Class: SiteInspector::Endpoint::Headers
- Inherits:
-
Check
- Object
- Check
- SiteInspector::Endpoint::Headers
show all
- Defined in:
- lib/site-inspector/checks/headers.rb
Instance Attribute Summary
Attributes inherited from Check
#endpoint
Instance Method Summary
collapse
Methods inherited from Check
#host, #initialize, #inspect, #name, name, #request, #response
Instance Method Details
#[](header) ⇒ Object
65
66
67
|
# File 'lib/site-inspector/checks/headers.rb', line 65
def []()
[]
end
|
#all ⇒ Object
Also known as:
Returns an array of hashes of downcased key/value header pairs (or an empty hash)
60
61
62
|
# File 'lib/site-inspector/checks/headers.rb', line 60
def all
@all ||= (response && response.) ? Hash[response..map{ |k,v| [k.downcase,v] }] : {}
end
|
#click_jacking_protection ⇒ Object
35
36
37
|
# File 'lib/site-inspector/checks/headers.rb', line 35
def click_jacking_protection
["x-frame-options"]
end
|
#click_jacking_protection? ⇒ Boolean
20
21
22
|
# File 'lib/site-inspector/checks/headers.rb', line 20
def click_jacking_protection?
!!click_jacking_protection
end
|
#content_security_policy ⇒ Object
31
32
33
|
# File 'lib/site-inspector/checks/headers.rb', line 31
def content_security_policy
["content-security-policy"]
end
|
#content_security_policy? ⇒ Boolean
16
17
18
|
# File 'lib/site-inspector/checks/headers.rb', line 16
def content_security_policy?
!!content_security_policy
end
|
#cookies? ⇒ Boolean
cookies can have multiple set-cookie headers, so this detects whether cookies are set, but not all their values.
7
8
9
|
# File 'lib/site-inspector/checks/headers.rb', line 7
def cookies?
!!["set-cookie"]
end
|
#secure_cookies? ⇒ Boolean
52
53
54
55
56
57
|
# File 'lib/site-inspector/checks/headers.rb', line 52
def secure_cookies?
return false if !cookies?
cookie = ["set-cookie"]
cookie = cookie.first if cookie.is_a?(Array)
!!(cookie =~ /(; secure.*; httponly|; httponly.*; secure)/i)
end
|
#server ⇒ Object
39
40
41
|
# File 'lib/site-inspector/checks/headers.rb', line 39
def server
["server"]
end
|
#strict_transport_security ⇒ Object
27
28
29
|
# File 'lib/site-inspector/checks/headers.rb', line 27
def strict_transport_security
["strict-transport-security"]
end
|
#strict_transport_security? ⇒ Boolean
12
13
14
|
# File 'lib/site-inspector/checks/headers.rb', line 12
def strict_transport_security?
!!strict_transport_security
end
|
#to_h ⇒ Object
69
70
71
72
73
74
75
76
77
78
79
80
|
# File 'lib/site-inspector/checks/headers.rb', line 69
def to_h
{
:cookies => cookies?,
:strict_transport_security => strict_transport_security || false,
:content_security_policy => content_security_policy || false,
:click_jacking_protection => click_jacking_protection || false,
:click_jacking_protection => click_jacking_protection || false,
:server => server,
:xss_protection => xss_protection || false,
:secure_cookies => secure_cookies?
}
end
|
#xss_protection ⇒ Object
43
44
45
|
# File 'lib/site-inspector/checks/headers.rb', line 43
def xss_protection
["x-xss-protection"]
end
|
#xss_protection? ⇒ Boolean
more specific checks than presence of headers
48
49
50
|
# File 'lib/site-inspector/checks/headers.rb', line 48
def xss_protection?
xss_protection == "1; mode=block"
end
|