RubyGems - http-headers-verifier - Versions diffs - 0.0.9 → 1.0.1 - Mend

http-headers-verifier 0.0.9 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/Gemfile.lock +1 -1
data/README.md +18 -17
data/exe/http-headers-verifier.rb +12 -6
data/lib/version.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ae2ccdc95caaa32434a2e795b94d77733d3600f019a31ecb535bc43f087768b3
-  data.tar.gz: bf3a421e67d247af467cc49fa0c47a4c461049c517fd8b3a5910af883bd087a4
+  metadata.gz: 8402eadfa491beb1ee890ba08d7c8634e3123e7afe641f4c67a6e6e69addc704
+  data.tar.gz: 44ae5406a60518423958d3d014da79ef5d4f88ae4d5ead52ff75a7ec1db96dd1
 SHA512:
-  metadata.gz: e8e56e998e250f0a118301b173edd2149f69e04cc0a1174441fb5f07fd0a49e311f549a9c868b82a64dc142db3f9860d71d82c613d76819afb8c1ccef237f65e
-  data.tar.gz: 4a8794b0b67212ede493b7b33f31123b04185ee1f8cb824cd7fc17cd97e4f6782cfca264109bc9bf574e77113ef705d3b8afdb3044595e42ecdebe7b30bd1db3
+  metadata.gz: 1854d83ae3747570eecfb29111eea335e824a80dedbab08d952502b11af88cda5b0ec356c34954c9902a11c28d68edad89ad31106b251eeb128b3d737f3c03a3
+  data.tar.gz: 431f739312da4d44e001224baf15d7838686ad124819fc6e8d93ac608341beeeb35c267889bff13426dcb4b9e275b0452b9b07fa847517cf88d00e6d9e4fc0de

data/Gemfile.lock CHANGED

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    http-headers-verifier (0.0.9)
+    http-headers-verifier (1.0.1)
       typhoeus (~> 1.4)
 GEM

data/README.md CHANGED

@@ -3,28 +3,13 @@
 [![Gem Version](https://badge.fury.io/rb/http-headers-verifier.svg)](https://badge.fury.io/rb/http-headers-verifier)
 [![Build Status](https://travis-ci.org/AvnerCohen/http-headers-verifier.svg?branch=master)](https://travis-ci.org/AvnerCohen/http-headers-verifier)
-Verify a pre-defined HTTP headers configurations.
+Assertation framework for http-headers on top of live endpoints, Verify a pre-defined HTTP headers configurations.
 Unlike some other similar projects, this is not meant to enforce best practices, instead it is meant to define policies on top of headers and enforce them.
 As a side effect, this means you can define specific OWASP (for example) best practices and verify them, but unlike testing for best practices, this is inteneded to verify an expected headers configuration behavior.
 Relevant use cases are for example when updating nginx/caddy configuration or when moving from one web-server to another and expecting to maintain a specific set of header config.
-## Installation
-Add this line to your application's Gemfile:
-```ruby
-gem 'http-headers-verifier'
-```
-And then execute:
-    $ bundle
-Or install it yourself as:
-    $ gem install http-headers-verifier
 ### Usage
 ```sh
@@ -65,6 +50,22 @@ Starting verification of policies default, hs-default, hs-production:
 😱  Failed !
 ```
+## Installation
+Add this line to your application's Gemfile:
+```ruby
+gem 'http-headers-verifier'
+```
+And then execute:
+    $ bundle
+Or install it yourself as:
+    $ gem install http-headers-verifier
 ### Configuration

data/exe/http-headers-verifier.rb CHANGED

@@ -65,12 +65,18 @@ end
 def read_policies!(policy_files_names)
     settings = {headers: [], ignored_headers: [], cookie_attr: {}, headers_to_avoid: []}
     policy_files_names.each do |policy_name|
-        policy_data = YAML.load_file("./#{FILE_NAME_PREFIX}#{policy_name}.yml")
-        settings[:headers].push(policy_data['headers']) unless policy_data['headers'].nil?
-        settings[:ignored_headers].push(policy_data['ignored_headers']) unless policy_data['ignored_headers'].nil?
-        settings[:cookie_attr].merge!(policy_data['cookie_attr']) unless policy_data['cookie_attr'].nil?
-        settings[:headers_to_avoid].push(policy_data['headers_to_avoid'])  unless policy_data['headers_to_avoid'].nil?
+        file_name = "./#{FILE_NAME_PREFIX}#{policy_name}.yml"
+        if File.exist?(file_name)
+            policy_data = YAML.load_file(file_name)
+            settings[:headers].push(policy_data['headers']) unless policy_data['headers'].nil?
+            settings[:ignored_headers].push(policy_data['ignored_headers']) unless policy_data['ignored_headers'].nil?
+            settings[:cookie_attr].merge!(policy_data['cookie_attr']) unless policy_data['cookie_attr'].nil?
+            settings[:headers_to_avoid].push(policy_data['headers_to_avoid'])  unless policy_data['headers_to_avoid'].nil?
+        else
+            puts "💔  Misconfiguration, file #{file_name}, does not exist."
+            exit 1
+        end
     end
     settings[:headers].flatten!

data/lib/version.rb CHANGED

@@ -1,3 +1,3 @@
 module HttpHeadersVerifier
-    VERSION = "0.0.9"
+    VERSION = "1.0.1"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: http-headers-verifier
 version: !ruby/object:Gem::Version
-  version: 0.0.9
+  version: 1.0.1
 platform: ruby
 authors:
 - Avner Cohen