lib/scanner/generic.rb in yawast-0.7.0 vs lib/scanner/generic.rb in yawast-0.7.1

@@ -20,10 +20,12 @@
           runtime = ''
           xss_protection = ''
           via = ''
           hpkp = ''
           acao = ''
+          referrer_policy = ''
+          feature_policy = ''
 
           Yawast::Utilities.puts_info 'HEAD:'
           head.each do |k, v|
             Yawast::Utilities.puts_info "\t\t#{k}: #{v}"
             Yawast::Shared::Output.log_value 'http', 'head', k, v
@@ -38,10 +40,12 @@
             runtime = v if k.casecmp('x-runtime').zero?
             xss_protection = v if k.casecmp('x-xss-protection').zero?
             via = v if k.casecmp('via').zero?
             hpkp = v if k.casecmp('public-key-pins').zero?
             acao = v if k.casecmp('access-control-allow-origin').zero?
+            referrer_policy = v if k.casecmp('referrer-policy').zero?
+            feature_policy = v if k.casecmp('feature-policy').zero?
 
             if k.casecmp('set-cookie').zero?
               # this chunk of magic manages to properly split cookies, when multiple are sent together
               v.gsub(/(,([^;,]*=)|,$)/) { "\r\n#{$2}" }.split(/\r\n/).each do |c|
                 cookies.push(c)
@@ -104,9 +108,13 @@
           Yawast::Utilities.puts_warn 'Content-Security-Policy Header Not Present' if csp == ''
 
           Yawast::Utilities.puts_warn 'Public-Key-Pins Header Not Present' if hpkp == ''
 
           Yawast::Utilities.puts_warn 'Access-Control-Allow-Origin: Unrestricted' if acao == '*'
+
+          Yawast::Utilities.puts_warn 'Referrer-Policy Header Not Present' if referrer_policy == ''
+
+          Yawast::Utilities.puts_warn 'Feature-Policy Header Not Present' if feature_policy == ''
 
           puts ''
 
           unless cookies.empty?
             Yawast::Utilities.puts_info 'Cookies:'