site-inspector 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/site-inspector/headers.rb +49 -16
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7ba79a277c6611844c2628263b41f8953274bd7a
|
|
4
|
+
data.tar.gz: bf7e16d237c56018c62977ea0c4aed2df751b83b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ff18940993447863687a4c0fb5815f753f8cc6d176df67d005f46d30758cfac4e446c099e058544faf6e792a1c378f9c36526e66212c97910039f109a022b9b2
|
|
7
|
+
data.tar.gz: f756567dc72bff09822b3d9da45d85d9143ff8eeb5bc86a60ca091da29a286a4ce6d06c35154bfc02010154da0950d5255dc9865917abcbdd6a00847639e83ee
|
|
@@ -1,34 +1,67 @@
|
|
|
1
1
|
class SiteInspector
|
|
2
|
+
|
|
3
|
+
# the ? versions could maybe just be dropped
|
|
4
|
+
def has_cookies?
|
|
5
|
+
!!has_cookies
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def strict_transport_security?
|
|
9
|
+
!!strict_transport_security
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def content_security_policy?
|
|
13
|
+
!!content_security_policy
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def click_jacking_protection?
|
|
17
|
+
!!click_jacking_protection
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
# return the found header value
|
|
21
|
+
|
|
22
|
+
def has_cookies
|
|
23
|
+
header_from("Set-Cookie")
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def strict_transport_security
|
|
27
|
+
header_from("Strict-Transport-Security")
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def content_security_policy
|
|
31
|
+
header_from("Content-Security-Policy")
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def click_jacking_protection
|
|
35
|
+
header_from("X-Frame-Options")
|
|
36
|
+
end
|
|
37
|
+
|
|
2
38
|
def server
|
|
3
|
-
|
|
39
|
+
header_from("Server")
|
|
4
40
|
end
|
|
5
41
|
|
|
6
|
-
def xss_protection
|
|
7
|
-
|
|
42
|
+
def xss_protection
|
|
43
|
+
header_from("X-XSS-Protection")
|
|
8
44
|
end
|
|
9
45
|
|
|
10
|
-
|
|
11
|
-
|
|
46
|
+
# more specific checks than presence of headers
|
|
47
|
+
def xss_protection?
|
|
48
|
+
xss_protection == "1; mode=block"
|
|
12
49
|
end
|
|
13
50
|
|
|
14
51
|
def secure_cookies?
|
|
15
52
|
return nil if !response || !has_cookies?
|
|
16
|
-
cookie =
|
|
53
|
+
cookie = header_from("Set-Cookie")
|
|
17
54
|
cookie = cookie.first if cookie.is_a?(Array)
|
|
18
55
|
marked_secure = !!(cookie.downcase =~ /secure/)
|
|
19
|
-
marked_http_only = !!(cookie.downcase =~ /
|
|
56
|
+
marked_http_only = !!(cookie.downcase =~ /httponly/)
|
|
20
57
|
marked_secure and marked_http_only
|
|
21
58
|
end
|
|
22
59
|
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
60
|
+
# helper function: case-insensitive sweep for header, return value
|
|
61
|
+
def header_from(header)
|
|
62
|
+
return nil unless response
|
|
26
63
|
|
|
27
|
-
|
|
28
|
-
response
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
def click_jacking_protection?
|
|
32
|
-
response && response.headers.include?("X-Frame-Options")
|
|
64
|
+
the_header = response.headers.keys.find {|h| h.downcase =~ /^#{header.downcase}/}
|
|
65
|
+
response.headers[the_header]
|
|
33
66
|
end
|
|
34
67
|
end
|