http-headers-verifier 0.0.2 → 0.0.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +4 -2
- data/README.md +5 -4
- data/Rakefile +6 -0
- data/exe/http-headers-verifier.rb +8 -3
- data/http-headers-verifier.gemspec +1 -0
- data/lib/http_headers_validations.rb +2 -2
- data/lib/version.rb +1 -1
- metadata +27 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 531d8103a717ddddb331edf9ee498798e77922d2fbcfd86f2c959b8d4ceae456
|
|
4
|
+
data.tar.gz: 11da67aa7fee1007f1d5c3ff429d4c4595509620ac775a7e3d2a71e2b706d669
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9a0a85e6979c75e1459c886eb77a5b3998a27733929e4d451dbbdf6b39cd002f990d6e2abd1ce7837ed0d73512179661bd3a0854626d8b19306e2332c0ebe889
|
|
7
|
+
data.tar.gz: d27664777f65d3c6271c8ab6a8344e3036e1043a9a884d0a38d70a9cd5d5910c2d38bc1f332e0e337c35a46497c8617386cbc8e09346731dee634c7581b239dd
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
http-headers-verifier (0.0.
|
|
4
|
+
http-headers-verifier (0.0.8)
|
|
5
5
|
typhoeus (~> 1.4)
|
|
6
6
|
|
|
7
7
|
GEM
|
|
@@ -12,6 +12,7 @@ GEM
|
|
|
12
12
|
ethon (0.12.0)
|
|
13
13
|
ffi (>= 1.3.0)
|
|
14
14
|
ffi (1.13.1)
|
|
15
|
+
rake (13.0.1)
|
|
15
16
|
rspec (3.9.0)
|
|
16
17
|
rspec-core (~> 3.9.0)
|
|
17
18
|
rspec-expectations (~> 3.9.0)
|
|
@@ -35,7 +36,8 @@ DEPENDENCIES
|
|
|
35
36
|
bundler
|
|
36
37
|
byebug (~> 9.0)
|
|
37
38
|
http-headers-verifier!
|
|
39
|
+
rake (>= 10.0, < 14)
|
|
38
40
|
rspec (~> 3.0)
|
|
39
41
|
|
|
40
42
|
BUNDLED WITH
|
|
41
|
-
|
|
43
|
+
1.17.2
|
data/README.md
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
# Http Headers Verifier
|
|
2
2
|
|
|
3
3
|
[](https://badge.fury.io/rb/http-headers-verifier)
|
|
4
|
+
[](https://travis-ci.org/AvnerCohen/http-headers-verifier)
|
|
4
5
|
|
|
5
6
|
Verify a pre-defined HTTP headers configurations.
|
|
6
7
|
Unlike some other similar projects, this is not meant to enforce best practices, instead it is meant to define policies on top of headers and enforce them.
|
|
@@ -27,13 +28,13 @@ Or install it yourself as:
|
|
|
27
28
|
### Usage
|
|
28
29
|
|
|
29
30
|
```sh
|
|
30
|
-
usage: http-headers-verifier [comma seperated policy names] [url] [?verbose]
|
|
31
|
+
usage: http-headers-verifier.rb [comma seperated policy names] [url] [?verbose]
|
|
31
32
|
```
|
|
32
33
|
|
|
33
34
|
#### Example
|
|
34
35
|
|
|
35
36
|
```sh
|
|
36
|
-
$>
|
|
37
|
+
$> http-headers-verifier.rb default,hs-default https://my.login.page/login verbose
|
|
37
38
|
|
|
38
39
|
Starting verification of policies default, hs-default, hs-production:
|
|
39
40
|
🍏 Expected Header 'Cache-Control' matched!
|
|
@@ -57,7 +58,7 @@ Starting verification of policies default, hs-default, hs-production:
|
|
|
57
58
|
Or in non-verbose mode:
|
|
58
59
|
|
|
59
60
|
```sh
|
|
60
|
-
|
|
61
|
+
$> http-headers-verifier.rb default,hs-default https://my.login.page/loginlogin
|
|
61
62
|
Starting verification of policies default, hs-default, hs-production:
|
|
62
63
|
🛑 Invalid cookie config 'COOKIE_NAME':
|
|
63
64
|
👺 Cookie not secure.
|
|
@@ -98,4 +99,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
|
|
|
98
99
|
|
|
99
100
|
## Code of Conduct
|
|
100
101
|
|
|
101
|
-
Everyone interacting in the Http
|
|
102
|
+
Everyone interacting in the `Http Headers Verifier` project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/http-headers-verifier/blob/master/CODE_OF_CONDUCT.md).
|
data/Rakefile
ADDED
|
@@ -15,14 +15,16 @@ if ARGV.length != 3 && ARGV.length != 2
|
|
|
15
15
|
exit 2
|
|
16
16
|
end
|
|
17
17
|
|
|
18
|
-
policy_arg, url, verbose = ARGV
|
|
18
|
+
policy_arg, @url, verbose = ARGV
|
|
19
19
|
@policies = policy_arg.split(',')
|
|
20
20
|
|
|
21
21
|
HttpHeadersUtils.verbose = !verbose.nil?
|
|
22
22
|
|
|
23
|
-
|
|
23
|
+
request_results = Typhoeus.get(@url, timeout: HTTP_TIMEOUT_IN_SECONDS, followlocation: true)
|
|
24
|
+
actual_headers = request_results.headers
|
|
24
25
|
|
|
25
26
|
def verify_headers!(actual_headers, rules)
|
|
27
|
+
puts "Testing url: #{@url}"
|
|
26
28
|
puts "Starting verification of policies #{HttpHeadersUtils.bold(@policies.join(", "))}:"
|
|
27
29
|
errors = []
|
|
28
30
|
checked_already = Set.new
|
|
@@ -79,7 +81,10 @@ def read_policies!(policy_files_names)
|
|
|
79
81
|
end
|
|
80
82
|
|
|
81
83
|
|
|
82
|
-
if
|
|
84
|
+
if request_results.return_code != :ok
|
|
85
|
+
puts "🤕 Request to url #{@url} failed - #{request_results.return_code}, bailing out. "
|
|
86
|
+
exit 0
|
|
87
|
+
elsif verify_headers!(actual_headers, read_policies!(@policies))
|
|
83
88
|
puts "😎 Success !"
|
|
84
89
|
exit 0
|
|
85
90
|
else
|
|
@@ -35,6 +35,7 @@ Gem::Specification.new do |spec|
|
|
|
35
35
|
spec.add_development_dependency "bundler"
|
|
36
36
|
spec.add_development_dependency "rspec", "~> 3.0"
|
|
37
37
|
spec.add_development_dependency "byebug", "~> 9.0"
|
|
38
|
+
spec.add_development_dependency 'rake', '>= 10.0', '< 14'
|
|
38
39
|
|
|
39
40
|
spec.add_runtime_dependency "typhoeus", "~> 1.4"
|
|
40
41
|
|
|
@@ -9,13 +9,13 @@ module HttpHeadersValidations
|
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
def self.assert_expected_header(expected_header, expected_value, actual_value)
|
|
12
|
-
if (expected_value.is_a?(Regexp) && actual_value.match?(expected_value)) ||
|
|
12
|
+
if (!actual_value.nil? && expected_value.is_a?(Regexp) && actual_value.match?(expected_value)) ||
|
|
13
13
|
(expected_value.to_s == actual_value.to_s)
|
|
14
14
|
failed = false
|
|
15
15
|
text = "Expected Header '#{expected_header}' matched!"
|
|
16
16
|
else
|
|
17
17
|
failed = true
|
|
18
|
-
text = "Expected Header '#{HttpHeadersUtils.bold(expected_header)}' failed! '#{expected_value}' was '#{actual_value}'."
|
|
18
|
+
text = "Expected Header '#{HttpHeadersUtils.bold(expected_header)}' failed! '#{expected_value}' #{HttpHeadersUtils.bold('was')} '#{actual_value}'."
|
|
19
19
|
end
|
|
20
20
|
icon = failed ? "🛑" : "🍏"
|
|
21
21
|
|
data/lib/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: http-headers-verifier
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Avner Cohen
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-08-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -52,6 +52,26 @@ dependencies:
|
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: '9.0'
|
|
55
|
+
- !ruby/object:Gem::Dependency
|
|
56
|
+
name: rake
|
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
|
58
|
+
requirements:
|
|
59
|
+
- - ">="
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: '10.0'
|
|
62
|
+
- - "<"
|
|
63
|
+
- !ruby/object:Gem::Version
|
|
64
|
+
version: '14'
|
|
65
|
+
type: :development
|
|
66
|
+
prerelease: false
|
|
67
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
68
|
+
requirements:
|
|
69
|
+
- - ">="
|
|
70
|
+
- !ruby/object:Gem::Version
|
|
71
|
+
version: '10.0'
|
|
72
|
+
- - "<"
|
|
73
|
+
- !ruby/object:Gem::Version
|
|
74
|
+
version: '14'
|
|
55
75
|
- !ruby/object:Gem::Dependency
|
|
56
76
|
name: typhoeus
|
|
57
77
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -85,6 +105,7 @@ files:
|
|
|
85
105
|
- Gemfile.lock
|
|
86
106
|
- LICENSE.txt
|
|
87
107
|
- README.md
|
|
108
|
+
- Rakefile
|
|
88
109
|
- exe/http-headers-verifier.rb
|
|
89
110
|
- headers-rules-default.yml
|
|
90
111
|
- headers-rules-example.yml
|
|
@@ -101,7 +122,7 @@ metadata:
|
|
|
101
122
|
homepage_uri: https://github.com/AvnerCohen/http-headers-verifier
|
|
102
123
|
source_code_uri: https://github.com/AvnerCohen/http-headers-verifier
|
|
103
124
|
bug_tracker_uri: https://github.com/AvnerCohen/http-headers-verifier/issues
|
|
104
|
-
post_install_message:
|
|
125
|
+
post_install_message:
|
|
105
126
|
rdoc_options: []
|
|
106
127
|
require_paths:
|
|
107
128
|
- lib
|
|
@@ -116,8 +137,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
116
137
|
- !ruby/object:Gem::Version
|
|
117
138
|
version: '0'
|
|
118
139
|
requirements: []
|
|
119
|
-
rubygems_version: 3.
|
|
120
|
-
signing_key:
|
|
140
|
+
rubygems_version: 3.1.4
|
|
141
|
+
signing_key:
|
|
121
142
|
specification_version: 4
|
|
122
143
|
summary: Verify a pre-defined HTTP headers configurations.
|
|
123
144
|
test_files: []
|