Sha256: f01b9e2cee7f6bf240794ad770a292165a5e07408951d86bd6e0d0a8601f7206

Contents?: true

Size: 1 KB

Versions: 13

Compression:

Stored size: 1 KB

Contents

# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

require 'contrast/agent/assess/rule/response/framework/rails_support'
require 'contrast/agent/assess/rule/response/header_rule'
require 'contrast/utils/string_utils'

module Contrast
  module Agent
    module Assess
      module Rule
        module Response
          # These rules check the content of the HTTP Response to determine if the response contains the needed header
          class XXssProtection < HeaderRule
            include Framework::RailsSupport
            HEADER_KEYS = %w[X-XSS-Protection].cs__freeze
            ACCEPTED_VALUES = [/^1/].cs__freeze
            DEFAULT_SAFE = true

            def rule_id
              'xxssprotection-header-disabled'
            end

            protected

            def analyze_response? response
              !framework_supported? && super
            end
          end
        end
      end
    end
  end
end

Version data entries

13 entries across 13 versions & 1 rubygems

Version Path
contrast-agent-6.6.5 lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb
contrast-agent-6.6.4 lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb
contrast-agent-6.6.3 lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb
contrast-agent-6.6.2 lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb
contrast-agent-6.6.1 lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb
contrast-agent-6.6.0 lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb
contrast-agent-6.5.1 lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb
contrast-agent-6.5.0 lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb
contrast-agent-6.4.0 lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb
contrast-agent-6.3.0 lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb
contrast-agent-6.2.0 lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb
contrast-agent-6.1.2 lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb
contrast-agent-6.1.1 lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb