Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
surykatka
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Vincent Pelletier
surykatka
Commits
ad6f2e6b
Commit
ad6f2e6b
authored
Dec 01, 2021
by
Romain Courteaud
🐙
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
report missing http content-type / csp headers
parent
e5e0512b
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
35 additions
and
0 deletions
+35
-0
src/surykatka/bot.py
src/surykatka/bot.py
+35
-0
No files found.
src/surykatka/bot.py
View file @
ad6f2e6b
...
...
@@ -649,6 +649,8 @@ class WebBot:
for
ip
,
url_list
in
ip_to_url_dict
.
items
():
query
=
reportHttp
(
self
.
_db
,
ip
=
ip
,
url
=
url_list
)
for
network_change
in
query
.
dicts
().
iterator
():
# Confirm that redirection url are checked
if
network_change
[
"status_code"
]
in
(
301
,
302
,
303
):
redirect_url
=
getRootUrl
(
network_change
[
"http_header_dict"
][
"Location"
]
...
...
@@ -664,6 +666,39 @@ class WebBot:
"date"
:
rfc822
(
network_change
[
"status"
]),
}
)
# Check HTTP CSP header
if
network_change
[
"status_code"
]
!=
524
:
# Skip timeout
# check missing import headers
if
(
"Content-Type"
not
in
network_change
[
"http_header_dict"
]
):
result_dict
[
"warning"
].
append
(
{
"text"
:
"(No Content-Type header) %s"
%
(
network_change
[
"url"
],),
"date"
:
result_dict
[
"bot_status"
][
0
][
"date"
],
}
)
elif
network_change
[
"http_header_dict"
][
"Content-Type"
].
startswith
(
"text/html"
):
if
(
"Content-Security-Policy"
not
in
network_change
[
"http_header_dict"
]
):
result_dict
[
"warning"
].
append
(
{
"text"
:
"(No Content-Security-Policy header) %s"
%
(
network_change
[
"url"
],),
"date"
:
result_dict
[
"bot_status"
][
0
][
"date"
],
}
)
result_dict
[
"http_query"
].
append
(
{
"status_code"
:
network_change
[
"status_code"
],
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment