jab2870/Dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

BIN: analyse-headers: add expect-ct and start referrer-policy

Browse source
This commit is contained in:
Jonathan Hodgson 2020-12-03 11:19:35 +00:00
parent 5369861bc8
commit 69c7355225
1 changed files with 36 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

40
bin/.bin/webtest/analyse-headers
View file

@ -276,7 +276,7 @@ test_permissions-policy(){
wecho "The Permission-Policy header replaces the Feature-Policy and is \ wecho "The Permission-Policy header replaces the Feature-Policy and is \
used to allow or disallow certain browser features or apis in the interest of \ used to allow or disallow certain browser features or apis in the interest of \
security.\n\n" security.\n\n"
return 3 return 2
fi fi
local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)" local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
} }
@ -287,7 +287,7 @@ test_feature-policy(){
wecho "The Feature-Policy header was used to allow or disallow certian \ wecho "The Feature-Policy header was used to allow or disallow certian \
browser features or apis. It has been superceded by the permissions-policy browser features or apis. It has been superceded by the permissions-policy
header but should still be included for legacy browsers.\n\n" header but should still be included for legacy browsers.\n\n"
return 3 return 2
fi fi
if ! echo "$headers" | grep -Eqi '^permissions-policy'; then if ! echo "$headers" | grep -Eqi '^permissions-policy'; then
echo "Feature-Policy" | drawInBox echo "Feature-Policy" | drawInBox
@ -295,11 +295,42 @@ header but should still be included for legacy browsers.\n\n"
browser features or apis. It has been superceded by the permissions-policy browser features or apis. It has been superceded by the permissions-policy
header but should still be included for legacy browsers. header but should still be included for legacy browsers.
It has been highlighted because the Permissions-policy header wasn't found.\n\n" It has been highlighted because the Permissions-policy header wasn't found.\n\n"
return 3 return 2
fi fi
local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)" local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
} }
test_expect-ct(){
local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
if [ -z "$1" ]; then
echo "Expect-CT" | drawInBox
wecho "When a site enables the Expect-CT header, they are requesting \
that the browser check that any certificate for that site appears in public \
CT logs.
Initially, set the header without the enforce option but with report in order \
to check for potential breakages\n\n"
return 2
elif ! echo "$value" | grep -q "enforce"; then
echo "Expect-CT" | drawInBox
wecho "The enforce directive was not found. It can be useful to omit \
this whilst testing the header, but should be added once testing has finished.\n\n"
return 1
fi
}
test_referer-policy-ct(){
local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
if [ -z "$1" ]; then
echo "Referrer-Policy" | drawInBox
wecho "The Referrer-Policy HTTP header controls how much referrer \
information (sent via the Referer header) should be included with requests.\n\n"
return 2
elif ! echo "$value" | grep -q "enforce"; then
# TODO: add checks for different referer policy opitons
return 1
fi
}
usage(){ usage(){
echo -n "analyse-headers [OPTIONS]... URL echo -n "analyse-headers [OPTIONS]... URL
@ -372,7 +403,8 @@ content-security-policy
x-xss-protection x-xss-protection
x-content-type-options x-content-type-options
feature-policy feature-policy
permissions-policy" permissions-policy
expect-ct"
tmpfile="$(mktemp)" tmpfile="$(mktemp)"
touch "$tmpfile" touch "$tmpfile"