Skip to content

S
surykatka
Commit ad6f2e6b authored by Romain Courteaud's avatar Romain Courteaud
Browse files
Options

report missing http content-type / csp headers

parent e5e0512b
Hide whitespace changes
Inline Side-by-side
Showing with 35 additions and 0 deletions
src/surykatka/bot.py
View file @ ad6f2e6b
......@@ -649,6 +649,8 @@ class WebBot:
for ip, url_list in ip_to_url_dict.items():
query = reportHttp(self._db, ip=ip, url=url_list)
for network_change in query.dicts().iterator():
# Confirm that redirection url are checked
if network_change["status_code"] in (301, 302, 303):
redirect_url = getRootUrl(
network_change["http_header_dict"]["Location"]
......@@ -664,6 +666,39 @@ class WebBot:
"date": rfc822(network_change["status"]),
}
)
# Check HTTP CSP header
if network_change["status_code"] != 524:
# Skip timeout
# check missing import headers
if (
"Content-Type"
not in network_change["http_header_dict"]
):
result_dict["warning"].append(
{
"text": "(No Content-Type header) %s"
% (network_change["url"],),
"date": result_dict["bot_status"][0]["date"],
}
)
elif network_change["http_header_dict"][
"Content-Type"
].startswith("text/html"):
if (
"Content-Security-Policy"
not in network_change["http_header_dict"]
):
result_dict["warning"].append(
{
"text": "(No Content-Security-Policy header) %s"
% (network_change["url"],),
"date": result_dict["bot_status"][0][
"date"
],
}
)
result_dict["http_query"].append(
{
"status_code": network_change["status_code"],
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7