site-inspector 1.0.1 → 1.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 081857089e6dd0832b6fd0553615c02c74ba271b
-  data.tar.gz: aaa19892e68cf24c05898e44e2314413976819a1
+  metadata.gz: e4e41e2a1639e9f5f6e7f018ef58c664c834b2c2
+  data.tar.gz: 3205114fcaaaa11cf03ec1eb8fa2f5736b6a99f7
 SHA512:
-  metadata.gz: 613c90276d90b35a8d74502893f6d4bf2579c84f4f399c34c7ee33c3722f92af29e12796d7c733a8503903e63eb85e49f940379ca40d41c55ce1aa5660437181
-  data.tar.gz: 6ddf58171d7c76d8a0f5b029b94878a76e1b68b3becb6dc6c48b972389c9c94e48f5e7ff56ad52b3b00dab8b02aa6620c083920dbe97e2228de6d513ad52c8d1
+  metadata.gz: ffa69fcc3949abe434a476bf8bff0c65dbd4085b5c40f379c0f7b3bbb9eaf43ffc41527ea571fe211ac71d3911b58deaebf8446ee96a69d8a279c2877e87e3bb
+  data.tar.gz: b369d00e140c4b258b02f02e5b841f4ce26d84c0b7b32f10e6015a99673355b3a505194495fbf2bf5e9ecfabfed6e486db18572a56418bcfaf329b6acb746778

data/bin/site-inspector

@@ -1,15 +1,29 @@
 #!/usr/bin/env ruby
 
 require_relative "../lib/site-inspector"
-require "json"
+
+require "oj"
 
 domain = ARGV[0]
+http_mode = (ARGV[1] == "--http")
 
 if domain.to_s.empty?
-  puts "Usage: site-inspector [DOMAIN]"
+  puts "Usage: site-inspector [DOMAIN] [--http]"
   exit 1
 end
 
-details = SiteInspector.new(domain).to_hash
+# HTTP mode:
+#   * all details for possible endpoints
+#   * don't follow redirects
+#   * shorter timeout
+if http_mode
+  site = SiteInspector.new(domain)
+  details = site.http
+
+# Normal mode: autodetect canonical domain, sweep every attribute.
+else
+  site = SiteInspector.new(domain)
+  details = site.to_hash
+end
 
-puts JSON.pretty_generate(details)
+puts Oj.dump(details, indent: 2, mode: :compat)

data/lib/site-inspector/cache.rb

@@ -11,3 +11,48 @@ class SiteInspectorCache
     @memory[request] = response
   end
 end
+
+class SiteInspectorDiskCache
+  def initialize(dir = nil, replace = false)
+    @dir = dir
+    @memory = {}
+    @replace = replace
+  end
+
+  def path(request)
+    File.join(@dir, request.cache_key)
+  end
+
+  def fetch(request)
+    if File.exist?(path(request))
+
+      if @replace
+        FileUtils.rm(path(request))
+        nil
+      else
+        contents = File.read(path(request))
+        begin
+          Marshal.load(contents)
+        rescue ArgumentError
+          FileUtils.rm(path(request))
+          nil
+        end
+      end
+    end
+  end
+
+  def store(request, response)
+    File.open(File.join(@dir, request.cache_key), "w") do |f|
+      f.write Marshal.dump(response)
+    end
+  end
+
+  def get(request)
+    @memory[request] || fetch(request)
+  end
+
+  def set(request, response)
+    store(request, response)
+    @memory[request] = response
+  end
+end

data/lib/site-inspector/dns.rb

@@ -1,7 +1,12 @@
 class SiteInspector
 
   def resolver
-    @resolver ||= Dnsruby::Resolver.new
+    require "dnsruby"
+    @resolver ||= begin
+      resolver = Dnsruby::Resolver.new
+      resolver.config.nameserver = ["8.8.8.8", "8.8.4.4"]
+      resolver
+    end
   end
 
   def query(type="ANY")
@@ -14,12 +19,16 @@ class SiteInspector
     @dns ||= query
   end
 
