http-headers-verifier 0.0.9 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +18 -17
- data/exe/http-headers-verifier.rb +12 -6
- data/lib/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8402eadfa491beb1ee890ba08d7c8634e3123e7afe641f4c67a6e6e69addc704
|
4
|
+
data.tar.gz: 44ae5406a60518423958d3d014da79ef5d4f88ae4d5ead52ff75a7ec1db96dd1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1854d83ae3747570eecfb29111eea335e824a80dedbab08d952502b11af88cda5b0ec356c34954c9902a11c28d68edad89ad31106b251eeb128b3d737f3c03a3
|
7
|
+
data.tar.gz: 431f739312da4d44e001224baf15d7838686ad124819fc6e8d93ac608341beeeb35c267889bff13426dcb4b9e275b0452b9b07fa847517cf88d00e6d9e4fc0de
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -3,28 +3,13 @@
|
|
3
3
|
[![Gem Version](https://badge.fury.io/rb/http-headers-verifier.svg)](https://badge.fury.io/rb/http-headers-verifier)
|
4
4
|
[![Build Status](https://travis-ci.org/AvnerCohen/http-headers-verifier.svg?branch=master)](https://travis-ci.org/AvnerCohen/http-headers-verifier)
|
5
5
|
|
6
|
-
Verify a pre-defined HTTP headers configurations.
|
6
|
+
Assertation framework for http-headers on top of live endpoints, Verify a pre-defined HTTP headers configurations.
|
7
|
+
|
7
8
|
Unlike some other similar projects, this is not meant to enforce best practices, instead it is meant to define policies on top of headers and enforce them.
|
8
9
|
As a side effect, this means you can define specific OWASP (for example) best practices and verify them, but unlike testing for best practices, this is inteneded to verify an expected headers configuration behavior.
|
9
10
|
|
10
11
|
Relevant use cases are for example when updating nginx/caddy configuration or when moving from one web-server to another and expecting to maintain a specific set of header config.
|
11
12
|
|
12
|
-
## Installation
|
13
|
-
|
14
|
-
Add this line to your application's Gemfile:
|
15
|
-
|
16
|
-
```ruby
|
17
|
-
gem 'http-headers-verifier'
|
18
|
-
```
|
19
|
-
|
20
|
-
And then execute:
|
21
|
-
|
22
|
-
$ bundle
|
23
|
-
|
24
|
-
Or install it yourself as:
|
25
|
-
|
26
|
-
$ gem install http-headers-verifier
|
27
|
-
|
28
13
|
### Usage
|
29
14
|
|
30
15
|
```sh
|
@@ -65,6 +50,22 @@ Starting verification of policies default, hs-default, hs-production:
|
|
65
50
|
😱 Failed !
|
66
51
|
```
|
67
52
|
|
53
|
+
## Installation
|
54
|
+
|
55
|
+
Add this line to your application's Gemfile:
|
56
|
+
|
57
|
+
```ruby
|
58
|
+
gem 'http-headers-verifier'
|
59
|
+
```
|
60
|
+
|
61
|
+
And then execute:
|
62
|
+
|
63
|
+
$ bundle
|
64
|
+
|
65
|
+
Or install it yourself as:
|
66
|
+
|
67
|
+
$ gem install http-headers-verifier
|
68
|
+
|
68
69
|
|
69
70
|
### Configuration
|
70
71
|
|
@@ -65,12 +65,18 @@ end
|
|
65
65
|
def read_policies!(policy_files_names)
|
66
66
|
settings = {headers: [], ignored_headers: [], cookie_attr: {}, headers_to_avoid: []}
|
67
67
|
policy_files_names.each do |policy_name|
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
68
|
+
file_name = "./#{FILE_NAME_PREFIX}#{policy_name}.yml"
|
69
|
+
if File.exist?(file_name)
|
70
|
+
policy_data = YAML.load_file(file_name)
|
71
|
+
settings[:headers].push(policy_data['headers']) unless policy_data['headers'].nil?
|
72
|
+
settings[:ignored_headers].push(policy_data['ignored_headers']) unless policy_data['ignored_headers'].nil?
|
73
|
+
settings[:cookie_attr].merge!(policy_data['cookie_attr']) unless policy_data['cookie_attr'].nil?
|
74
|
+
settings[:headers_to_avoid].push(policy_data['headers_to_avoid']) unless policy_data['headers_to_avoid'].nil?
|
75
|
+
else
|
76
|
+
puts "💔 Misconfiguration, file #{file_name}, does not exist."
|
77
|
+
exit 1
|
78
|
+
end
|
79
|
+
|
74
80
|
end
|
75
81
|
|
76
82
|
settings[:headers].flatten!
|
data/lib/version.rb
CHANGED