http-headers-verifier 0.0.9 → 1.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/README.md +18 -17
  4. data/exe/http-headers-verifier.rb +12 -6
  5. data/lib/version.rb +1 -1
  6. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ae2ccdc95caaa32434a2e795b94d77733d3600f019a31ecb535bc43f087768b3
4
- data.tar.gz: bf3a421e67d247af467cc49fa0c47a4c461049c517fd8b3a5910af883bd087a4
3
+ metadata.gz: 8402eadfa491beb1ee890ba08d7c8634e3123e7afe641f4c67a6e6e69addc704
4
+ data.tar.gz: 44ae5406a60518423958d3d014da79ef5d4f88ae4d5ead52ff75a7ec1db96dd1
5
5
  SHA512:
6
- metadata.gz: e8e56e998e250f0a118301b173edd2149f69e04cc0a1174441fb5f07fd0a49e311f549a9c868b82a64dc142db3f9860d71d82c613d76819afb8c1ccef237f65e
7
- data.tar.gz: 4a8794b0b67212ede493b7b33f31123b04185ee1f8cb824cd7fc17cd97e4f6782cfca264109bc9bf574e77113ef705d3b8afdb3044595e42ecdebe7b30bd1db3
6
+ metadata.gz: 1854d83ae3747570eecfb29111eea335e824a80dedbab08d952502b11af88cda5b0ec356c34954c9902a11c28d68edad89ad31106b251eeb128b3d737f3c03a3
7
+ data.tar.gz: 431f739312da4d44e001224baf15d7838686ad124819fc6e8d93ac608341beeeb35c267889bff13426dcb4b9e275b0452b9b07fa847517cf88d00e6d9e4fc0de
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- http-headers-verifier (0.0.9)
4
+ http-headers-verifier (1.0.1)
5
5
  typhoeus (~> 1.4)
6
6
 
7
7
  GEM
data/README.md CHANGED
@@ -3,28 +3,13 @@
3
3
  [![Gem Version](https://badge.fury.io/rb/http-headers-verifier.svg)](https://badge.fury.io/rb/http-headers-verifier)
4
4
  [![Build Status](https://travis-ci.org/AvnerCohen/http-headers-verifier.svg?branch=master)](https://travis-ci.org/AvnerCohen/http-headers-verifier)
5
5
 
6
- Verify a pre-defined HTTP headers configurations.
6
+ Assertation framework for http-headers on top of live endpoints, Verify a pre-defined HTTP headers configurations.
7
+
7
8
  Unlike some other similar projects, this is not meant to enforce best practices, instead it is meant to define policies on top of headers and enforce them.
8
9
  As a side effect, this means you can define specific OWASP (for example) best practices and verify them, but unlike testing for best practices, this is inteneded to verify an expected headers configuration behavior.
9
10
 
10
11
  Relevant use cases are for example when updating nginx/caddy configuration or when moving from one web-server to another and expecting to maintain a specific set of header config.
11
12
 
12
- ## Installation
13
-
14
- Add this line to your application's Gemfile:
15
-
16
- ```ruby
17
- gem 'http-headers-verifier'
18
- ```
19
-
20
- And then execute:
21
-
22
- $ bundle
23
-
24
- Or install it yourself as:
25
-
26
- $ gem install http-headers-verifier
27
-
28
13
  ### Usage
29
14
 
30
15
  ```sh
@@ -65,6 +50,22 @@ Starting verification of policies default, hs-default, hs-production:
65
50
  😱 Failed !
66
51
  ```
67
52
 
53
+ ## Installation
54
+
55
+ Add this line to your application's Gemfile:
56
+
57
+ ```ruby
58
+ gem 'http-headers-verifier'
59
+ ```
60
+
61
+ And then execute:
62
+
63
+ $ bundle
64
+
65
+ Or install it yourself as:
66
+
67
+ $ gem install http-headers-verifier
68
+
68
69
 
69
70
  ### Configuration
70
71
 
data/exe/http-headers-verifier.rb CHANGED
@@ -65,12 +65,18 @@ end
65
65
  def read_policies!(policy_files_names)
66
66
  settings = {headers: [], ignored_headers: [], cookie_attr: {}, headers_to_avoid: []}
67
67
  policy_files_names.each do |policy_name|
68
- policy_data = YAML.load_file("./#{FILE_NAME_PREFIX}#{policy_name}.yml")
69
-
70
- settings[:headers].push(policy_data['headers']) unless policy_data['headers'].nil?
71
- settings[:ignored_headers].push(policy_data['ignored_headers']) unless policy_data['ignored_headers'].nil?
72
- settings[:cookie_attr].merge!(policy_data['cookie_attr']) unless policy_data['cookie_attr'].nil?
73
- settings[:headers_to_avoid].push(policy_data['headers_to_avoid']) unless policy_data['headers_to_avoid'].nil?
68
+ file_name = "./#{FILE_NAME_PREFIX}#{policy_name}.yml"
69
+ if File.exist?(file_name)
70
+ policy_data = YAML.load_file(file_name)
71
+ settings[:headers].push(policy_data['headers']) unless policy_data['headers'].nil?
72
+ settings[:ignored_headers].push(policy_data['ignored_headers']) unless policy_data['ignored_headers'].nil?
73
+ settings[:cookie_attr].merge!(policy_data['cookie_attr']) unless policy_data['cookie_attr'].nil?
74
+ settings[:headers_to_avoid].push(policy_data['headers_to_avoid']) unless policy_data['headers_to_avoid'].nil?
75
+ else
76
+ puts "💔 Misconfiguration, file #{file_name}, does not exist."
77
+ exit 1
78
+ end
79
+
74
80
  end
75
81
 
76
82
  settings[:headers].flatten!
data/lib/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module HttpHeadersVerifier
2
- VERSION = "0.0.9"
2
+ VERSION = "1.0.1"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: http-headers-verifier
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.9
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Avner Cohen