class XspearScan::CallbackCheckHeaders
Public Instance Methods
run()
click to toggle source
# File lib/XSpear.rb, line 149 def run if !@response['Server'].nil? # Server header @report.add_issue("i","s","-","-","<original query>","Found Server: #{@response['Server']}") end if @response['Strict-Transport-Security'].nil? # HSTS @report.add_issue("i","s","-","-","<original query>","Not set HSTS") end if !@response['Content-Type'].nil? @report.add_issue("i","s","-","-","<original query>","Content-Type: #{@response['Content-Type']}") end if !@response['X-XSS-Protection'].nil? @report.add_issue("i","s","-","-","<original query>","Not set X-XSS-Protection") end if !@response['X-Frame-Options'].nil? @report.add_issue("i","s","-","-","<original query>","X-Frame-Options: #{@response['X-Frame-Options']}") else @report.add_issue("l","s","-","-","<original query>","Not Set X-Frame-Options") end if !@response['Content-Security-Policy'].nil? begin csp = @response['Content-Security-Policy'] csp = csp.split(';') r = " " csp.each do |c| d = c.split " " r = r+d[0]+" " end @report.add_issue("i","s","-","-","<original query>","Enabled CSP") rescue @report.add_issue("i","s","-","-","<original query>","CSP ERROR") end else @report.add_issue("m","s","-","-","<original query>","Not Set CSP") end [false, "not reflected #{@query}"] end