Sha256: 5bbd08e289688c2d58fd5fea4eef013d24bc1758b2d219e0d3126b8aa8444913
Contents?: true
Size: 1.1 KB
Versions: 13
Compression:
Stored size: 1.1 KB
Contents
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true
require 'contrast/agent/assess/rule/response/header_rule'
require 'contrast/utils/string_utils'
module Contrast
module Agent
module Assess
module Rule
module Response
# This rule checks if the HTTP Headers include HSTS header and ensures that the max-age value
# is set to a value greater than 0.
class HSTSHeader < HeaderRule
HEADER_KEYS = %w[Strict-Transport-Security].cs__freeze
ACCEPTED_VALUES = [/max-age=(\.)?\d+(\.\d*)?/].cs__freeze
DEFAULT_SAFE = true
def rule_id
'hsts-header-missing'
end
protected
def evidence data
# get only the value of the max-age property
val = data&.split('=')&.last
val = Contrast::Utils::ObjectShare::EMPTY_STRING if val.nil? || val == 'max-age'
{ DATA => val }
end
end
end
end
end
end
end
Version data entries
13 entries across 13 versions & 1 rubygems