bestpractices

const (
	HTTPCookiesNotHTTPOnlySeverityLevel            = 0
	HTTPCookiesNotHTTPOnlyVulnerabilityName        = "Cookies not HTTP-Only"
	HTTPCookiesNotHTTPOnlyVulnerabilityDescription = "Cookies should be http-only."

	HTTPCookiesNotSecureSeverityLevel            = 0
	HTTPCookiesNotSecureVulnerabilityName        = "Cookies not Secure"
	HTTPCookiesNotSecureVulnerabilityDescription = "Cookies should be secure."

	HTTPCookiesSameSiteSeverityLevel            = 0
	HTTPCookiesSameSiteVulnerabilityName        = "Cookies SameSite not set or set to None"
	HTTPCookiesSameSiteVulnerabilityDescription = "Cookies should have SameSite attribute set to Strict or Lax."

	HTTPCookiesExpiresSeverityLevel            = 0
	HTTPCookiesExpiresVulnerabilityName        = "Cookies Expires not set"
	HTTPCookiesExpiresVulnerabilityDescription = "Cookies should have Expires attribute set."
)

const (
	CSPHTTPHeader                 = "Content-Security-Policy"
	HSTSHTTPHeader                = "Strict-Transport-Security"
	CORSOriginHTTPHeader          = "Access-Control-Allow-Origin"
	XContentTypeOptionsHTTPHeader = "X-Content-Type-Options"
	XFrameOptionsHTTPHeader       = "X-Frame-Options"
)

const (
	CSPHTTPHeaderSeverityLevel                                  = 0
	CSPHTTPHeaderIsNotSetVulnerabilityName                      = "CSP Header is not set"
	CSPHTTPHeaderIsNotSetVulnerabilityDescription               = "No Content Security Policy (CSP) Header has been detected in HTTP Response."
	CSPHTTPHeaderFrameAncestorsIsNotSetVulnerabilityName        = "CSP frame-ancestors policy is not set"
	CSPHTTPHeaderFrameAncestorsIsNotSetVulnerabilityDescription = "No frame-ancestors policy has been set in CSP HTTP Response Header."

	HSTSHTTPHeaderSeverityLevel                    = 0
	HSTSHTTPHeaderIsNotSetVulnerabilityName        = "HSTS Header is not set"
	HSTSHTTPHeaderIsNotSetVulnerabilityDescription = "No HSTS Header has been detected in HTTP Response."

	CORSHTTPHeaderSeverityLevel                       = 0
	CORSHTTPHeaderIsNotSetVulnerabilityName           = "CORS Header is not set"
	CORSHTTPHeaderIsNotSetVulnerabilityDescription    = "No CORS Header has been detected in HTTP Response."
	CORSHTTPHeaderIsPermisiveVulnerabilityName        = "CORS Header is set but permissive"
	CORSHTTPHeaderIsPermisiveVulnerabilityDescription = "CORS Header has been detected in HTTP Response but is permissive."

	XContentTypeOptionsHTTPHeaderIsNotSetSeverityLevel            = 0
	XContentTypeOptionsHTTPHeaderIsNotSetVulnerabilityName        = "X-Content-Type-Options Header is not set"
	XContentTypeOptionsHTTPHeaderIsNotSetVulnerabilityDescription = "No X-Content-Type-Options Header has been detected in HTTP Response."

	XFrameOptionsHTTPHeaderIsNotSetSeverityLevel            = 0
	XFrameOptionsHTTPHeaderIsNotSetVulnerabilityName        = "X-Frame-Options Header is not set"
	XFrameOptionsHTTPHeaderIsNotSetVulnerabilityDescription = "No X-Frame-Options Header has been detected in HTTP Response."
)

const (
	HTTPTraceMethodSeverityLevel            = 0
	HTTPTraceMethodVulnerabilityName        = "HTTP Trace Method enabled"
	HTTPTraceMethodVulnerabilityDescription = "HTTP Trace method seems enabled for this request."
)