site-inspector 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/site-inspector/headers.rb +49 -16
  3. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: e04e629831f1d1a1c2c9f786563936f18d3f5da4
4
- data.tar.gz: 26ac4b5b19f7470c34bfdbf91f0d42bac5f3ff54
3
+ metadata.gz: 7ba79a277c6611844c2628263b41f8953274bd7a
4
+ data.tar.gz: bf7e16d237c56018c62977ea0c4aed2df751b83b
5
5
  SHA512:
6
- metadata.gz: f390ec91acae9a038ef72fe7b4806203528d3ec2a4117cbcb4f0bc97f49aad8d3655cad6db12e8f2a010df3f5dd10f5502ca150eff6d6f140e61fa1846b007e2
7
- data.tar.gz: 4e9dcbaca581276008830e4f5836622f9a88cb0d74a06ec1bffebc46f0821fdb2cb57755ce97f59699575aa3e1d134b581fc410d8a6cf0ea095e72ae4d1dd1e3
6
+ metadata.gz: ff18940993447863687a4c0fb5815f753f8cc6d176df67d005f46d30758cfac4e446c099e058544faf6e792a1c378f9c36526e66212c97910039f109a022b9b2
7
+ data.tar.gz: f756567dc72bff09822b3d9da45d85d9143ff8eeb5bc86a60ca091da29a286a4ce6d06c35154bfc02010154da0950d5255dc9865917abcbdd6a00847639e83ee
@@ -1,34 +1,67 @@
1
1
  class SiteInspector
2
+
3
+ # the ? versions could maybe just be dropped
4
+ def has_cookies?
5
+ !!has_cookies
6
+ end
7
+
8
+ def strict_transport_security?
9
+ !!strict_transport_security
10
+ end
11
+
12
+ def content_security_policy?
13
+ !!content_security_policy
14
+ end
15
+
16
+ def click_jacking_protection?
17
+ !!click_jacking_protection
18
+ end
19
+
20
+ # return the found header value
21
+
22
+ def has_cookies
23
+ header_from("Set-Cookie")
24
+ end
25
+
26
+ def strict_transport_security
27
+ header_from("Strict-Transport-Security")
28
+ end
29
+
30
+ def content_security_policy
31
+ header_from("Content-Security-Policy")
32
+ end
33
+
34
+ def click_jacking_protection
35
+ header_from("X-Frame-Options")
36
+ end
37
+
2
38
  def server
3
- response && response.headers["Server"]
39
+ header_from("Server")
4
40
  end
5
41
 
6
- def xss_protection?
7
- response && response.headers["X-XSS-Protection"] == "1; mode=block"
42
+ def xss_protection
43
+ header_from("X-XSS-Protection")
8
44
  end
9
45
 
10
- def has_cookies?
11
- response && response.headers.include?("Set-Cookie")
46
+ # more specific checks than presence of headers
47
+ def xss_protection?
48
+ xss_protection == "1; mode=block"
12
49
  end
13
50
 
14
51
  def secure_cookies?
15
52
  return nil if !response || !has_cookies?
16
- cookie = response.headers["Set-Cookie"]
53
+ cookie = header_from("Set-Cookie")
17
54
  cookie = cookie.first if cookie.is_a?(Array)
18
55
  marked_secure = !!(cookie.downcase =~ /secure/)
19
- marked_http_only = !!(cookie.downcase =~ /HttpOnly/)
56
+ marked_http_only = !!(cookie.downcase =~ /httponly/)
20
57
  marked_secure and marked_http_only
21
58
  end
22
59
 
23
- def strict_transport_security?
24
- response && response.headers.include?("Strict-Transport-Security")
25
- end
60
+ # helper function: case-insensitive sweep for header, return value
61
+ def header_from(header)
62
+ return nil unless response
26
63
 
27
- def content_security_policy?
28
- response && response.headers.include?("Content-Security-Policy")
29
- end
30
-
31
- def click_jacking_protection?
32
- response && response.headers.include?("X-Frame-Options")
64
+ the_header = response.headers.keys.find {|h| h.downcase =~ /^#{header.downcase}/}
65
+ response.headers[the_header]
33
66
  end
34
67
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: site-inspector
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ben Balter