http-headers-verifier 1.0.1 → 1.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ruby-rspec.yml +18 -0
- data/Gemfile.lock +5 -5
- data/LICENSE.txt +1 -1
- data/README.md +5 -3
- data/exe/http-headers-verifier.rb +11 -10
- data/lib/http_headers_validations.rb +11 -11
- data/lib/version.rb +1 -1
- metadata +7 -7
- data/.travis.yml +0 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fd5b20f9dadf31bbedc3763096a3b832f9232f8d847db40ace6ae6544a4cc1f6
|
4
|
+
data.tar.gz: e062f36f280fcfbf89cfaec500913bb8cdbda073aac5fc541fd3a55dae6ece06
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9511ec3330532ca8cd7073bc9a114f8f161c2c252f3fc0b16abbdc53f0c891cbe09e40b9c8db335a0b76a0e6363131b45f855269e58990464e974fe7c51e7247
|
7
|
+
data.tar.gz: 070f1357c8f9516e92353a08188611e03f9c30546d401d54b2fd3805074d721493414bee8d7306223f550c8016a8432d0f0116001ad2a51d8a759fcfe907fcb8
|
@@ -0,0 +1,18 @@
|
|
1
|
+
name: CI
|
2
|
+
on: [push]
|
3
|
+
jobs:
|
4
|
+
rspec:
|
5
|
+
runs-on: [ubuntu-latest]
|
6
|
+
strategy:
|
7
|
+
matrix:
|
8
|
+
ruby: ['3.2', '3.0', '2.7', 'truffleruby-head']
|
9
|
+
steps:
|
10
|
+
- uses: actions/checkout@v1
|
11
|
+
- name: Set up Ruby ${{ matrix.ruby }}
|
12
|
+
uses: ruby/setup-ruby@v1
|
13
|
+
with:
|
14
|
+
ruby-version: ${{ matrix.ruby }}
|
15
|
+
- name: Bundle install
|
16
|
+
run: bundle install --jobs 4 --retry 3
|
17
|
+
- name: Run Rspec
|
18
|
+
run: bundle exec rspec
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
http-headers-verifier (1.0.
|
4
|
+
http-headers-verifier (1.0.2)
|
5
5
|
typhoeus (~> 1.4)
|
6
6
|
|
7
7
|
GEM
|
@@ -9,9 +9,9 @@ GEM
|
|
9
9
|
specs:
|
10
10
|
byebug (9.1.0)
|
11
11
|
diff-lcs (1.4.4)
|
12
|
-
ethon (0.
|
13
|
-
ffi (>= 1.
|
14
|
-
ffi (1.
|
12
|
+
ethon (0.15.0)
|
13
|
+
ffi (>= 1.15.0)
|
14
|
+
ffi (1.15.5)
|
15
15
|
rake (13.0.1)
|
16
16
|
rspec (3.9.0)
|
17
17
|
rspec-core (~> 3.9.0)
|
@@ -40,4 +40,4 @@ DEPENDENCIES
|
|
40
40
|
rspec (~> 3.0)
|
41
41
|
|
42
42
|
BUNDLED WITH
|
43
|
-
1.
|
43
|
+
2.1.4
|
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
@@ -1,7 +1,9 @@
|
|
1
1
|
# Http Headers Verifier
|
2
2
|
|
3
3
|
[![Gem Version](https://badge.fury.io/rb/http-headers-verifier.svg)](https://badge.fury.io/rb/http-headers-verifier)
|
4
|
-
[![Build Status](https://
|
4
|
+
[![Build Status](https://github.com/AvnerCohen/http-headers-verifier/actions/workflows/ruby-rspec.yml/badge.svg)](https://github.com/AvnerCohen/http-headers-verifier/actions)
|
5
|
+
|
6
|
+
|
5
7
|
|
6
8
|
Assertation framework for http-headers on top of live endpoints, Verify a pre-defined HTTP headers configurations.
|
7
9
|
|
@@ -96,8 +98,8 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/AvnerC
|
|
96
98
|
|
97
99
|
## License
|
98
100
|
|
99
|
-
The gem is available as open source under the terms of the [MIT License](
|
101
|
+
The gem is available as open source under the terms of the [MIT License](LICENSE.txt).
|
100
102
|
|
101
103
|
## Code of Conduct
|
102
104
|
|
103
|
-
Everyone interacting in the `Http Headers Verifier` project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](
|
105
|
+
Everyone interacting in the `Http Headers Verifier` project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](CODE_OF_CONDUCT.md).
|
@@ -9,6 +9,7 @@ require_relative '../lib/http_headers_utils'
|
|
9
9
|
|
10
10
|
FILE_NAME_PREFIX = 'headers-rules-'
|
11
11
|
HTTP_TIMEOUT_IN_SECONDS = 3
|
12
|
+
SET_COOKIE_NAME = 'set-cookie'
|
12
13
|
|
13
14
|
if ARGV.length != 3 && ARGV.length != 2
|
14
15
|
puts "usage: http-headers-verifier.rb [comma seperated policy names] [url] [?verbose]"
|
@@ -33,22 +34,22 @@ def verify_headers!(actual_headers, rules)
|
|
33
34
|
expected_value = expected_pair[expected_header]
|
34
35
|
actual_value = actual_headers[expected_header]
|
35
36
|
checked_already.add(expected_header.downcase)
|
36
|
-
|
37
|
-
errors.push(
|
37
|
+
expected_header_error = HttpHeadersValidations.assert_expected_header(expected_header, expected_value, actual_value)
|
38
|
+
errors.push(expected_header_error) unless expected_header_error.nil?
|
38
39
|
end
|
39
40
|
|
40
41
|
actual_headers.each do |expected_pair|
|
41
42
|
actual_header, actual_value = expected_pair[0]
|
42
|
-
next if checked_already.include? actual_header
|
43
|
-
next if actual_header.downcase ==
|
43
|
+
next if checked_already.include? actual_header.downcase
|
44
|
+
next if actual_header.downcase == SET_COOKIE_NAME
|
44
45
|
actual_value = actual_headers[actual_header]
|
45
46
|
actual_header_errors = HttpHeadersValidations.assert_extra_header(actual_header, actual_value,
|
46
47
|
rules[:ignored_headers], rules[:headers_to_avoid])
|
47
48
|
errors.push(actual_header_errors) unless actual_header_errors.nil?
|
48
49
|
end
|
49
50
|
|
50
|
-
unless actual_headers[
|
51
|
-
[actual_headers[
|
51
|
+
unless actual_headers[SET_COOKIE_NAME].nil?
|
52
|
+
[actual_headers[SET_COOKIE_NAME]].flatten.each do |cookie_str|
|
52
53
|
parsed_cookie = NaiveCookie.new(cookie_str)
|
53
54
|
error_text, failed = HttpHeadersValidations.assert_cookie_value(parsed_cookie, rules[:cookie_attr])
|
54
55
|
errors.push(error_text) if failed
|
@@ -73,7 +74,7 @@ def read_policies!(policy_files_names)
|
|
73
74
|
settings[:cookie_attr].merge!(policy_data['cookie_attr']) unless policy_data['cookie_attr'].nil?
|
74
75
|
settings[:headers_to_avoid].push(policy_data['headers_to_avoid']) unless policy_data['headers_to_avoid'].nil?
|
75
76
|
else
|
76
|
-
puts "
|
77
|
+
puts "[FAILED] Misconfiguration, file #{file_name}, does not exist."
|
77
78
|
exit 1
|
78
79
|
end
|
79
80
|
|
@@ -88,13 +89,13 @@ end
|
|
88
89
|
|
89
90
|
|
90
91
|
if request_results.return_code != :ok
|
91
|
-
puts "
|
92
|
+
puts "[FAILED] Request to url #{@url} failed - #{request_results.return_code}, bailing out. "
|
92
93
|
exit 0
|
93
94
|
elsif verify_headers!(actual_headers, read_policies!(@policies))
|
94
|
-
puts "
|
95
|
+
puts "Success !"
|
95
96
|
exit 0
|
96
97
|
else
|
97
|
-
puts "
|
98
|
+
puts "Failed !"
|
98
99
|
exit 1
|
99
100
|
end
|
100
101
|
|
@@ -2,9 +2,9 @@ require_relative './http_headers_utils'
|
|
2
2
|
|
3
3
|
module HttpHeadersValidations
|
4
4
|
|
5
|
-
def self.report(text, failed,
|
5
|
+
def self.report(text, failed, status)
|
6
6
|
if failed || HttpHeadersUtils.verbose
|
7
|
-
puts "
|
7
|
+
puts "#{status} #{text}"
|
8
8
|
end
|
9
9
|
end
|
10
10
|
|
@@ -15,11 +15,11 @@ module HttpHeadersValidations
|
|
15
15
|
text = "Expected Header '#{expected_header}' matched!"
|
16
16
|
else
|
17
17
|
failed = true
|
18
|
-
text = "Expected Header '#{HttpHeadersUtils.bold(expected_header)}' failed!
|
18
|
+
text = "Expected Header '#{HttpHeadersUtils.bold(expected_header)}' failed! \nExpected Value:\n#{expected_value} \nActual Value:\n#{actual_value}."
|
19
19
|
end
|
20
|
-
|
20
|
+
status = failed ? "[FAILED]" : "[PASSED]"
|
21
21
|
|
22
|
-
report(text, failed,
|
22
|
+
report(text, failed, status)
|
23
23
|
|
24
24
|
return text if failed
|
25
25
|
end
|
@@ -27,20 +27,20 @@ module HttpHeadersValidations
|
|
27
27
|
def self.assert_extra_header(actual_header, actual_value, ignored_headers, avoid_headers)
|
28
28
|
|
29
29
|
if avoid_headers.include? actual_header.downcase
|
30
|
-
|
30
|
+
status = "[FAILED]"
|
31
31
|
failed = true
|
32
32
|
text = "Extra Header '#{actual_header}' is not allowed!"
|
33
33
|
elsif ignored_headers.include? actual_header.downcase
|
34
|
-
|
34
|
+
status = "[PASSED]"
|
35
35
|
failed = false
|
36
36
|
text = "Extra Header '#{actual_header}' marked for ignore!"
|
37
37
|
else
|
38
|
-
|
38
|
+
status = "[WARNING]"
|
39
39
|
failed = false
|
40
40
|
text = "Warning: Extra Header '#{HttpHeadersUtils.bold(actual_header)}' with value '#{actual_value}' was unexpected."
|
41
41
|
end
|
42
42
|
|
43
|
-
report(text, failed,
|
43
|
+
report(text, failed, status)
|
44
44
|
|
45
45
|
return text if failed
|
46
46
|
end
|
@@ -59,9 +59,9 @@ module HttpHeadersValidations
|
|
59
59
|
failed = true
|
60
60
|
text = "Missing config for cookie '#{HttpHeadersUtils.bold(parsed_cookie.name)}'."
|
61
61
|
end
|
62
|
-
|
62
|
+
status = failed ? "[FAILED]" : "[PASSED]"
|
63
63
|
|
64
|
-
report(text, failed,
|
64
|
+
report(text, failed, status)
|
65
65
|
return [text, failed]
|
66
66
|
end
|
67
67
|
|
data/lib/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: http-headers-verifier
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Avner Cohen
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-01-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -96,10 +96,10 @@ executables:
|
|
96
96
|
extensions: []
|
97
97
|
extra_rdoc_files: []
|
98
98
|
files:
|
99
|
+
- ".github/workflows/ruby-rspec.yml"
|
99
100
|
- ".gitignore"
|
100
101
|
- ".rspec"
|
101
102
|
- ".tool-versions"
|
102
|
-
- ".travis.yml"
|
103
103
|
- CODE_OF_CONDUCT.md
|
104
104
|
- Gemfile
|
105
105
|
- Gemfile.lock
|
@@ -122,7 +122,7 @@ metadata:
|
|
122
122
|
homepage_uri: https://github.com/AvnerCohen/http-headers-verifier
|
123
123
|
source_code_uri: https://github.com/AvnerCohen/http-headers-verifier
|
124
124
|
bug_tracker_uri: https://github.com/AvnerCohen/http-headers-verifier/issues
|
125
|
-
post_install_message:
|
125
|
+
post_install_message:
|
126
126
|
rdoc_options: []
|
127
127
|
require_paths:
|
128
128
|
- lib
|
@@ -137,8 +137,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
137
137
|
- !ruby/object:Gem::Version
|
138
138
|
version: '0'
|
139
139
|
requirements: []
|
140
|
-
rubygems_version: 3.1.
|
141
|
-
signing_key:
|
140
|
+
rubygems_version: 3.1.2
|
141
|
+
signing_key:
|
142
142
|
specification_version: 4
|
143
143
|
summary: Verify a pre-defined HTTP headers configurations.
|
144
144
|
test_files: []
|