RubygemsResearch

Sha256: 950ae646462ecebf26d5b6b6d266db5ccbf4039e8ca650875e27600899849820

Contents?: true

Size: 1.94 KB

Versions: 1

Compression:

Stored size: 1.94 KB

# frozen_string_literal: true

require 'spec_helper'

describe SiteInspector::Endpoint::Headers do
  subject do
    stub_request(:head, 'http://example.com/')
      .to_return(status: 200, headers: { foo: 'bar' })
    endpoint = SiteInspector::Endpoint.new('http://example.com')
    described_class.new(endpoint)
  end

  def stub_header(header, value)
    allow(subject).to receive(:headers) { { header => value } }
  end

  it 'parses the headers' do
    expect(subject.headers.count).to be(1)
    expect(subject.headers.keys).to include('foo')
  end

  it 'returns a header' do
    expect(subject['foo']).to eql('bar')
    expect(subject.headers['foo']).to eql('bar')
  end

  it 'knows the server' do
    stub_header 'server', 'foo'
    expect(subject.server).to eql('foo')
  end

  it 'knows if a server has an xss protection header' do
    stub_header 'x-xss-protection', 'foo'
    expect(subject.xss_protection).to eql('foo')
  end

  it 'validates xss-protection' do
    stub_header 'x-xss-protection', 'foo'
    expect(subject.xss_protection?).to be(false)

    stub_header 'x-xss-protection', '1; mode=block'
    expect(subject.xss_protection?).to be(true)
  end

  it 'checks for clickjack proetection' do
    expect(subject.click_jacking_protection?).to be(false)
    stub_header 'x-frame-options', 'foo'
    expect(subject.click_jacking_protection).to eql('foo')
    expect(subject.click_jacking_protection?).to be(true)
  end

  it 'checks for CSP' do
    expect(subject.content_security_policy?).to be(false)
    stub_header 'content-security-policy', 'foo'
    expect(subject.content_security_policy).to eql('foo')
    expect(subject.content_security_policy?).to be(true)
  end

  it 'checks for strict-transport-security' do
    expect(subject.strict_transport_security?).to be(false)
    stub_header 'strict-transport-security', 'foo'
    expect(subject.strict_transport_security).to eql('foo')
    expect(subject.strict_transport_security?).to be(true)
  end
end

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
site-inspector-3.2.0	spec/checks/site_inspector_endpoint_headers_spec.rb