbose = ARGV
|
18
|
+
policy_arg, @url, verbose = ARGV
|
20
19
|
@policies = policy_arg.split(',')
|
21
20
|
|
22
21
|
HttpHeadersUtils.verbose = !verbose.nil?
|
23
22
|
|
24
|
-
actual_headers = Typhoeus.get(url, timeout: HTTP_TIMEOUT_IN_SECONDS, followlocation: true).headers
|
23
|
+
actual_headers = Typhoeus.get(@url, timeout: HTTP_TIMEOUT_IN_SECONDS, followlocation: true).headers
|
25
24
|
|
26
25
|
def verify_headers!(actual_headers, rules)
|
26
|
+
puts "Testing url: #{@url}"
|
27
27
|
puts "Starting verification of policies #{HttpHeadersUtils.bold(@policies.join(", "))}:"
|
28
28
|
errors = []
|
29
29
|
checked_already = Set.new
|
@@ -6,6 +6,7 @@ require_relative "./lib/version"
|
|
6
6
|
Gem::Specification.new do |spec|
|
7
7
|
spec.name = "http-headers-verifier"
|
8
8
|
spec.version = HttpHeadersVerifier::VERSION
|
9
|
+
spec.platform = Gem::Platform::RUBY
|
9
10
|
spec.authors = ["Avner Cohen"]
|
10
11
|
spec.email = ["israbirding@gmail.com"]
|
11
12
|
|
@@ -18,8 +19,6 @@ Gem::Specification.new do |spec|
|
|
18
19
|
spec.metadata["allowed_push_host"] = "https://rubygems.org"
|
19
20
|
|
20
21
|
spec.metadata["homepage_uri"] = spec.homepage
|
21
|
-
# spec.metadata["source_code_uri"] = "TODO: Put your gem's public repo URL here."
|
22
|
-
# spec.metadata["changelog_uri"] = "TODO: Put your gem's CHANGELOG.md URL here."
|
23
22
|
else
|
24
23
|
raise "RubyGems 2.0 or newer is required to protect against " \
|
25
24
|
"public gem pushes."
|
@@ -28,14 +27,18 @@ Gem::Specification.new do |spec|
|
|
28
27
|
spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do
|
29
28
|
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
30
29
|
end
|
31
|
-
|
32
|
-
spec.
|
30
|
+
|
31
|
+
spec.bindir = "exe"
|
32
|
+
spec.executables = ["http-headers-verifier.rb"]
|
33
33
|
spec.require_paths = ["lib"]
|
34
34
|
|
35
|
-
spec.add_development_dependency "bundler"
|
35
|
+
spec.add_development_dependency "bundler"
|
36
36
|
spec.add_development_dependency "rspec", "~> 3.0"
|
37
37
|
spec.add_development_dependency "byebug", "~> 9.0"
|
38
|
+
spec.add_development_dependency 'rake', '>= 10.0', '< 14'
|
38
39
|
|
39
40
|
spec.add_runtime_dependency "typhoeus", "~> 1.4"
|
40
41
|
|
42
|
+
spec.metadata['source_code_uri'] = 'https://github.com/AvnerCohen/http-headers-verifier'
|
43
|
+
spec.metadata['bug_tracker_uri'] = 'https://github.com/AvnerCohen/http-headers-verifier/issues'
|
41
44
|
end
|
@@ -15,7 +15,7 @@ module HttpHeadersValidations
|
|
15
15
|
text = "Expected Header '#{expected_header}' matched!"
|
16
16
|
else
|
17
17
|
failed = true
|
18
|
-
text = "Expected Header '#{HttpHeadersUtils.bold(expected_header)}' failed! '#{expected_value}' was '#{actual_value}'."
|
18
|
+
text = "Expected Header '#{HttpHeadersUtils.bold(expected_header)}' failed! '#{expected_value}' #{HttpHeadersUtils.bold('was')} '#{actual_value}'."
|
19
19
|
end
|
20
20
|
icon = failed ? "🛑" : "🍏"
|
21
21
|
|
data/lib/version.rb
CHANGED
metadata
CHANGED
@@ -1,29 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: http-headers-verifier
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Avner Cohen
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-08-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - "
|
17
|
+
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '
|
19
|
+
version: '0'
|
20
20
|
type: :development
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - "
|
24
|
+
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '
|
26
|
+
version: '0'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: rspec
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -52,6 +52,26 @@ dependencies:
|
|
52
52
|
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '9.0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rake
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '10.0'
|
62
|
+
- - "<"
|
63
|
+
- !ruby/object:Gem::Version
|
64
|
+
version: '14'
|
65
|
+
type: :development
|
66
|
+
prerelease: false
|
67
|
+
version_requirements: !ruby/object:Gem::Requirement
|
68
|
+
requirements:
|
69
|
+
- - ">="
|
70
|
+
- !ruby/object:Gem::Version
|
71
|
+
version: '10.0'
|
72
|
+
- - "<"
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: '14'
|
55
75
|
- !ruby/object:Gem::Dependency
|
56
76
|
name: typhoeus
|
57
77
|
requirement: !ruby/object:Gem::Requirement
|
@@ -85,6 +105,7 @@ files:
|
|
85
105
|
- Gemfile.lock
|
86
106
|
- LICENSE.txt
|
87
107
|
- README.md
|
108
|
+
- Rakefile
|
88
109
|
- exe/http-headers-verifier.rb
|
89
110
|
- headers-rules-default.yml
|
90
111
|
- headers-rules-example.yml
|
@@ -99,7 +120,9 @@ licenses:
|
|
99
120
|
metadata:
|
100
121
|
allowed_push_host: https://rubygems.org
|
101
122
|
homepage_uri: https://github.com/AvnerCohen/http-headers-verifier
|
102
|
-
|
123
|
+
source_code_uri: https://github.com/AvnerCohen/http-headers-verifier
|
124
|
+
bug_tracker_uri: https://github.com/AvnerCohen/http-headers-verifier/issues
|
125
|
+
post_install_message:
|
103
126
|
rdoc_options: []
|
104
127
|
require_paths:
|
105
128
|
- lib
|
@@ -114,8 +137,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
114
137
|
- !ruby/object:Gem::Version
|
115
138
|
version: '0'
|
116
139
|
requirements: []
|
117
|
-
rubygems_version: 3.
|
118
|
-
signing_key:
|
140
|
+
rubygems_version: 3.1.4
|
141
|
+
signing_key:
|
119
142
|
specification_version: 4
|
120
143
|
summary: Verify a pre-defined HTTP headers configurations.
|
121
144
|
test_files: []
|