http

package
v0.0.1-rc5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 28, 2026 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

Package http implements the Web/Custom family of WebSec0 checks (HTTP/2-3, mixed content, dangerous methods, CORS, 404 hygiene, compression, robots.txt, change-password well-known, SRI).

The homepage GET is shared with internal/scanner/headers via headers.Fetch; the additional probes (OPTIONS / TRACE / CORS / 404 / robots / change-password) are batched and memoised here.

Index

Constants

View Source 
const (
	IDHTTP2Missing            = "HTTP-HTTP2-MISSING"
	IDHTTP3Missing            = "HTTP-HTTP3-MISSING"
	IDMixedContent            = "HTTP-MIXED-CONTENT"
	IDOptionsDangerousMethods = "HTTP-OPTIONS-DANGEROUS-METHODS"
	IDTraceEnabled            = "HTTP-TRACE-ENABLED"
	IDCORSWildcardCredentials = "HTTP-CORS-WILDCARD-CREDENTIALS" //#nosec G101 -- public check identifier, not a credential
	IDCORSOriginReflected     = "HTTP-CORS-ORIGIN-REFLECTED"
	IDCORSNullOrigin          = "HTTP-CORS-NULL-ORIGIN"
	ID404StackTrace           = "HTTP-404-STACK-TRACE"
	ID404DefaultErrorPage     = "HTTP-404-DEFAULT-ERROR-PAGE"
	IDCompressionNone         = "HTTP-COMPRESSION-NONE"
	IDRobotsTxtInvalid        = "ROBOTS-TXT-INVALID"
	IDChangePasswordMissing   = "WELLKNOWN-CHANGE-PASSWORD-MISSING"
	IDSRIExternalNoIntegrity  = "SRI-EXTERNAL-RESOURCE-NO-INTEGRITY"
)

Check IDs.

Variables

This section is empty.

Functions

func Register 

func Register(r *checks.Registry)

Register adds every Web/Custom check to r.

Types

type AuxResult 

type AuxResult struct {
	Options     *Probe
	Trace       *Probe
	CORSReflect *Probe
	CORSNull    *Probe
	NotFound    *Probe
	Robots      *Probe
	ChangePass  *Probe
}

AuxResult batches every auxiliary probe.

func Fetch 

func Fetch(ctx context.Context, t *checks.Target) (*AuxResult, error)

Fetch runs (or memoises) the auxiliary probes for t.

type Probe 

type Probe struct {
	URL     string
	Status  int
	Headers http.Header
	Body    []byte
	Err     error
}

Probe is a single response snapshot.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.