+  def has_record?(type)
+    dns.any? { |record| record.type == type } || query(type).count != 0
+  end
+
   def dnssec?
-    @dnssec ||= query("DNSKEY").count != 0
+    @dnssec ||= has_record? "DNSKEY"
   end
 
   def ipv6?
-    @ipv6 ||= query("AAAA").count != 0
+    @ipv6 ||= has_record? "AAAA"
   end
 
   def detect_by_hostname(type)
@@ -64,12 +73,14 @@ class SiteInspector
   end
 
   def ip
+    require 'resolv'
     @ip ||= Resolv.getaddress domain.to_s
   rescue Resolv::ResolvError
     nil
   end
 
   def hostname
+    require 'resolv'
     @hostname ||= PublicSuffix.parse(Resolv.getname(ip))
   rescue Exception => e
     nil

data/lib/site-inspector/sniffer.rb

@@ -1,5 +1,6 @@
 class SiteInspector
   def sniff(type)
+    require 'sniffles'
     results = Sniffles.sniff(body, type).select { |name, meta| meta[:found] == true }
     results.each { |name, result| result.delete :found} if results
     results

data/lib/site-inspector.rb

@@ -1,46 +1,106 @@
-require 'nokogiri'
+
+# needed for HTTP analysis
 require 'open-uri'
-require 'public_suffix'
-require 'gman'
-require 'net/http'
-require "dnsruby"
-require 'yaml'
-require 'sniffles'
 require "addressable/uri"
+require 'public_suffix'
 require 'typhoeus'
-require 'json'
-require 'resolv'
 
 require_relative 'site-inspector/cache'
+require_relative 'site-inspector/headers'
 require_relative 'site-inspector/sniffer'
 require_relative 'site-inspector/dns'
 require_relative 'site-inspector/compliance'
-require_relative 'site-inspector/headers'
 
-Typhoeus::Config.cache = SiteInspectorCache.new
+
+if ENV['CACHE']
+  Typhoeus::Config.cache = SiteInspectorDiskCache.new(ENV['CACHE'], ENV['CACHE_REPLACE'])
+else
+  Typhoeus::Config.cache = SiteInspectorCache.new
+end
 
 class SiteInspector
 
   def self.load_data(name)
+    require 'yaml'
     YAML.load_file File.expand_path "./data/#{name}.yml", File.dirname(__FILE__)
   end
 
-  def initialize(domain)
+  # Utility parser for HSTS headers.
+  # RFC: http://tools.ietf.org/html/rfc6797
+  def self.hsts_parse(header)
+    # no hsts for you
+    nothing = {
+      max_age: nil,
+      include_subdomains: false,
+      preload: false,
+      enabled: false,
+      preload_ready: false
+    }
+
+    return nothing unless header and header.is_a?(String)
+
+    directives = header.split(/\s*;\s*/)
+
+    pairs = []
+    directives.each do |directive|
+      name, value = directive.downcase.split("=")
+
+      if value and value.start_with?("\"") and value.end_with?("\"")
+        value = value.sub(/^\"/, '')
+        value = value.sub(/\"$/, '')
+      end
+
+      pairs.push([name, value])
+    end
+
+    # reject invalid directives
+    fatal = pairs.any? do |name, value|
+      # TODO: more comprehensive rejection of characters
+      invalid_chars = /[\s\'\"]/
+      (name =~ invalid_chars) or (value =~ invalid_chars)
+    end
+
+    # good DAY, sir
+    return nothing if fatal
+
+    max_age_directive = pairs.find {|n, v| n == "max-age"}
+    max_age = max_age_directive ? max_age_directive[1].to_i : nil
+    include_subdomains = !!pairs.find {|n, v| n == "includesubdomains"}
+    preload = !!pairs.find {|n, v| n == "preload"}
+
+    enabled = !!(max_age and (max_age > 0))
+
+    # Google's minimum max-age for automatic preloading
+    eighteen_weeks = !!(max_age and (max_age >= 10886400))
+    preload_ready = !!(eighteen_weeks and include_subdomains and preload)
+
+    {
+      max_age: max_age,
+      include_subdomains: include_subdomains,
+      preload: preload,
+      enabled: enabled,
+      preload_ready: preload_ready
+    }
+  end
+
+  # makes no network requests
+  def initialize(domain, options = {})
     domain = domain.downcase
     domain = domain.sub /^https?\:/, ""
     domain = domain.sub /^\/+/, ""
     domain = domain.sub /^www\./, ""
     @uri = Addressable::URI.parse "//#{domain}"
     @domain = PublicSuffix.parse @uri.host
+    @timeout = options[:timeout] || 10
   end
 
   def inspect
     "<SiteInspector domain=\"#{domain}\">"
   end
 
-  def uri(ssl=https?,www=www?)
+  def uri(ssl=enforce_https?,www=www?)
     uri = @uri.clone
-    uri.host = "www.#{uri.host}" if www
+    uri.host = www ? "www.#{uri.host}" : uri.host
     uri.scheme = ssl ? "https" : "http"
     uri
   end
@@ -49,8 +109,13 @@ class SiteInspector
     www? ? PublicSuffix.parse("www.#{@uri.host}") : @domain
   end
 
-  def request(ssl=false, www=false, followlocation=true)
-    Typhoeus.get(uri(ssl, www), followlocation: followlocation, timeout: 10)
+  def request(ssl=false, www=false, followlocation=true, ssl_verifypeer=true, ssl_verifyhost=true)
+    to_get = uri(ssl, www)
+
+    # debugging
+    # puts "fetching: #{to_get}, #{followlocation ? "follow" : "no follow"}, #{ssl_verifypeer ? "verify peer, " : ""}#{ssl_verifyhost ? "verify host" : ""}"
+
+    Typhoeus.get(to_get, followlocation: followlocation, ssl_verifypeer: ssl_verifypeer, ssl_verifyhost: (ssl_verifyhost ? 2 : 0), timeout: @timeout)
   end
 
   def response
@@ -72,6 +137,7 @@ class SiteInspector
   end
 
   def doc
+    require 'nokogiri'
     @doc ||= Nokogiri::HTML response.body if response
   end
 
@@ -80,6 +146,7 @@ class SiteInspector
   end
 
   def government?
+    require 'gman'
     Gman.valid? domain.to_s
   end
 
@@ -101,7 +168,7 @@ class SiteInspector
   end
 
   def www?
-    response && response.effective_url && !!response.effective_url.match(/https?:\/\/www\./)
+    response && response.effective_url && !!response.effective_url.match(/^https?:\/\/www\./)
   end
 
   def non_www?
@@ -123,40 +190,447 @@ class SiteInspector
     end
   end
 
-  def to_json
-    to_hash.to_json
+  def http
+    details = {
+      endpoints: endpoints
+    }
+
+    # convenient shorthand for the extensive statements to come
+    combos = details[:endpoints]
+
+    # A domain is "canonically" at www if:
+    #  * at least one of its www endpoints responds
+    #  * both root endpoints are either down or redirect *somewhere*
+    #  * either both root endpoints are down, *or* at least one
+    #    root endpoint redirect should immediately go to
+    #    an *internal* www endpoint
+    # This is meant to affirm situations like:
+    #   http:// -> https:// -> https://www
+    #   https:// -> http:// -> https://www
+    # and meant to avoid affirming situations like:
+    #   http:// -> http://non-www,
+    #   http://www -> http://non-www
+    # or like:
+    #   https:// -> 200, http:// -> http://www
+
+    www = !!(
+      (
+        combos[:https][:www][:up] or
+        combos[:http][:www][:up]
+      ) and (
+        (
+          combos[:https][:root][:redirect] or
+          !combos[:https][:root][:up] or
+          combos[:https][:root][:https_bad_name] or
+          !combos[:https][:root][:status].to_s.start_with?("2")
+        ) and (
+          combos[:http][:root][:redirect] or
+          !combos[:http][:root][:up] or
+          !combos[:http][:root][:status].to_s.start_with?("2")
+        )
+      ) and (
+        (
+          (
+            !combos[:https][:root][:up] or
+            combos[:https][:root][:https_bad_name] or
+            !combos[:https][:root][:status].to_s.start_with?("2")
+          ) and
+          (
+            !combos[:http][:root][:up] or
+            !combos[:http][:root][:status].to_s.start_with?("2")
+          )
+        ) or
+        (
+          combos[:https][:root][:redirect_immediately_to_www] and
+          !combos[:https][:root][:redirect_immediately_external]
+        ) or
+        (
+          combos[:http][:root][:redirect_immediately_to_www] and
+          !combos[:http][:root][:redirect_immediately_external]
+        )
+      )
+    )
+
+    # A domain is "canonically" at https if:
+    #  * at least one of its https endpoints is live and
+    #    doesn't have an invalid hostname
+    #  * both http endpoints are either down or redirect *somewhere*
+    #  * at least one http endpoint redirects immediately to
+    #    an *internal* https endpoint
+    # This is meant to affirm situations like:
+    #   http:// -> http://www -> https://
+    #   https:// -> http:// -> https://www
+    # and meant to avoid affirming situations like:
+    #   http:// -> http://non-www
+    #   http://www -> http://non-www
+    # or:
+    #   http:// -> 200, http://www -> https://www
+    #
+    # It allows a site to be canonically HTTPS if the cert has
+    # a valid hostname but invalid chain issues.
+
+    https = !!(
+      (
+        (
+          combos[:https][:root][:up] and
+          !combos[:https][:root][:https_bad_name]
+        ) or
+        (
+          combos[:https][:www][:up] and
+          !combos[:https][:www][:https_bad_name]
+        )
+      ) and (
+        (
+          combos[:http][:root][:redirect] or
+          !combos[:http][:root][:up] or
+          !combos[:http][:root][:status].to_s.start_with?("2")
+        ) and (
+          combos[:http][:www][:redirect] or
+          !combos[:http][:www][:up] or
+          !combos[:http][:www][:status].to_s.start_with?("2")
+        )
+      ) and (
+        (
+          combos[:http][:root][:redirect_immediately_to_https] and
+          !combos[:http][:root][:redirect_immediately_external]
+        ) or (
+          combos[:http][:www][:redirect_immediately_to_https] and
+          !combos[:http][:www][:redirect_immediately_external]
+        )
+      )
+    )
+
+    details[:canonical_endpoint] = www ? :www : :root
+    details[:canonical_protocol] = https ? :https : :http
+    details[:canonical] = uri(https, www).to_s
+
+    # If any endpoint is up, the domain is up.
+    details[:up] = !!(
+      combos[:https][:www][:up] or
+      combos[:https][:root][:up] or
+      combos[:http][:www][:up] or
+      combos[:http][:root][:up]
+    )
+
+    # A domain's root is broken if neither protocol can connect.
+    details[:broken_root] = !!(
+      !combos[:https][:root][:up] and
+      !combos[:http][:root][:up]
+    )
+
+    # A domain's www is broken if neither protocol can connect.
+    details[:broken_www] = !!(
+      !combos[:https][:www][:up] and
+      !combos[:http][:www][:up]
+    )
+
+    # HTTPS is "supported" (different than "canonical" or "enforced") if:
+    #
+    # * Either of the HTTPS endpoints is listening, and doesn't have
+    #   an invalid hostname.
+    details[:support_https] = !!(
+      (
+        (combos[:https][:root][:status] != 0) and
+        !combos[:https][:root][:https_bad_name]
+      ) or (
+        (combos[:https][:www][:status] != 0) and
+        !combos[:https][:www][:https_bad_name]
+      )
+    )
+
+    # we can say that a canonical HTTPS site "defaults" to HTTPS,
+    # even if it doesn't *strictly* enforce it (e.g. having a www
+    # subdomain first to go HTTP root before HTTPS root).
+    details[:default_https] = https
+
+    # HTTPS is "downgraded" if both:
+    #
+    # * HTTPS is supported, and
+    # * The 'canonical' endpoint gets an immediate internal redirect to HTTP.
+
+    details[:downgrade_https] = !!(
+      details[:support_https] and
+      (
+        combos[:https][details[:canonical_endpoint]][:redirect] and
+        !combos[:https][details[:canonical_endpoint]][:redirect_immediately_external] and
+        !combos[:https][details[:canonical_endpoint]][:redirect_immediately_to_https]
+      )
+    )
+
+    # HTTPS is enforced if one of the HTTPS endpoints is "live",
+    # and if both *HTTP* endpoints are either:
+    #
+    #  * down, or
+    #  * redirect immediately to HTTPS.
+    #
+    # This is different than whether a domain is "canonically" HTTPS.
+    #
+    # * an HTTP redirect can go to HTTPS on another domain, as long
+    #   as it's immediate.
+    # * a domain with an invalid cert can still be enforcing HTTPS.
+    details[:enforce_https] = !!(
+      (
+        !combos[:http][:www][:up] or
+        (combos[:http][:www][:redirect_immediately_to_https])
+      ) and
+      (
+        !combos[:http][:root][:up] or
+        (combos[:http][:root][:redirect_immediately_to_https])
+      ) and
+      (
+        combos[:https][:www][:up] or
+        combos[:https][:root][:up]
+      )
+    )
+
+    # The domain is a redirect if at least one endpoint is up,
+    # and each one is *either* an external redirect or down entirely.
+    details[:redirect] = !!(
+      details[:up] and
+      (
+        combos[:http][:www][:redirect_external] or
+        !combos[:http][:www][:up] or
+        combos[:http][:www][:status] >= 400
+      ) and
+      (
+        combos[:http][:root][:redirect_external] or
+        !combos[:http][:root][:up] or
+        combos[:http][:root][:status] >= 400
+      ) and
+      (
+        combos[:https][:www][:redirect_external] or
+        !combos[:https][:www][:up] or
+        combos[:https][:www][:https_bad_name] or
+        combos[:https][:www][:status] >= 400
+      ) and
+      (
+        combos[:https][:root][:redirect_external] or
+        !combos[:https][:root][:up] or
+        combos[:https][:root][:https_bad_name] or
+        combos[:https][:root][:status] >= 400
+      )
+    )
+
+    # OK, we've said a domain is a "redirect" domain.
+    # What does the domain redirect to?
+    if details[:redirect]
+      canon = combos[details[:canonical_protocol]][details[:canonical_endpoint]]
+      details[:redirect_to] = canon[:redirect_to]
+    else
+      details[:redirect_to] = nil
+    end
+
+    # HSTS on the canonical domain? (valid HTTPS checked in endpoint)
+    details[:hsts] = !!combos[:https][details[:canonical_endpoint]][:hsts]
+    details[:hsts_header] = combos[:https][details[:canonical_endpoint]][:hsts_header]
+
+    # HSTS on the entire domain?
+    details[:hsts_entire_domain] = !!(
+      combos[:https][:root][:hsts] and
+      combos[:https][:root][:hsts_details][:include_subdomains]
+    )
+
+    # HSTS preload-ready for the entire domain?
+    #
+    # Re-checks :hsts_entire_domain in case the :preload_ready
+    # flag ever changes its definition to not require include_subdomains.
+
+    details[:hsts_entire_domain_preload] = !!(
+      details[:hsts_entire_domain] and
+      combos[:https][:root][:hsts_details][:preload_ready]
+    )
+
+    details
   end
 
