Documentation
¶
Index ¶
- Constants
- Variables
- func CheckCORSAllowOrigin(operation *request.Operation, headers http.Header, r *report.ScanReport) bool
- func CheckSignatureHeader(operation *request.Operation, headers map[string][]string, ...) bool
- func HTTPHeadersBestPracticesScanHandler(operation *request.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)
- func HTTPTraceMethodScanHandler(operation *request.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)
- func ServerSignatureScanHandler(operation *request.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)
Constants ¶
View Source
const ( CSPHTTPHeader = "Content-Security-Policy" HSTSHTTPHeader = "Strict-Transport-Security" CORSOriginHTTPHeader = "Access-Control-Allow-Origin" XContentTypeOptionsHTTPHeader = "X-Content-Type-Options" XFrameOptionsHTTPHeader = "X-Frame-Options" )
View Source
const ( CSPHTTPHeaderSeverityLevel = 1 CSPHTTPHeaderIsNotSetVulnerabilityName = "CSP Header is not set" CSPHTTPHeaderIsNotSetVulnerabilityDescription = "No Content Security Policy (CSP) Header has been detected in HTTP Response." CSPHTTPHeaderFrameAncestorsIsNotSetVulnerabilityName = "CSP frame-ancestors policy is not set" CSPHTTPHeaderFrameAncestorsIsNotSetVulnerabilityDescription = "No frame-ancestors policy has been set in CSP HTTP Response Header." HSTSHTTPHeaderSeverityLevel = 1 HSTSHTTPHeaderIsNotSetVulnerabilityName = "HSTS Header is not set" HSTSHTTPHeaderIsNotSetVulnerabilityDescription = "No HSTS Header has been detected in HTTP Response." CORSHTTPHeaderSeverityLevel = 1 CORSHTTPHeaderIsNotSetVulnerabilityName = "CORS Header is not set" CORSHTTPHeaderIsNotSetVulnerabilityDescription = "No CORS Header has been detected in HTTP Response." CORSHTTPHeaderIsPermisiveVulnerabilityName = "CORS Header is set but permissive" CORSHTTPHeaderIsPermisiveVulnerabilityDescription = "CORS Header has been detected in HTTP Response but is permissive." XContentTypeOptionsHTTPHeaderIsNotSetSeverityLevel = 1 XContentTypeOptionsHTTPHeaderIsNotSetVulnerabilityName = "X-Content-Type-Options Header is not set" XContentTypeOptionsHTTPHeaderIsNotSetVulnerabilityDescription = "No X-Content-Type-Options Header has been detected in HTTP Response." XFrameOptionsHTTPHeaderIsNotSetSeverityLevel = 1 XFrameOptionsHTTPHeaderIsNotSetVulnerabilityName = "X-Frame-Options Header is not set" XFrameOptionsHTTPHeaderIsNotSetVulnerabilityDescription = "No X-Frame-Options Header has been detected in HTTP Response." )
View Source
const ( HTTPTraceMethodSeverityLevel = 1 HTTPTraceMethodVulnerabilityName = "HTTP Trace Method enabled" HTTPTraceMethodVulnerabilityDescription = "HTTP Trace method seems enabled for this request." )
View Source
const ( ServerSignatureSeverityLevel = 1 ServerSignatureVulnerabilityName = "Server Signature Exposed" ServerSignatureVulnerabilityDescription = "A Server signature is exposed in an header." )
Variables ¶
View Source
var SignatureHeaders = []string{"Server", "X-Powered-By", "X-AspNet-Version", "X-AspNetMvc-Version"}
Functions ¶
func CheckCORSAllowOrigin ¶
func CheckSignatureHeader ¶ added in v0.3.1
func HTTPHeadersBestPracticesScanHandler ¶
func HTTPHeadersBestPracticesScanHandler(operation *request.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)
func HTTPTraceMethodScanHandler ¶
func HTTPTraceMethodScanHandler(operation *request.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)
func ServerSignatureScanHandler ¶ added in v0.3.1
func ServerSignatureScanHandler(operation *request.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.