webconf-audit 0.1.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (422) hide show
  1. webconf_audit/__init__.py +0 -0
  2. webconf_audit/apache_module_names.py +64 -0
  3. webconf_audit/assessment.py +1596 -0
  4. webconf_audit/assessment_models.py +329 -0
  5. webconf_audit/assessment_renderers.py +204 -0
  6. webconf_audit/audit_policy.py +1755 -0
  7. webconf_audit/baselines.py +368 -0
  8. webconf_audit/cli/__init__.py +1652 -0
  9. webconf_audit/cli/__main__.py +6 -0
  10. webconf_audit/cli/coverage.py +462 -0
  11. webconf_audit/coverage_ledger.py +2238 -0
  12. webconf_audit/coverage_models.py +352 -0
  13. webconf_audit/crosswalk_integrity.py +241 -0
  14. webconf_audit/csp.py +60 -0
  15. webconf_audit/csp_ast.py +520 -0
  16. webconf_audit/data/__init__.py +1 -0
  17. webconf_audit/data/control_source_coverage.yml +12229 -0
  18. webconf_audit/execution_manifest.py +428 -0
  19. webconf_audit/external/__init__.py +4 -0
  20. webconf_audit/external/html_recon.py +137 -0
  21. webconf_audit/external/recon/__init__.py +3346 -0
  22. webconf_audit/external/recon/_cookie.py +74 -0
  23. webconf_audit/external/recon/port_discovery.py +162 -0
  24. webconf_audit/external/recon/tls_probe.py +874 -0
  25. webconf_audit/external/rules/__init__.py +6 -0
  26. webconf_audit/external/rules/_conditional.py +614 -0
  27. webconf_audit/external/rules/_cookies.py +246 -0
  28. webconf_audit/external/rules/_cors.py +112 -0
  29. webconf_audit/external/rules/_disclosure.py +179 -0
  30. webconf_audit/external/rules/_headers.py +813 -0
  31. webconf_audit/external/rules/_helpers.py +288 -0
  32. webconf_audit/external/rules/_https.py +277 -0
  33. webconf_audit/external/rules/_methods.py +349 -0
  34. webconf_audit/external/rules/_runner.py +563 -0
  35. webconf_audit/external/rules/_sensitive_paths.py +107 -0
  36. webconf_audit/external/rules/_tls.py +688 -0
  37. webconf_audit/external/rules/iis_native_header_probe.py +105 -0
  38. webconf_audit/external/rules/nginx_runtime_probes.py +178 -0
  39. webconf_audit/external/rules/script_src_missing_sri.py +123 -0
  40. webconf_audit/external/rules/tls_cert_probes.py +216 -0
  41. webconf_audit/external/rules/tls_handshake_probes.py +232 -0
  42. webconf_audit/external/rules/unknown_host_runtime_response.py +116 -0
  43. webconf_audit/external/safe_probe_catalog.py +2568 -0
  44. webconf_audit/external/tls_inventory.py +1088 -0
  45. webconf_audit/finding_factory.py +51 -0
  46. webconf_audit/fingerprints.py +168 -0
  47. webconf_audit/header_policy.py +177 -0
  48. webconf_audit/hsts_policy.py +54 -0
  49. webconf_audit/local/__init__.py +0 -0
  50. webconf_audit/local/apache/__init__.py +862 -0
  51. webconf_audit/local/apache/authorization.py +1013 -0
  52. webconf_audit/local/apache/effective.py +853 -0
  53. webconf_audit/local/apache/htaccess.py +512 -0
  54. webconf_audit/local/apache/include.py +301 -0
  55. webconf_audit/local/apache/module_inventory.py +527 -0
  56. webconf_audit/local/apache/parser/__init__.py +25 -0
  57. webconf_audit/local/apache/parser/parser.py +396 -0
  58. webconf_audit/local/apache/path_matching.py +68 -0
  59. webconf_audit/local/apache/root_directory.py +107 -0
  60. webconf_audit/local/apache/rules/__init__.py +1 -0
  61. webconf_audit/local/apache/rules/_block_policy_utils.py +345 -0
  62. webconf_audit/local/apache/rules/_log_policy_utils.py +296 -0
  63. webconf_audit/local/apache/rules/_modsecurity_inventory_utils.py +234 -0
  64. webconf_audit/local/apache/rules/_policy_semantics_utils.py +875 -0
  65. webconf_audit/local/apache/rules/_redirect_scope_utils.py +190 -0
  66. webconf_audit/local/apache/rules/_tls_policy_utils.py +250 -0
  67. webconf_audit/local/apache/rules/_vhost_rejection_utils.py +219 -0
  68. webconf_audit/local/apache/rules/allowoverride_all.py +230 -0
  69. webconf_audit/local/apache/rules/allowoverride_not_none.py +149 -0
  70. webconf_audit/local/apache/rules/backup_files_restricted.py +200 -0
  71. webconf_audit/local/apache/rules/basic_auth_over_http.py +112 -0
  72. webconf_audit/local/apache/rules/content_security_policy_missing_frame_ancestors.py +55 -0
  73. webconf_audit/local/apache/rules/content_security_policy_missing_reporting_endpoint.py +54 -0
  74. webconf_audit/local/apache/rules/context_sensitive_directive_utils.py +83 -0
  75. webconf_audit/local/apache/rules/csp_value_review.py +135 -0
  76. webconf_audit/local/apache/rules/custom_log_missing.py +85 -0
  77. webconf_audit/local/apache/rules/custom_log_uses_default_format.py +94 -0
  78. webconf_audit/local/apache/rules/default_content_probe.py +141 -0
  79. webconf_audit/local/apache/rules/default_tls_vhost_not_rejecting_unknown_hosts.py +108 -0
  80. webconf_audit/local/apache/rules/default_vhost_not_rejecting_unknown_hosts.py +195 -0
  81. webconf_audit/local/apache/rules/directory_without_allowoverride.py +417 -0
  82. webconf_audit/local/apache/rules/effective_directive_check.py +399 -0
  83. webconf_audit/local/apache/rules/error_document_404_missing.py +75 -0
  84. webconf_audit/local/apache/rules/error_document_500_missing.py +75 -0
  85. webconf_audit/local/apache/rules/error_document_utils.py +42 -0
  86. webconf_audit/local/apache/rules/error_log_missing.py +85 -0
  87. webconf_audit/local/apache/rules/error_log_unsafe_destination.py +96 -0
  88. webconf_audit/local/apache/rules/file_etag_inodes.py +105 -0
  89. webconf_audit/local/apache/rules/generated_artifacts_restricted.py +126 -0
  90. webconf_audit/local/apache/rules/hsts_header_policy.py +198 -0
  91. webconf_audit/local/apache/rules/ht_files_restricted.py +118 -0
  92. webconf_audit/local/apache/rules/htaccess_auth_without_require.py +102 -0
  93. webconf_audit/local/apache/rules/htaccess_disables_security_headers.py +103 -0
  94. webconf_audit/local/apache/rules/htaccess_enables_cgi.py +93 -0
  95. webconf_audit/local/apache/rules/htaccess_enables_directory_listing.py +96 -0
  96. webconf_audit/local/apache/rules/htaccess_overrides_security.py +109 -0
  97. webconf_audit/local/apache/rules/htaccess_rewrite_without_limit.py +80 -0
  98. webconf_audit/local/apache/rules/htaccess_rule_utils.py +42 -0
  99. webconf_audit/local/apache/rules/htaccess_weakens_security.py +242 -0
  100. webconf_audit/local/apache/rules/http_method_policy_unsafe.py +134 -0
  101. webconf_audit/local/apache/rules/http_protocol_options_unsafe.py +98 -0
  102. webconf_audit/local/apache/rules/http_to_https_redirect_missing.py +204 -0
  103. webconf_audit/local/apache/rules/index_options_fancyindexing_enabled.py +72 -0
  104. webconf_audit/local/apache/rules/index_options_scanhtmltitles_enabled.py +73 -0
  105. webconf_audit/local/apache/rules/ip_based_requests_allowed.py +167 -0
  106. webconf_audit/local/apache/rules/keepalive_disabled.py +56 -0
  107. webconf_audit/local/apache/rules/keepalive_timeout_too_high.py +66 -0
  108. webconf_audit/local/apache/rules/limit_request_body.py +172 -0
  109. webconf_audit/local/apache/rules/limit_request_body_value_review.py +81 -0
  110. webconf_audit/local/apache/rules/limit_request_field_size_too_high.py +63 -0
  111. webconf_audit/local/apache/rules/limit_request_fields.py +169 -0
  112. webconf_audit/local/apache/rules/limit_request_line_too_high.py +63 -0
  113. webconf_audit/local/apache/rules/listen_requires_explicit_address.py +133 -0
  114. webconf_audit/local/apache/rules/location_endpoint_utils.py +207 -0
  115. webconf_audit/local/apache/rules/log_format_missing_fields.py +125 -0
  116. webconf_audit/local/apache/rules/log_level_too_restrictive.py +109 -0
  117. webconf_audit/local/apache/rules/max_keepalive_requests_too_low.py +63 -0
  118. webconf_audit/local/apache/rules/missing_http_method_restrictions.py +158 -0
  119. webconf_audit/local/apache/rules/missing_log_format.py +77 -0
  120. webconf_audit/local/apache/rules/missing_permissions_policy_header.py +45 -0
  121. webconf_audit/local/apache/rules/missing_referrer_policy_header.py +48 -0
  122. webconf_audit/local/apache/rules/missing_x_frame_options_header.py +51 -0
  123. webconf_audit/local/apache/rules/modsecurity_crs_not_configured.py +67 -0
  124. webconf_audit/local/apache/rules/modsecurity_module_missing.py +63 -0
  125. webconf_audit/local/apache/rules/options_execcgi_enabled.py +68 -0
  126. webconf_audit/local/apache/rules/options_includes_enabled.py +71 -0
  127. webconf_audit/local/apache/rules/options_indexes.py +71 -0
  128. webconf_audit/local/apache/rules/options_multiviews_enabled.py +72 -0
  129. webconf_audit/local/apache/rules/options_not_none_in_root_directory.py +258 -0
  130. webconf_audit/local/apache/rules/os_root_access_not_denied.py +212 -0
  131. webconf_audit/local/apache/rules/permissions_policy_runtime_quality.py +104 -0
  132. webconf_audit/local/apache/rules/permissions_policy_unsafe.py +48 -0
  133. webconf_audit/local/apache/rules/referrer_policy_unsafe.py +48 -0
  134. webconf_audit/local/apache/rules/request_read_timeout_semantics.py +183 -0
  135. webconf_audit/local/apache/rules/scope_phrase.py +25 -0
  136. webconf_audit/local/apache/rules/security_header_utils.py +1000 -0
  137. webconf_audit/local/apache/rules/sensitive_config_files_restricted.py +142 -0
  138. webconf_audit/local/apache/rules/sensitive_path_environment_policy.py +104 -0
  139. webconf_audit/local/apache/rules/server_directive_utils.py +109 -0
  140. webconf_audit/local/apache/rules/server_info_exposed.py +78 -0
  141. webconf_audit/local/apache/rules/server_signature_off.py +142 -0
  142. webconf_audit/local/apache/rules/server_status_exposed.py +78 -0
  143. webconf_audit/local/apache/rules/server_tokens_prod.py +164 -0
  144. webconf_audit/local/apache/rules/sitewide_http_method_policy_missing.py +176 -0
  145. webconf_audit/local/apache/rules/ssl_cipher_suite_missing.py +55 -0
  146. webconf_audit/local/apache/rules/ssl_cipher_suite_weak.py +83 -0
  147. webconf_audit/local/apache/rules/ssl_compression.py +55 -0
  148. webconf_audit/local/apache/rules/ssl_honor_cipher_order.py +55 -0
  149. webconf_audit/local/apache/rules/ssl_insecure_renegotiation.py +59 -0
  150. webconf_audit/local/apache/rules/ssl_protocol_policy.py +190 -0
  151. webconf_audit/local/apache/rules/ssl_proxy_peer_name_check_disabled.py +102 -0
  152. webconf_audit/local/apache/rules/ssl_proxy_verify_disabled.py +98 -0
  153. webconf_audit/local/apache/rules/ssl_session_cache_missing.py +56 -0
  154. webconf_audit/local/apache/rules/ssl_session_cache_timeout.py +68 -0
  155. webconf_audit/local/apache/rules/ssl_stapling_cache_missing.py +58 -0
  156. webconf_audit/local/apache/rules/ssl_use_stapling.py +54 -0
  157. webconf_audit/local/apache/rules/timeout_keepalive_default_policy.py +93 -0
  158. webconf_audit/local/apache/rules/timeout_too_high.py +60 -0
  159. webconf_audit/local/apache/rules/trace_enable_off.py +141 -0
  160. webconf_audit/local/apache/rules/vcs_metadata_restricted.py +127 -0
  161. webconf_audit/local/apache/rules/x_frame_options_unsafe.py +54 -0
  162. webconf_audit/local/apache/rules_runner.py +171 -0
  163. webconf_audit/local/iis/__init__.py +615 -0
  164. webconf_audit/local/iis/_iis_schema/ASPNET_schema.xml +670 -0
  165. webconf_audit/local/iis/_iis_schema/FX_schema.xml +443 -0
  166. webconf_audit/local/iis/_iis_schema/IIS_schema.xml +1570 -0
  167. webconf_audit/local/iis/_iis_schema/README.md +5 -0
  168. webconf_audit/local/iis/_iis_schema/__init__.py +41 -0
  169. webconf_audit/local/iis/discovery.py +323 -0
  170. webconf_audit/local/iis/effective.py +656 -0
  171. webconf_audit/local/iis/iis_defaults.py +167 -0
  172. webconf_audit/local/iis/parser/__init__.py +23 -0
  173. webconf_audit/local/iis/parser/parser.py +288 -0
  174. webconf_audit/local/iis/registry.py +1704 -0
  175. webconf_audit/local/iis/rules/__init__.py +1 -0
  176. webconf_audit/local/iis/rules/anonymous_auth_enabled.py +236 -0
  177. webconf_audit/local/iis/rules/application_pool_policy.py +382 -0
  178. webconf_audit/local/iis/rules/asp_script_error_sent_to_browser.py +58 -0
  179. webconf_audit/local/iis/rules/auth_policy.py +799 -0
  180. webconf_audit/local/iis/rules/binding_without_host_header.py +100 -0
  181. webconf_audit/local/iis/rules/cgi_handler_enabled.py +124 -0
  182. webconf_audit/local/iis/rules/compilation_debug_enabled.py +66 -0
  183. webconf_audit/local/iis/rules/content_security_policy_missing_frame_ancestors.py +138 -0
  184. webconf_audit/local/iis/rules/content_security_policy_missing_reporting_endpoint.py +141 -0
  185. webconf_audit/local/iis/rules/custom_errors_off.py +79 -0
  186. webconf_audit/local/iis/rules/custom_headers_expose_server.py +79 -0
  187. webconf_audit/local/iis/rules/directory_browse_enabled.py +79 -0
  188. webconf_audit/local/iis/rules/forms_auth_require_ssl_missing.py +140 -0
  189. webconf_audit/local/iis/rules/handler_access_policy.py +146 -0
  190. webconf_audit/local/iis/rules/hsts_header_unsafe.py +126 -0
  191. webconf_audit/local/iis/rules/http_errors_detailed.py +79 -0
  192. webconf_audit/local/iis/rules/http_runtime_version_header_enabled.py +114 -0
  193. webconf_audit/local/iis/rules/logging_fields_review.py +133 -0
  194. webconf_audit/local/iis/rules/logging_not_configured.py +111 -0
  195. webconf_audit/local/iis/rules/max_allowed_content_length_missing.py +150 -0
  196. webconf_audit/local/iis/rules/missing_hsts_header.py +136 -0
  197. webconf_audit/local/iis/rules/redirect_scope_utils.py +37 -0
  198. webconf_audit/local/iis/rules/request_filtering_allow_double_escaping.py +88 -0
  199. webconf_audit/local/iis/rules/request_filtering_allow_high_bit.py +89 -0
  200. webconf_audit/local/iis/rules/request_filtering_policy.py +704 -0
  201. webconf_audit/local/iis/rules/rule_utils.py +219 -0
  202. webconf_audit/local/iis/rules/schannel_tls_policy.py +348 -0
  203. webconf_audit/local/iis/rules/session_state_cookieless.py +67 -0
  204. webconf_audit/local/iis/rules/ssl_not_required.py +118 -0
  205. webconf_audit/local/iis/rules/ssl_weak_cipher_strength.py +92 -0
  206. webconf_audit/local/iis/rules/system_web_policy.py +757 -0
  207. webconf_audit/local/iis/rules/trace_enabled.py +58 -0
  208. webconf_audit/local/iis/rules/webdav_module_enabled.py +112 -0
  209. webconf_audit/local/iis/rules_runner.py +83 -0
  210. webconf_audit/local/iis/schannel_defaults.py +126 -0
  211. webconf_audit/local/iis/schannel_models.py +293 -0
  212. webconf_audit/local/lighttpd/__init__.py +213 -0
  213. webconf_audit/local/lighttpd/conditions.py +167 -0
  214. webconf_audit/local/lighttpd/effective.py +665 -0
  215. webconf_audit/local/lighttpd/include.py +402 -0
  216. webconf_audit/local/lighttpd/parser/__init__.py +27 -0
  217. webconf_audit/local/lighttpd/parser/parser.py +779 -0
  218. webconf_audit/local/lighttpd/rules/__init__.py +1 -0
  219. webconf_audit/local/lighttpd/rules/access_log_format_missing_fields.py +198 -0
  220. webconf_audit/local/lighttpd/rules/access_log_format_review.py +179 -0
  221. webconf_audit/local/lighttpd/rules/access_log_missing.py +122 -0
  222. webconf_audit/local/lighttpd/rules/auth_backend_policy.py +185 -0
  223. webconf_audit/local/lighttpd/rules/basic_auth_over_http.py +179 -0
  224. webconf_audit/local/lighttpd/rules/content_security_policy_missing_frame_ancestors.py +92 -0
  225. webconf_audit/local/lighttpd/rules/content_security_policy_missing_reporting_endpoint.py +166 -0
  226. webconf_audit/local/lighttpd/rules/content_security_policy_unsafe.py +107 -0
  227. webconf_audit/local/lighttpd/rules/dir_listing_enabled.py +104 -0
  228. webconf_audit/local/lighttpd/rules/directive_value_utils.py +96 -0
  229. webconf_audit/local/lighttpd/rules/error_log_missing.py +66 -0
  230. webconf_audit/local/lighttpd/rules/header_policy_parity.py +313 -0
  231. webconf_audit/local/lighttpd/rules/header_tuple_utils.py +125 -0
  232. webconf_audit/local/lighttpd/rules/idle_timeout_policy.py +199 -0
  233. webconf_audit/local/lighttpd/rules/max_connections_missing.py +74 -0
  234. webconf_audit/local/lighttpd/rules/max_request_size_missing.py +72 -0
  235. webconf_audit/local/lighttpd/rules/max_request_size_policy.py +169 -0
  236. webconf_audit/local/lighttpd/rules/missing_http_method_restrictions.py +92 -0
  237. webconf_audit/local/lighttpd/rules/missing_http_to_https_redirect.py +101 -0
  238. webconf_audit/local/lighttpd/rules/missing_strict_transport_security.py +96 -0
  239. webconf_audit/local/lighttpd/rules/missing_x_content_type_options.py +96 -0
  240. webconf_audit/local/lighttpd/rules/mod_cgi_enabled.py +82 -0
  241. webconf_audit/local/lighttpd/rules/mod_status_public.py +196 -0
  242. webconf_audit/local/lighttpd/rules/mod_webdav_enabled.py +64 -0
  243. webconf_audit/local/lighttpd/rules/redirect_scope_utils.py +91 -0
  244. webconf_audit/local/lighttpd/rules/rule_utils.py +138 -0
  245. webconf_audit/local/lighttpd/rules/sensitive_path_policy.py +228 -0
  246. webconf_audit/local/lighttpd/rules/server_tag_not_blank.py +137 -0
  247. webconf_audit/local/lighttpd/rules/ssl_compression.py +162 -0
  248. webconf_audit/local/lighttpd/rules/ssl_conf_cmd_utils.py +80 -0
  249. webconf_audit/local/lighttpd/rules/ssl_engine_not_enabled.py +197 -0
  250. webconf_audit/local/lighttpd/rules/ssl_honor_cipher_order_missing.py +159 -0
  251. webconf_audit/local/lighttpd/rules/ssl_insecure_renegotiation.py +188 -0
  252. webconf_audit/local/lighttpd/rules/ssl_pemfile_missing.py +63 -0
  253. webconf_audit/local/lighttpd/rules/ssl_protocol_policy.py +508 -0
  254. webconf_audit/local/lighttpd/rules/strict_transport_security_unsafe.py +177 -0
  255. webconf_audit/local/lighttpd/rules/url_access_deny_missing.py +241 -0
  256. webconf_audit/local/lighttpd/rules/weak_ssl_cipher_list.py +70 -0
  257. webconf_audit/local/lighttpd/rules/webdav_write_access_enabled.py +117 -0
  258. webconf_audit/local/lighttpd/rules/x_frame_options_unsafe.py +88 -0
  259. webconf_audit/local/lighttpd/rules_runner.py +110 -0
  260. webconf_audit/local/lighttpd/shell.py +51 -0
  261. webconf_audit/local/lighttpd/variables.py +234 -0
  262. webconf_audit/local/load_context.py +58 -0
  263. webconf_audit/local/nginx/__init__.py +438 -0
  264. webconf_audit/local/nginx/access_control_semantics.py +558 -0
  265. webconf_audit/local/nginx/assessments/__init__.py +5 -0
  266. webconf_audit/local/nginx/assessments/logging.py +966 -0
  267. webconf_audit/local/nginx/assessments/rate_limits.py +945 -0
  268. webconf_audit/local/nginx/assessments/response_headers.py +1581 -0
  269. webconf_audit/local/nginx/assessments/reverse_proxy_headers.py +807 -0
  270. webconf_audit/local/nginx/assessments/sensitive_locations.py +1007 -0
  271. webconf_audit/local/nginx/effective_scope.py +309 -0
  272. webconf_audit/local/nginx/include.py +272 -0
  273. webconf_audit/local/nginx/location_matcher.py +324 -0
  274. webconf_audit/local/nginx/logging_semantics.py +618 -0
  275. webconf_audit/local/nginx/parser/__init__.py +28 -0
  276. webconf_audit/local/nginx/parser/ast.py +57 -0
  277. webconf_audit/local/nginx/parser/parser.py +341 -0
  278. webconf_audit/local/nginx/parser/tokens.py +28 -0
  279. webconf_audit/local/nginx/proxy_headers.py +659 -0
  280. webconf_audit/local/nginx/rate_limit_semantics.py +787 -0
  281. webconf_audit/local/nginx/response_header_semantics.py +398 -0
  282. webconf_audit/local/nginx/rules/__init__.py +1 -0
  283. webconf_audit/local/nginx/rules/_default_server_rejection_utils.py +25 -0
  284. webconf_audit/local/nginx/rules/_exposure_utils.py +55 -0
  285. webconf_audit/local/nginx/rules/_limit_utils.py +113 -0
  286. webconf_audit/local/nginx/rules/_proxy_tls_utils.py +88 -0
  287. webconf_audit/local/nginx/rules/_scope_utils.py +194 -0
  288. webconf_audit/local/nginx/rules/_value_utils.py +199 -0
  289. webconf_audit/local/nginx/rules/_variable_taint_utils.py +349 -0
  290. webconf_audit/local/nginx/rules/access_log_uses_default_format.py +102 -0
  291. webconf_audit/local/nginx/rules/alias_traversal_classic_pattern.py +82 -0
  292. webconf_audit/local/nginx/rules/alias_without_trailing_slash.py +61 -0
  293. webconf_audit/local/nginx/rules/allow_all_with_deny_all.py +56 -0
  294. webconf_audit/local/nginx/rules/auth_basic_over_http.py +140 -0
  295. webconf_audit/local/nginx/rules/autoindex_on.py +46 -0
  296. webconf_audit/local/nginx/rules/client_body_timeout_too_high.py +69 -0
  297. webconf_audit/local/nginx/rules/client_header_buffer_size_too_large.py +73 -0
  298. webconf_audit/local/nginx/rules/client_header_timeout_too_high.py +63 -0
  299. webconf_audit/local/nginx/rules/client_max_body_size_too_large.py +73 -0
  300. webconf_audit/local/nginx/rules/client_max_body_size_unlimited.py +68 -0
  301. webconf_audit/local/nginx/rules/content_security_policy_missing_frame_ancestors.py +96 -0
  302. webconf_audit/local/nginx/rules/content_security_policy_missing_reporting_endpoint.py +89 -0
  303. webconf_audit/local/nginx/rules/content_security_policy_unsafe.py +147 -0
  304. webconf_audit/local/nginx/rules/crlf_in_add_header.py +90 -0
  305. webconf_audit/local/nginx/rules/crlf_in_return.py +100 -0
  306. webconf_audit/local/nginx/rules/csp_value_review.py +106 -0
  307. webconf_audit/local/nginx/rules/default_server_not_rejecting_unknown_hosts.py +71 -0
  308. webconf_audit/local/nginx/rules/default_tls_server_not_rejecting_unknown_hosts.py +140 -0
  309. webconf_audit/local/nginx/rules/duplicate_listen.py +74 -0
  310. webconf_audit/local/nginx/rules/error_log_too_restrictive.py +64 -0
  311. webconf_audit/local/nginx/rules/executable_scripts_allowed_in_uploads.py +151 -0
  312. webconf_audit/local/nginx/rules/header_utils.py +86 -0
  313. webconf_audit/local/nginx/rules/hsts_header_unsafe.py +94 -0
  314. webconf_audit/local/nginx/rules/http3_alt_svc_review.py +274 -0
  315. webconf_audit/local/nginx/rules/http_method_policy_allows_unapproved.py +84 -0
  316. webconf_audit/local/nginx/rules/if_in_location.py +58 -0
  317. webconf_audit/local/nginx/rules/keepalive_timeout_too_high.py +63 -0
  318. webconf_audit/local/nginx/rules/large_client_header_buffers_too_large.py +89 -0
  319. webconf_audit/local/nginx/rules/large_client_header_buffers_too_restrictive.py +79 -0
  320. webconf_audit/local/nginx/rules/limit_conn_invalid_limit.py +48 -0
  321. webconf_audit/local/nginx/rules/limit_conn_zone_not_per_ip.py +53 -0
  322. webconf_audit/local/nginx/rules/limit_conn_zone_review.py +92 -0
  323. webconf_audit/local/nginx/rules/limit_req_unknown_zone.py +57 -0
  324. webconf_audit/local/nginx/rules/limit_req_zone_invalid_rate.py +51 -0
  325. webconf_audit/local/nginx/rules/limit_req_zone_not_per_ip.py +53 -0
  326. webconf_audit/local/nginx/rules/limit_req_zone_rate_review.py +80 -0
  327. webconf_audit/local/nginx/rules/log_format_missing_fields.py +322 -0
  328. webconf_audit/local/nginx/rules/merge_slashes_off.py +62 -0
  329. webconf_audit/local/nginx/rules/missing_access_log.py +95 -0
  330. webconf_audit/local/nginx/rules/missing_access_restrictions_on_sensitive_locations.py +140 -0
  331. webconf_audit/local/nginx/rules/missing_allowed_methods_restriction_for_uploads.py +79 -0
  332. webconf_audit/local/nginx/rules/missing_auth_basic_user_file.py +80 -0
  333. webconf_audit/local/nginx/rules/missing_backup_file_deny.py +119 -0
  334. webconf_audit/local/nginx/rules/missing_client_body_timeout.py +59 -0
  335. webconf_audit/local/nginx/rules/missing_client_header_timeout.py +59 -0
  336. webconf_audit/local/nginx/rules/missing_client_max_body_size.py +89 -0
  337. webconf_audit/local/nginx/rules/missing_content_security_policy.py +131 -0
  338. webconf_audit/local/nginx/rules/missing_error_log.py +108 -0
  339. webconf_audit/local/nginx/rules/missing_generated_artifact_deny.py +145 -0
  340. webconf_audit/local/nginx/rules/missing_hidden_files_deny.py +81 -0
  341. webconf_audit/local/nginx/rules/missing_hsts_header.py +71 -0
  342. webconf_audit/local/nginx/rules/missing_http2_on_tls_listener.py +97 -0
  343. webconf_audit/local/nginx/rules/missing_http_method_restrictions.py +77 -0
  344. webconf_audit/local/nginx/rules/missing_http_to_https_redirect.py +158 -0
  345. webconf_audit/local/nginx/rules/missing_keepalive_timeout.py +59 -0
  346. webconf_audit/local/nginx/rules/missing_limit_conn.py +91 -0
  347. webconf_audit/local/nginx/rules/missing_limit_conn_zone.py +87 -0
  348. webconf_audit/local/nginx/rules/missing_limit_req.py +91 -0
  349. webconf_audit/local/nginx/rules/missing_limit_req_zone.py +59 -0
  350. webconf_audit/local/nginx/rules/missing_log_format.py +88 -0
  351. webconf_audit/local/nginx/rules/missing_permissions_policy.py +71 -0
  352. webconf_audit/local/nginx/rules/missing_referrer_policy.py +71 -0
  353. webconf_audit/local/nginx/rules/missing_send_timeout.py +59 -0
  354. webconf_audit/local/nginx/rules/missing_server_name.py +60 -0
  355. webconf_audit/local/nginx/rules/missing_ssl_certificate.py +63 -0
  356. webconf_audit/local/nginx/rules/missing_ssl_certificate_key.py +70 -0
  357. webconf_audit/local/nginx/rules/missing_ssl_ciphers.py +80 -0
  358. webconf_audit/local/nginx/rules/missing_ssl_prefer_server_ciphers.py +91 -0
  359. webconf_audit/local/nginx/rules/missing_ssl_protocols.py +72 -0
  360. webconf_audit/local/nginx/rules/missing_x_content_type_options.py +72 -0
  361. webconf_audit/local/nginx/rules/missing_x_frame_options.py +102 -0
  362. webconf_audit/local/nginx/rules/missing_x_xss_protection.py +71 -0
  363. webconf_audit/local/nginx/rules/permissions_policy_unsafe.py +69 -0
  364. webconf_audit/local/nginx/rules/proxy_missing_source_ip_headers.py +223 -0
  365. webconf_audit/local/nginx/rules/proxy_pass_user_controlled_destination.py +98 -0
  366. webconf_audit/local/nginx/rules/proxy_set_header_host_spoofing.py +85 -0
  367. webconf_audit/local/nginx/rules/proxy_ssl_trusted_certificate_missing.py +76 -0
  368. webconf_audit/local/nginx/rules/proxy_ssl_verify_disabled.py +72 -0
  369. webconf_audit/local/nginx/rules/public_autoindex_rate_limit_policy_weak.py +246 -0
  370. webconf_audit/local/nginx/rules/referrer_policy_unsafe.py +73 -0
  371. webconf_audit/local/nginx/rules/send_timeout_too_high.py +63 -0
  372. webconf_audit/local/nginx/rules/sensitive_config_files_restricted.py +150 -0
  373. webconf_audit/local/nginx/rules/sensitive_location_missing_ip_filter.py +179 -0
  374. webconf_audit/local/nginx/rules/server_block_accepts_unknown_host.py +148 -0
  375. webconf_audit/local/nginx/rules/server_tokens_on.py +46 -0
  376. webconf_audit/local/nginx/rules/sitewide_http_method_policy_missing.py +310 -0
  377. webconf_audit/local/nginx/rules/ssl_ciphers_weak.py +134 -0
  378. webconf_audit/local/nginx/rules/ssl_conf_command_options.py +200 -0
  379. webconf_audit/local/nginx/rules/ssl_session_cache_missing.py +91 -0
  380. webconf_audit/local/nginx/rules/ssl_session_tickets_disabled.py +52 -0
  381. webconf_audit/local/nginx/rules/ssl_session_timeout_missing_or_invalid.py +100 -0
  382. webconf_audit/local/nginx/rules/ssl_stapling_disabled.py +126 -0
  383. webconf_audit/local/nginx/rules/ssl_stapling_missing_resolver.py +109 -0
  384. webconf_audit/local/nginx/rules/ssl_stapling_without_verify.py +104 -0
  385. webconf_audit/local/nginx/rules/tls_listener_utils.py +90 -0
  386. webconf_audit/local/nginx/rules/weak_ssl_protocols.py +119 -0
  387. webconf_audit/local/nginx/rules_runner.py +76 -0
  388. webconf_audit/local/normalized.py +206 -0
  389. webconf_audit/local/normalizers/__init__.py +91 -0
  390. webconf_audit/local/normalizers/apache_normalizer.py +901 -0
  391. webconf_audit/local/normalizers/iis_normalizer.py +559 -0
  392. webconf_audit/local/normalizers/lighttpd_normalizer.py +676 -0
  393. webconf_audit/local/normalizers/nginx_normalizer.py +505 -0
  394. webconf_audit/local/rule_runner_utils.py +83 -0
  395. webconf_audit/local/rules/__init__.py +1 -0
  396. webconf_audit/local/rules/universal/__init__.py +1 -0
  397. webconf_audit/local/rules/universal/directory_listing_enabled.py +60 -0
  398. webconf_audit/local/rules/universal/listen_on_all_interfaces.py +82 -0
  399. webconf_audit/local/rules/universal/missing_hsts.py +89 -0
  400. webconf_audit/local/rules/universal/missing_security_header.py +378 -0
  401. webconf_audit/local/rules/universal/server_identification_disclosed.py +69 -0
  402. webconf_audit/local/rules/universal/tls_intent_without_config.py +120 -0
  403. webconf_audit/local/rules/universal/tls_required_for_authenticated_routes.py +82 -0
  404. webconf_audit/local/rules/universal/weak_tls_ciphers.py +87 -0
  405. webconf_audit/local/rules/universal/weak_tls_protocol.py +70 -0
  406. webconf_audit/local/sensitive_artifact_policy.py +67 -0
  407. webconf_audit/local/universal_rules.py +53 -0
  408. webconf_audit/models.py +171 -0
  409. webconf_audit/openssl_conf_policy.py +56 -0
  410. webconf_audit/policy_models.py +1578 -0
  411. webconf_audit/report/__init__.py +1556 -0
  412. webconf_audit/rule_registry.py +530 -0
  413. webconf_audit/rule_severity.py +505 -0
  414. webconf_audit/rule_standards.py +2153 -0
  415. webconf_audit/standard_catalog.py +431 -0
  416. webconf_audit/standards.py +591 -0
  417. webconf_audit/suppressions.py +451 -0
  418. webconf_audit/tls_cipher_policy.py +152 -0
  419. webconf_audit-0.1.1.dist-info/METADATA +12 -0
  420. webconf_audit-0.1.1.dist-info/RECORD +422 -0
  421. webconf_audit-0.1.1.dist-info/WHEEL +4 -0
  422. webconf_audit-0.1.1.dist-info/entry_points.txt +2 -0
webconf_audit/__init__.py ADDED
File without changes
webconf_audit/apache_module_names.py ADDED
@@ -0,0 +1,64 @@
1
+ from __future__ import annotations
2
+
3
+ from pathlib import Path
4
+
5
+
6
+ def module_aliases(raw_value: str) -> frozenset[str]:
7
+ value = raw_value.strip().strip('"').strip("'").lower()
8
+ if not value:
9
+ return frozenset()
10
+
11
+ file_name = Path(value).name.lower()
12
+ aliases = {value, file_name}
13
+ aliases.update(_normalized_module_aliases(value))
14
+ if file_name != value:
15
+ aliases.update(_normalized_module_aliases(file_name))
16
+ return frozenset(sorted(alias for alias in aliases if alias))
17
+
18
+
19
+ def normalized_module_identifier(raw_value: str) -> str:
20
+ aliases = module_aliases(raw_value)
21
+ if not aliases:
22
+ return ""
23
+ explicit_identifier = next(
24
+ (alias for alias in aliases if alias.endswith("_module")),
25
+ None,
26
+ )
27
+ if explicit_identifier is not None:
28
+ return explicit_identifier
29
+ bare_identifier = next(
30
+ (
31
+ alias
32
+ for alias in aliases
33
+ if "." not in alias and "/" not in alias and "\\" not in alias
34
+ ),
35
+ None,
36
+ )
37
+ if bare_identifier is not None:
38
+ return bare_identifier
39
+ return next(iter(aliases))
40
+
41
+
42
+ def _normalized_module_aliases(value: str) -> set[str]:
43
+ normalized = value.removeprefix("!")
44
+ aliases = {normalized}
45
+
46
+ if normalized.endswith("_module"):
47
+ bare = normalized.removesuffix("_module")
48
+ aliases.update({bare, f"mod_{bare}.c"})
49
+ elif normalized.startswith("mod_") and normalized.endswith(".c"):
50
+ bare = normalized.removeprefix("mod_").removesuffix(".c")
51
+ aliases.update({bare, f"{bare}_module"})
52
+ elif normalized.startswith("mod_") and normalized.endswith(".so"):
53
+ bare = normalized.removeprefix("mod_").removesuffix(".so")
54
+ aliases.update({bare, f"{bare}_module", f"mod_{bare}.c"})
55
+ elif normalized.endswith(".so"):
56
+ bare = normalized.removesuffix(".so")
57
+ aliases.add(bare)
58
+ if "/" not in normalized and "\\" not in normalized:
59
+ aliases.add(f"{bare}_module")
60
+
61
+ return aliases
62
+
63
+
64
+ __all__ = ["module_aliases", "normalized_module_identifier"]