From 9ef36af8f76efde5dbf411977dd37ac03462f1a0 Mon Sep 17 00:00:00 2001 From: Jonathan Hodgson Date: Wed, 2 Dec 2020 09:11:52 +0000 Subject: [PATCH] BIN: analyse-headers: adds feature-policy and permissions-policy checks --- bin/.bin/webtest/analyse-headers | 34 +++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/bin/.bin/webtest/analyse-headers b/bin/.bin/webtest/analyse-headers index 534e6364..a96c1f4e 100755 --- a/bin/.bin/webtest/analyse-headers +++ b/bin/.bin/webtest/analyse-headers @@ -269,6 +269,36 @@ Strict means the browser sends the cookie only for same-site requests\n\n" return "$ret" } +test_permissions-policy(){ + if [ -z "$1" ]; then + echo "Permissions-Policy" | drawInBox + wecho "The Permission-Policy header replaces the Feature-Policy and is \ +used to allow or disallow certain browser features or apis in the interest of \ +security.\n\n" + return 3 + fi + local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)" +} + +test_feature-policy(){ + if [ -z "$1" ]; then + echo "Feature-Policy" | drawInBox + wecho "The Feature-Policy header was used to allow or disallow certian \ +browser features or apis. It has been superceded by the permissions-policy +header but should still be included for legacy browsers.\n\n" + return 3 + fi + if ! echo "$headers" | grep -Eqi '^permissions-policy'; then + echo "Feature-Policy" | drawInBox + wecho "The Feature-Policy header was used to allow or disallow certian \ +browser features or apis. It has been superceded by the permissions-policy +header but should still be included for legacy browsers. +It has been highlighted because the Permissions-policy header wasn't found.\n\n" + return 3 + fi + local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)" +} + usage(){ echo -n "analyse-headers [OPTIONS]... URL @@ -339,7 +369,9 @@ headers="$(curl -s -I "$url")" missingHeaders="x-frame-options content-security-policy x-xss-protection -x-content-type-options" +x-content-type-options +feature-policy +permissions-policy" tmpfile="$(mktemp)" touch "$tmpfile"