Documentation
¶
Overview ¶
Package headers implements the HTTP-headers family of WebSec101 checks. All checks share a single homepage fetch via Target.CacheValue.
Index ¶
Constants ¶
View Source
const ( IDCSPMissing = "HEADER-CSP-MISSING" IDCSPUnsafeInline = "HEADER-CSP-UNSAFE-INLINE" IDCSPUnsafeEval = "HEADER-CSP-UNSAFE-EVAL" IDCSPWildcardSrc = "HEADER-CSP-WILDCARD-SRC" IDCSPNoObjectSrc = "HEADER-CSP-NO-OBJECT-SRC" IDCSPNoBaseURI = "HEADER-CSP-NO-BASE-URI" IDCSPNoFrameAncestors = "HEADER-CSP-NO-FRAME-ANCESTORS" IDXCTOMissing = "HEADER-XCTO-MISSING" IDXFOMissing = "HEADER-XFO-MISSING" IDReferrerPolicyMissing = "HEADER-REFERRER-POLICY-MISSING" IDReferrerPolicyUnsafe = "HEADER-REFERRER-POLICY-UNSAFE" IDPermissionsPolicyMiss = "HEADER-PERMISSIONS-POLICY-MISSING" IDFeaturePolicyDeprec = "HEADER-FEATURE-POLICY-DEPRECATED" IDCOOPMissing = "HEADER-COOP-MISSING" IDCOEPMissing = "HEADER-COEP-MISSING" IDCORPMissing = "HEADER-CORP-MISSING" IDReportingEndpointsNo = "HEADER-REPORTING-ENDPOINTS-NONE" IDNELNone = "HEADER-NEL-NONE" IDXSSProtectionDeprec = "HEADER-XSS-PROTECTION-DEPRECATED" IDHPKPDeprecated = "HEADER-HPKP-DEPRECATED" IDExpectCTDeprecated = "HEADER-EXPECT-CT-DEPRECATED" IDInfoServer = "HEADER-INFO-SERVER" IDInfoXPoweredBy = "HEADER-INFO-X-POWERED-BY" IDInfoXAspNetVersion = "HEADER-INFO-X-ASPNET-VERSION" IDInfoXGenerator = "HEADER-INFO-X-GENERATOR" IDInfoServerTiming = "HEADER-INFO-SERVER-TIMING" )
Check IDs for the HTTP-headers family.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type CSP ¶
CSP is the parsed Content-Security-Policy. Directive names are lowercased; tokens preserve their original case (case-sensitive in CSP).
type FetchResult ¶
type FetchResult struct {
Reachable bool
URL string
Status int
// ProtoMajor / ProtoMinor capture the negotiated HTTP version
// (e.g. 2/0 for HTTP/2). resp.Proto contains a "HTTP/2.0" string.
ProtoMajor int
ProtoMinor int
Headers http.Header
Body []byte
Err error
}
FetchResult is the captured homepage response.
func Fetch ¶
Fetch performs a single HTTPS GET on the target's root and memoises the result on the Target.
func (*FetchResult) AllHeaders ¶
func (f *FetchResult) AllHeaders(name string) []string
AllHeaders returns every value of name. Some headers (Set-Cookie, CSP-Report-Only, etc.) may legitimately appear multiple times.
func (*FetchResult) Header ¶
func (f *FetchResult) Header(name string) string
Header returns the first value of name (case-insensitive) or "".
Source Files
Click to show internal directories.
Click to hide internal directories.