bestpractices

package

v0.3.0 Latest Latest Go to latest Published: Feb 12, 2024 License: MIT Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cerberauth/vulnapi

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func CheckCORSAllowOrigin(o *auth.Operation, headers http.Header, r *report.ScanReport) bool
func HTTPHeadersBestPracticesScanHandler(o *auth.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)
func HTTPTraceMethodScanHandler(o *auth.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)

Constants ¶

View Source

const (
	CSPHTTPHeader                 = "Content-Security-Policy"
	HSTSHTTPHeader                = "Strict-Transport-Security"
	CORSOriginHTTPHeader          = "Access-Control-Allow-Origin"
	XContentTypeOptionsHTTPHeader = "X-Content-Type-Options"
	XFrameOptionsHTTPHeader       = "X-Frame-Options"
)

View Source

const (
	CSPHTTPHeaderSeverityLevel                                  = 1
	CSPHTTPHeaderIsNotSetVulnerabilityName                      = "CSP Header is not set"
	CSPHTTPHeaderIsNotSetVulnerabilityDescription               = "No Content Security Policy (CSP) Header has been detected in HTTP Response."
	CSPHTTPHeaderFrameAncestorsIsNotSetVulnerabilityName        = "CSP frame-ancestors policy is not set"
	CSPHTTPHeaderFrameAncestorsIsNotSetVulnerabilityDescription = "No frame-ancestors policy has been set in CSP HTTP Response Header."

	HSTSHTTPHeaderSeverityLevel                    = 1
	HSTSHTTPHeaderIsNotSetVulnerabilityName        = "HSTS Header is not set"
	HSTSHTTPHeaderIsNotSetVulnerabilityDescription = "No HSTS Header has been detected in HTTP Response."

	CORSHTTPHeaderSeverityLevel                       = 1
	CORSHTTPHeaderIsNotSetVulnerabilityName           = "CORS Header is not set"
	CORSHTTPHeaderIsNotSetVulnerabilityDescription    = "No CORS Header has been detected in HTTP Response."
	CORSHTTPHeaderIsPermisiveVulnerabilityName        = "CORS Header is set but permissive"
	CORSHTTPHeaderIsPermisiveVulnerabilityDescription = "CORS Header has been detected in HTTP Response but is permissive."

	XContentTypeOptionsHTTPHeaderIsNotSetSeverityLevel            = 1
	XContentTypeOptionsHTTPHeaderIsNotSetVulnerabilityName        = "X-Content-Type-Options Header is not set"
	XContentTypeOptionsHTTPHeaderIsNotSetVulnerabilityDescription = "No X-Content-Type-Options Header has been detected in HTTP Response."

	XFrameOptionsHTTPHeaderIsNotSetSeverityLevel            = 1
	XFrameOptionsHTTPHeaderIsNotSetVulnerabilityName        = "X-Frame-Options Header is not set"
	XFrameOptionsHTTPHeaderIsNotSetVulnerabilityDescription = "No X-Frame-Options Header has been detected in HTTP Response."
)

View Source

const (
	HTTPTraceMethodSeverityLevel            = 1
	HTTPTraceMethodVulnerabilityName        = "HTTP Trace Method enabled"
	HTTPTraceMethodVulnerabilityDescription = "HTTP Trace method seems enabled for this request."
)

Variables ¶

This section is empty.

Functions ¶

func CheckCORSAllowOrigin ¶

func CheckCORSAllowOrigin(o *auth.Operation, headers http.Header, r *report.ScanReport) bool

func HTTPHeadersBestPracticesScanHandler ¶

func HTTPHeadersBestPracticesScanHandler(o *auth.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)

func HTTPTraceMethodScanHandler ¶

func HTTPTraceMethodScanHandler(o *auth.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL