Class: CMSScanner::Headers

Inherits:
InterestingFinding show all
Defined in:
app/models/headers.rb

Overview

Interesting Headers

Constant Summary

Constants included from Finders::Finding

Finders::Finding::FINDING_OPTS

Instance Attribute Summary

Attributes inherited from InterestingFinding

#to_s, #url

Instance Method Summary collapse

Methods inherited from InterestingFinding

#==, #initialize

Methods included from Finders::Finding

#<=>, #confidence, #confidence=, #confirmed_by, #eql?, included, #parse_finding_options

Constructor Details

This class inherits a constructor from CMSScanner::InterestingFinding

Instance Method Details

#entriesHash

Returns The headers.

Returns:

  • (Hash)

    The headers



5
6
7
8
9
 
# File 'app/models/headers.rb', line 5

def entries
  res = NS::Browser.get(url)
  return [] unless res&.headers
  res.headers
end

#interesting_entriesArray<String>

Returns The interesting headers detected.

Returns:

  • (Array<String>)

    The interesting headers detected



12
13
14
15
16
17
18
19
20
21
 
# File 'app/models/headers.rb', line 12

def interesting_entries
  results = []

  entries.each do |header, value|
    next if known_headers.include?(header.downcase)

    results << "#{header}: #{[*value].join(', ')}"
  end
  results
end

#known_headersArray<String>

Returns Downcased known headers.

Returns:

  • (Array<String>)

    Downcased known headers



24
25
26
27
28
29
30
31
32
 
# File 'app/models/headers.rb', line 24

def known_headers
  %w[
    age accept-ranges cache-control content-encoding content-length content-type connection date
    etag expires keep-alive location last-modified link pragma set-cookie strict-transport-security
    transfer-encoding vary x-cache x-content-security-policy x-content-type-options
    x-frame-options x-language x-permitted-cross-domain-policies x-pingback x-varnish
    x-webkit-csp x-xss-protection
  ]
end