BIN: analyse-headers: add expect-ct and start referrer-policy
This commit is contained in:
Jonathan Hodgson
parent
5369861bc8
commit
69c7355225
1 changed files with 36 additions and 4 deletions
|
|
@ -276,7 +276,7 @@ test_permissions-policy(){
|
|||
wecho "The Permission-Policy header replaces the Feature-Policy and is \
|
||||
used to allow or disallow certain browser features or apis in the interest of \
|
||||
security.\n\n"
|
||||
return 3
|
||||
return 2
|
||||
fi
|
||||
local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
|
||||
}
|
||||
|
|
@ -287,7 +287,7 @@ test_feature-policy(){
|
|||
wecho "The Feature-Policy header was used to allow or disallow certian \
|
||||
browser features or apis. It has been superceded by the permissions-policy
|
||||
header but should still be included for legacy browsers.\n\n"
|
||||
return 3
|
||||
return 2
|
||||
fi
|
||||
if ! echo "$headers" | grep -Eqi '^permissions-policy'; then
|
||||
echo "Feature-Policy" | drawInBox
|
||||
|
|
@ -295,11 +295,42 @@ header but should still be included for legacy browsers.\n\n"
|
|||
browser features or apis. It has been superceded by the permissions-policy
|
||||
header but should still be included for legacy browsers.
|
||||
It has been highlighted because the Permissions-policy header wasn't found.\n\n"
|
||||
return 3
|
||||
return 2
|
||||
fi
|
||||
local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
|
||||
}
|
||||
|
||||
test_expect-ct(){
|
||||
local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
|
||||
if [ -z "$1" ]; then
|
||||
echo "Expect-CT" | drawInBox
|
||||
wecho "When a site enables the Expect-CT header, they are requesting \
|
||||
that the browser check that any certificate for that site appears in public \
|
||||
CT logs.
|
||||
Initially, set the header without the enforce option but with report in order \
|
||||
to check for potential breakages\n\n"
|
||||
return 2
|
||||
elif ! echo "$value" | grep -q "enforce"; then
|
||||
echo "Expect-CT" | drawInBox
|
||||
wecho "The enforce directive was not found. It can be useful to omit \
|
||||
this whilst testing the header, but should be added once testing has finished.\n\n"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
test_referer-policy-ct(){
|
||||
local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
|
||||
if [ -z "$1" ]; then
|
||||
echo "Referrer-Policy" | drawInBox
|
||||
wecho "The Referrer-Policy HTTP header controls how much referrer \
|
||||
information (sent via the Referer header) should be included with requests.\n\n"
|
||||
return 2
|
||||
elif ! echo "$value" | grep -q "enforce"; then
|
||||
# TODO: add checks for different referer policy opitons
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
usage(){
|
||||
echo -n "analyse-headers [OPTIONS]... URL
|
||||
|
|
@ -372,7 +403,8 @@ content-security-policy
|
|||
x-xss-protection
|
||||
x-content-type-options
|
||||
feature-policy
|
||||
permissions-policy"
|
||||
permissions-policy
|
||||
expect-ct"
|
||||
|
||||
tmpfile="$(mktemp)"
|
||||
touch "$tmpfile"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue