Sha256: 9a703d899bafbe90df52f33b193787a07ab7ec031281dee2dfb51e7ea5081573

Contents?: true

Size: 1.1 KB

Versions: 18

Compression:

Stored size: 1.1 KB

Contents

# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

require 'contrast/agent/assess/rule/response/header_rule'
require 'contrast/utils/string_utils'

module Contrast
  module Agent
    module Assess
      module Rule
        module Response
          # This rule checks if the HTTP Headers include HSTS header and ensures that the max-age value
          # is set to a value greater than 0.
          class HSTSHeader < HeaderRule
            HEADER_KEYS = %w[Strict-Transport-Security].cs__freeze
            ACCEPTED_VALUES = [/max-age=(\.)?\d+(\.\d*)?/].cs__freeze
            DEFAULT_SAFE = false

            def rule_id
              'hsts-header-missing'
            end

            protected

            def evidence data
              # get only the value of the max-age property
              val = data&.split('=')&.last
              val = Contrast::Utils::ObjectShare::EMPTY_STRING if val.nil? || val == 'max-age'
              { DATA => val }
            end
          end
        end
      end
    end
  end
end

Version data entries

18 entries across 18 versions & 1 rubygems

Version Path
contrast-agent-7.6.1 lib/contrast/agent/assess/rule/response/hsts_header_rule.rb
contrast-agent-7.6.0 lib/contrast/agent/assess/rule/response/hsts_header_rule.rb
contrast-agent-7.5.0 lib/contrast/agent/assess/rule/response/hsts_header_rule.rb
contrast-agent-7.4.1 lib/contrast/agent/assess/rule/response/hsts_header_rule.rb
contrast-agent-7.4.0 lib/contrast/agent/assess/rule/response/hsts_header_rule.rb
contrast-agent-7.3.2 lib/contrast/agent/assess/rule/response/hsts_header_rule.rb
contrast-agent-7.3.1 lib/contrast/agent/assess/rule/response/hsts_header_rule.rb
contrast-agent-7.3.0 lib/contrast/agent/assess/rule/response/hsts_header_rule.rb
contrast-agent-7.2.0 lib/contrast/agent/assess/rule/response/hsts_header_rule.rb
contrast-agent-7.1.0 lib/contrast/agent/assess/rule/response/hsts_header_rule.rb
contrast-agent-7.0.0 lib/contrast/agent/assess/rule/response/hsts_header_rule.rb
contrast-agent-6.15.3 lib/contrast/agent/assess/rule/response/hsts_header_rule.rb
contrast-agent-6.15.2 lib/contrast/agent/assess/rule/response/hsts_header_rule.rb
contrast-agent-6.15.1 lib/contrast/agent/assess/rule/response/hsts_header_rule.rb
contrast-agent-6.15.0 lib/contrast/agent/assess/rule/response/hsts_header_rule.rb
contrast-agent-6.14.0 lib/contrast/agent/assess/rule/response/hsts_header_rule.rb
contrast-agent-6.13.0 lib/contrast/agent/assess/rule/response/hsts_header_rule.rb
contrast-agent-6.12.0 lib/contrast/agent/assess/rule/response/hsts_header_rule.rb