Contents

# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

require 'contrast/agent/assess/rule/response/header_rule'
require 'contrast/utils/string_utils'

module Contrast
  module Agent
    module Assess
      module Rule
        module Response
          # These rules check that the HTTP Headers include CSP header types
          class CspHeaderMissing < HeaderRule
            def rule_id
              'csp-header-missing'
            end

            HEADER_KEYS = %w[Content-Security-Policy X-Content-Security-Policy X-Webkit-CSP].cs__freeze
            ACCEPTED_VALUES = [/(.)/].cs__freeze
            DEFAULT_SAFE = false
          end
        end
      end
    end
  end
end

Version data entries

4 entries across 4 versions & 1 rubygems

Version	Path
contrast-agent-6.1.0	lib/contrast/agent/assess/rule/response/csp_header_missing_rule.rb
contrast-agent-6.0.0	lib/contrast/agent/assess/rule/response/csp_header_missing_rule.rb
contrast-agent-5.3.0	lib/contrast/agent/assess/rule/response/csp_header_missing_rule.rb
contrast-agent-5.2.0	lib/contrast/agent/assess/rule/response/csp_header_missing_rule.rb