http-headers-verifier 1.0.2 → 1.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ruby-rspec.yml +18 -0
- data/Gemfile.lock +1 -1
- data/LICENSE.txt +1 -1
- data/README.md +5 -3
- data/exe/http-headers-verifier.rb +7 -7
- data/lib/http_headers_validations.rb +10 -10
- data/lib/version.rb +1 -1
- metadata +7 -7
- data/.travis.yml +0 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fd5b20f9dadf31bbedc3763096a3b832f9232f8d847db40ace6ae6544a4cc1f6
|
4
|
+
data.tar.gz: e062f36f280fcfbf89cfaec500913bb8cdbda073aac5fc541fd3a55dae6ece06
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9511ec3330532ca8cd7073bc9a114f8f161c2c252f3fc0b16abbdc53f0c891cbe09e40b9c8db335a0b76a0e6363131b45f855269e58990464e974fe7c51e7247
|
7
|
+
data.tar.gz: 070f1357c8f9516e92353a08188611e03f9c30546d401d54b2fd3805074d721493414bee8d7306223f550c8016a8432d0f0116001ad2a51d8a759fcfe907fcb8
|
@@ -0,0 +1,18 @@
|
|
1
|
+
name: CI
|
2
|
+
on: [push]
|
3
|
+
jobs:
|
4
|
+
rspec:
|
5
|
+
runs-on: [ubuntu-latest]
|
6
|
+
strategy:
|
7
|
+
matrix:
|
8
|
+
ruby: ['3.2', '3.0', '2.7', 'truffleruby-head']
|
9
|
+
steps:
|
10
|
+
- uses: actions/checkout@v1
|
11
|
+
- name: Set up Ruby ${{ matrix.ruby }}
|
12
|
+
uses: ruby/setup-ruby@v1
|
13
|
+
with:
|
14
|
+
ruby-version: ${{ matrix.ruby }}
|
15
|
+
- name: Bundle install
|
16
|
+
run: bundle install --jobs 4 --retry 3
|
17
|
+
- name: Run Rspec
|
18
|
+
run: bundle exec rspec
|
data/Gemfile.lock
CHANGED
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
@@ -1,7 +1,9 @@
|
|
1
1
|
# Http Headers Verifier
|
2
2
|
|
3
3
|
[![Gem Version](https://badge.fury.io/rb/http-headers-verifier.svg)](https://badge.fury.io/rb/http-headers-verifier)
|
4
|
-
[![Build Status](https://
|
4
|
+
[![Build Status](https://github.com/AvnerCohen/http-headers-verifier/actions/workflows/ruby-rspec.yml/badge.svg)](https://github.com/AvnerCohen/http-headers-verifier/actions)
|
5
|
+
|
6
|
+
|
5
7
|
|
6
8
|
Assertation framework for http-headers on top of live endpoints, Verify a pre-defined HTTP headers configurations.
|
7
9
|
|
@@ -96,8 +98,8 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/AvnerC
|
|
96
98
|
|
97
99
|
## License
|
98
100
|
|
99
|
-
The gem is available as open source under the terms of the [MIT License](
|
101
|
+
The gem is available as open source under the terms of the [MIT License](LICENSE.txt).
|
100
102
|
|
101
103
|
## Code of Conduct
|
102
104
|
|
103
|
-
Everyone interacting in the `Http Headers Verifier` project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](
|
105
|
+
Everyone interacting in the `Http Headers Verifier` project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](CODE_OF_CONDUCT.md).
|
@@ -34,13 +34,13 @@ def verify_headers!(actual_headers, rules)
|
|
34
34
|
expected_value = expected_pair[expected_header]
|
35
35
|
actual_value = actual_headers[expected_header]
|
36
36
|
checked_already.add(expected_header.downcase)
|
37
|
-
|
38
|
-
errors.push(
|
37
|
+
expected_header_error = HttpHeadersValidations.assert_expected_header(expected_header, expected_value, actual_value)
|
38
|
+
errors.push(expected_header_error) unless expected_header_error.nil?
|
39
39
|
end
|
40
40
|
|
41
41
|
actual_headers.each do |expected_pair|
|
42
42
|
actual_header, actual_value = expected_pair[0]
|
43
|
-
next if checked_already.include? actual_header
|
43
|
+
next if checked_already.include? actual_header.downcase
|
44
44
|
next if actual_header.downcase == SET_COOKIE_NAME
|
45
45
|
actual_value = actual_headers[actual_header]
|
46
46
|
actual_header_errors = HttpHeadersValidations.assert_extra_header(actual_header, actual_value,
|
@@ -74,7 +74,7 @@ def read_policies!(policy_files_names)
|
|
74
74
|
settings[:cookie_attr].merge!(policy_data['cookie_attr']) unless policy_data['cookie_attr'].nil?
|
75
75
|
settings[:headers_to_avoid].push(policy_data['headers_to_avoid']) unless policy_data['headers_to_avoid'].nil?
|
76
76
|
else
|
77
|
-
puts "
|
77
|
+
puts "[FAILED] Misconfiguration, file #{file_name}, does not exist."
|
78
78
|
exit 1
|
79
79
|
end
|
80
80
|
|
@@ -89,13 +89,13 @@ end
|
|
89
89
|
|
90
90
|
|
91
91
|
if request_results.return_code != :ok
|
92
|
-
puts "
|
92
|
+
puts "[FAILED] Request to url #{@url} failed - #{request_results.return_code}, bailing out. "
|
93
93
|
exit 0
|
94
94
|
elsif verify_headers!(actual_headers, read_policies!(@policies))
|
95
|
-
puts "
|
95
|
+
puts "Success !"
|
96
96
|
exit 0
|
97
97
|
else
|
98
|
-
puts "
|
98
|
+
puts "Failed !"
|
99
99
|
exit 1
|
100
100
|
end
|
101
101
|
|
@@ -2,9 +2,9 @@ require_relative './http_headers_utils'
|
|
2
2
|
|
3
3
|
module HttpHeadersValidations
|
4
4
|
|
5
|
-
def self.report(text, failed,
|
5
|
+
def self.report(text, failed, status)
|
6
6
|
if failed || HttpHeadersUtils.verbose
|
7
|
-
puts "
|
7
|
+
puts "#{status} #{text}"
|
8
8
|
end
|
9
9
|
end
|
10
10
|
|
@@ -17,9 +17,9 @@ module HttpHeadersValidations
|
|
17
17
|
failed = true
|
18
18
|
text = "Expected Header '#{HttpHeadersUtils.bold(expected_header)}' failed! \nExpected Value:\n#{expected_value} \nActual Value:\n#{actual_value}."
|
19
19
|
end
|
20
|
-
|
20
|
+
status = failed ? "[FAILED]" : "[PASSED]"
|
21
21
|
|
22
|
-
report(text, failed,
|
22
|
+
report(text, failed, status)
|
23
23
|
|
24
24
|
return text if failed
|
25
25
|
end
|
@@ -27,20 +27,20 @@ module HttpHeadersValidations
|
|
27
27
|
def self.assert_extra_header(actual_header, actual_value, ignored_headers, avoid_headers)
|
28
28
|
|
29
29
|
if avoid_headers.include? actual_header.downcase
|
30
|
-
|
30
|
+
status = "[FAILED]"
|
31
31
|
failed = true
|
32
32
|
text = "Extra Header '#{actual_header}' is not allowed!"
|
33
33
|
elsif ignored_headers.include? actual_header.downcase
|
34
|
-
|
34
|
+
status = "[PASSED]"
|
35
35
|
failed = false
|
36
36
|
text = "Extra Header '#{actual_header}' marked for ignore!"
|
37
37
|
else
|
38
|
-
|
38
|
+
status = "[WARNING]"
|
39
39
|
failed = false
|
40
40
|
text = "Warning: Extra Header '#{HttpHeadersUtils.bold(actual_header)}' with value '#{actual_value}' was unexpected."
|
41
41
|
end
|
42
42
|
|
43
|
-
report(text, failed,
|
43
|
+
report(text, failed, status)
|
44
44
|
|
45
45
|
return text if failed
|
46
46
|
end
|
@@ -59,9 +59,9 @@ module HttpHeadersValidations
|
|
59
59
|
failed = true
|
60
60
|
text = "Missing config for cookie '#{HttpHeadersUtils.bold(parsed_cookie.name)}'."
|
61
61
|
end
|
62
|
-
|
62
|
+
status = failed ? "[FAILED]" : "[PASSED]"
|
63
63
|
|
64
|
-
report(text, failed,
|
64
|
+
report(text, failed, status)
|
65
65
|
return [text, failed]
|
66
66
|
end
|
67
67
|
|
data/lib/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: http-headers-verifier
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Avner Cohen
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-01-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -96,10 +96,10 @@ executables:
|
|
96
96
|
extensions: []
|
97
97
|
extra_rdoc_files: []
|
98
98
|
files:
|
99
|
+
- ".github/workflows/ruby-rspec.yml"
|
99
100
|
- ".gitignore"
|
100
101
|
- ".rspec"
|
101
102
|
- ".tool-versions"
|
102
|
-
- ".travis.yml"
|
103
103
|
- CODE_OF_CONDUCT.md
|
104
104
|
- Gemfile
|
105
105
|
- Gemfile.lock
|
@@ -122,7 +122,7 @@ metadata:
|
|
122
122
|
homepage_uri: https://github.com/AvnerCohen/http-headers-verifier
|
123
123
|
source_code_uri: https://github.com/AvnerCohen/http-headers-verifier
|
124
124
|
bug_tracker_uri: https://github.com/AvnerCohen/http-headers-verifier/issues
|
125
|
-
post_install_message:
|
125
|
+
post_install_message:
|
126
126
|
rdoc_options: []
|
127
127
|
require_paths:
|
128
128
|
- lib
|
@@ -137,8 +137,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
137
137
|
- !ruby/object:Gem::Version
|
138
138
|
version: '0'
|
139
139
|
requirements: []
|
140
|
-
rubygems_version: 3.1.
|
141
|
-
signing_key:
|
140
|
+
rubygems_version: 3.1.2
|
141
|
+
signing_key:
|
142
142
|
specification_version: 4
|
143
143
|
summary: Verify a pre-defined HTTP headers configurations.
|
144
144
|
test_files: []
|