-  def to_hash
+  def endpoints
+    https_www = http_endpoint(true, true)
+    http_www = http_endpoint(false, true)
+    https_root = http_endpoint(true, false)
+    http_root = http_endpoint(false, false)
+
     {
-      :domain => domain.to_s,
-      :uri => uri.to_s,
-      :government => government?,
-      :live => !!response,
-      :ssl => https?,
-      :enforce_https => enforce_https?,
-      :non_www => non_www?,
-      :redirect => redirect,
-      :ip => ip,
-      :hostname => hostname.to_s,
-      :ipv6 => ipv6?,
-      :dnssec => dnssec?,
-      :cdn => cdn,
-      :google_apps => google_apps?,
-      :cloud_provider => cloud_provider,
-      :server => server,
-      :cms => cms,
-      :analytics => analytics,
-      :javascript => javascript,
-      :advertising => advertising,
-      :slash_data => slash_data?,
-      :slash_developer => slash_developer?,
-      :data_dot_json => data_dot_json?,
-      :click_jacking_protection => click_jacking_protection?,
-      :content_security_policy => content_security_policy?,
-      :xss_protection => xss_protection?,
-      :secure_cookies => secure_cookies?,
-      :strict_transport_security => strict_transport_security?
+      https: {
+        www: https_www,
+        root: https_root
+      },
+      http: {
+        www: http_www,
+        root: http_root
+      }
     }
   end
+
+  # State of affairs at a particular endpoint.
+  def http_endpoint(ssl, www)
+    details = {}
+
+    # Don't follow redirects for first ping.
+    response = request(ssl, www, false)
+
+
+    # For HTTPS: examine the full range of possibilities.
+    if ssl
+      if response.return_code == :ok
+        details[:https_valid] = true
+        details[:https_bad_chain] = false
+        details[:https_bad_name] = false
+
+      # Bad certificate chain.
+      elsif response.return_code == :ssl_cacert
+        details[:https_valid] = false
+        details[:https_bad_chain] = true
+        response = request(ssl, www, false, false, true)
+        # Bad everything.
+        if response.return_code == :peer_failed_verification
+          details[:https_bad_name] = true
+          response = request(ssl, www, false, false, false)
+        end
+
+      # Bad hostname.
+      elsif response.return_code == :peer_failed_verification
+        details[:https_valid] = false
+        details[:https_bad_name] = true
+        response = request(ssl, www, false, true, false)
+        # Bad everything.
+        if response.return_code == :ssl_cacert
+          details[:https_bad_chain] = true
+          response = request(ssl, www, false, false, false)
+        end
+
+      # not sure what else would happen
+      elsif response.response_code != 0
+        details[:https_valid] = false
+        details[:https_unknown_issue] = response.return_code
+      end
+    end
+
+    # If we ended up with a failure, return it.
+    details[:status] = response.response_code
+    details[:up] = (response.response_code != 0)
+    return details if !details[:up]
+
+    headers = Hash[response.headers.map{ |k,v| [k.downcase,v] }]
+    details[:headers] = headers
+
+
+    # HSTS only takes effect when delivered over valid HTTPS.
+    hsts = SiteInspector.hsts_parse(headers["strict-transport-security"])
+
+    details[:hsts] = !!(
+      ssl and
+      details[:https_valid] and
+      hsts[:enabled]
+    )
+
+    details[:hsts_header] = headers["strict-transport-security"]
+    details[:hsts_details] = hsts
+
+
+    # If it's a redirect, go find the ultimate response starting from this combo.
+    redirect_code = response.response_code.to_s.start_with?("3")
+    location_header = headers["location"]
+    if redirect_code and location_header
+      location_header = location_header.downcase
+      details[:redirect] = true
+
+      ultimate_response = request(ssl, www, true, !details[:https_bad_chain], !details[:https_bad_name])
+      uri_original = URI(ultimate_response.request.url)
+
+      # treat relative Location headers as having the original hostname
+      if location_header.start_with?("http:") or location_header.start_with?("https:")
+        uri_immediate = URI(URI.escape(location_header))
+      else
+        uri_immediate = URI.join(uri_original, URI.escape(location_header))
+      end
+
+      uri_eventual = URI(ultimate_response.effective_url.downcase)
+
+      # compare base domain names
+      base_original = PublicSuffix.parse(uri_original.hostname).domain
+
+      # if the redirects aren't to valid hostnames (e.g. IP addresses)
+      # then fine just compare them directly, they're not going to be
+      # identical anyway.
+      base_immediate = begin
+        PublicSuffix.parse(uri_immediate.hostname).domain
+      rescue PublicSuffix::DomainInvalid
+        uri_immediate.to_s
+      end
+
+      base_eventual = begin
+        PublicSuffix.parse(uri_eventual.hostname).domain
+      rescue PublicSuffix::DomainInvalid
+        uri_eventual.to_s
+      end
+
+      details[:redirect_immediately_to] = uri_immediate.to_s
+      details[:redirect_immediately_to_www] = !!uri_immediate.to_s.match(/^https?:\/\/www\./)
+      details[:redirect_immediately_to_https] = uri_immediate.to_s.start_with?("https://")
+      details[:redirect_immediately_external] = (base_original != base_immediate)
+
+      details[:redirect_to] = uri_eventual.to_s
+      details[:redirect_external] = (base_original != base_eventual)
+
+    # otherwise, mark all the redirect fields as false/null
+    else
+      details[:redirect] = false
+      details[:redirect_immediately_to] = nil
+      details[:redirect_immediately_to_www] = false
+      details[:redirect_immediately_to_https] = false
+      details[:redirect_immediately_external] = false
+
+      details[:redirect_to] = nil
+      details[:redirect_external] = false
+    end
+
+    details
+  end
+
+  def to_hash(http_only=false)
+    if http_only
+      {
+        :domain => domain.to_s,
+        :uri => uri.to_s,
+        :live => !!response,
+        :ssl => https?,
+        :enforce_https => enforce_https?,
+        :non_www => non_www?,
+        :redirect => redirect,
+        :headers => headers
+      }
+    else
+      {
+        :domain => domain.to_s,
+        :uri => uri.to_s,
+        :government => government?,
+        :live => !!response,
+        :ssl => https?,
+        :enforce_https => enforce_https?,
+        :non_www => non_www?,
+        :redirect => redirect,
+        :ip => ip,
+        :hostname => hostname.to_s,
+        :ipv6 => ipv6?,
+        :dnssec => dnssec?,
+        :cdn => cdn,
+        :google_apps => google_apps?,
+        :cloud_provider => cloud_provider,
+        :server => server,
+        :cms => cms,
+        :analytics => analytics,
+        :javascript => javascript,
+        :advertising => advertising,
+        :slash_data => slash_data?,
+        :slash_developer => slash_developer?,
+        :data_dot_json => data_dot_json?,
+        :click_jacking_protection => click_jacking_protection?,
+        :content_security_policy => content_security_policy?,
+        :xss_protection => xss_protection?,
+        :secure_cookies => secure_cookies?,
+        :strict_transport_security => strict_transport_security?,
+        :headers => headers
+      }
+    end
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: site-inspector
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.0.2
 platform: ruby
 authors:
 - Ben Balter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-13 00:00:00.000000000 Z
+date: 2015-06-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -94,6 +94,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.6'
+- !ruby/object:Gem::Dependency
+  name: oj
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.11'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.11'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement