Class: SiteInspector::Endpoint::Headers

Inherits:
Check
  • Object
show all
Defined in:
lib/site-inspector/checks/headers.rb

Instance Attribute Summary

Attributes inherited from Check

#endpoint

Instance Method Summary collapse

Methods inherited from Check

#host, #initialize, #inspect, #name, name, #request, #response

Constructor Details

This class inherits a constructor from SiteInspector::Endpoint::Check

Instance Method Details

#[](header) ⇒ Object 



65
66
67
 
# File 'lib/site-inspector/checks/headers.rb', line 65

def [](header)
  headers[header]
end

#allObject Also known as: headers

Returns an array of hashes of downcased key/value header pairs (or an empty hash)



60
61
62
 
# File 'lib/site-inspector/checks/headers.rb', line 60

def all
  @all ||= (response && response.headers) ? Hash[response.headers.map{ |k,v| [k.downcase,v] }] : {}
end

#click_jacking_protectionObject 



35
36
37
 
# File 'lib/site-inspector/checks/headers.rb', line 35

def click_jacking_protection
  headers["x-frame-options"]
end

#click_jacking_protection?Boolean

Returns:

  • (Boolean) 


20
21
22
 
# File 'lib/site-inspector/checks/headers.rb', line 20

def click_jacking_protection?
  !!click_jacking_protection
end

#content_security_policyObject 



31
32
33
 
# File 'lib/site-inspector/checks/headers.rb', line 31

def content_security_policy
  headers["content-security-policy"]
end

#content_security_policy?Boolean

Returns:

  • (Boolean) 


16
17
18
 
# File 'lib/site-inspector/checks/headers.rb', line 16

def content_security_policy?
  !!content_security_policy
end

#cookies?Boolean

cookies can have multiple set-cookie headers, so this detects whether cookies are set, but not all their values.

Returns:

  • (Boolean) 


7
8
9
 
# File 'lib/site-inspector/checks/headers.rb', line 7

def cookies?
  !!headers["set-cookie"]
end

#secure_cookies?Boolean

Returns:

  • (Boolean) 


52
53
54
55
56
57
 
# File 'lib/site-inspector/checks/headers.rb', line 52

def secure_cookies?
  return false if !cookies?
  cookie = headers["set-cookie"]
  cookie = cookie.first if cookie.is_a?(Array)
  !!(cookie =~ /(; secure.*; httponly|; httponly.*; secure)/i)
end

#serverObject 



39
40
41
 
# File 'lib/site-inspector/checks/headers.rb', line 39

def server
  headers["server"]
end

#strict_transport_securityObject

TODO: kill this



27
28
29
 
# File 'lib/site-inspector/checks/headers.rb', line 27

def strict_transport_security
  headers["strict-transport-security"]
end

#strict_transport_security?Boolean

TODO: kill this

Returns:

  • (Boolean) 


12
13
14
 
# File 'lib/site-inspector/checks/headers.rb', line 12

def strict_transport_security?
  !!strict_transport_security
end

#to_hObject 



69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'lib/site-inspector/checks/headers.rb', line 69

def to_h
  {
    :cookies => cookies?,
    :strict_transport_security => strict_transport_security || false,
    :content_security_policy => content_security_policy || false,
    :click_jacking_protection => click_jacking_protection || false,
    :click_jacking_protection => click_jacking_protection || false,
    :server => server,
    :xss_protection => xss_protection || false,
    :secure_cookies => secure_cookies?
  }
end

#xss_protectionObject 



43
44
45
 
# File 'lib/site-inspector/checks/headers.rb', line 43

def xss_protection
  headers["x-xss-protection"]
end

#xss_protection?Boolean

more specific checks than presence of headers

Returns:

  • (Boolean) 


48
49
50
 
# File 'lib/site-inspector/checks/headers.rb', line 48

def xss_protection?
  xss_protection == "1; mode=block"
end