Contents

  module Dawn
    module Kb
      module OwaspRorCheatSheet
        class SecurityRelatedHeaders
          include PatternMatchCheck

          def initialize
            message = "To set a header value, simply access the response.headers object as a hash inside your controller (often in a before/after_filter). Rails 4 provides the \"default_headers\" functionality that will automatically apply the values supplied. This works for most headers in almost all cases."

            super({
              :name=>"Owasp Ror CheatSheet: Security Related Headers",
              :kind=>Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
              :applies=>["rails"],
              :glob=>"**/controllers/*.rb",
              :aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
              :message=>message,
              :attack_pattern => [
                "response.headers\\['X-Frame-Options'\\] = 'DENY'",
                "response.headers\\['X-Content-Type-Options'\\] = 'nosniff'",
                "response.headers\\['X-XSS-Protection'\\] = '1'",
                "ActionDispatch::Response.default_headers = {
                    'X-Frame-Options' => 'DENY',
                    'X-Content-Type-Options' => 'nosniff',
                    'X-XSS-Protection' => '1;'
                  }"],
              :negative_search=>true,
              :check_family=>:owasp_ror_cheatsheet,
              :severity=>:info,
              :mitigation=>"Use response headers like X-Frame-Options, X-Content-Type-Options, X-XSS-Protection in your project."
            })
          end
        end
      end
    end
  end

Version data entries

19 entries across 19 versions & 1 rubygems

Version	Path
dawnscanner-1.6.9	lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb
dawnscanner-1.6.8	lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb
dawnscanner-1.6.7	lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb
dawnscanner-1.6.6	lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb
dawnscanner-1.6.5	lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb
dawnscanner-1.6.4	lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb
dawnscanner-1.6.3	lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb
dawnscanner-1.6.2	lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb
dawnscanner-1.6.1	lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb
dawnscanner-1.6.0	lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb
dawnscanner-1.5.2	lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb
dawnscanner-1.5.1	lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb
dawnscanner-1.5.0	lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb
dawnscanner-1.4.2	lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb
dawnscanner-1.4.1	lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb
dawnscanner-1.4.0	lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb
dawnscanner-1.3.5	lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb
dawnscanner-1.3.1	lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb
dawnscanner-1.3.0	lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb