Documentation
¶
Index ¶
- Constants
- func CheckCORSAllowOrigin(operation *request.Operation, headers http.Header, r *report.ScanReport) bool
- func HTTPCookiesScanHandler(operation *request.Operation, securityScheme auth.SecurityScheme) (*report.ScanReport, error)
- func HTTPHeadersBestPracticesScanHandler(operation *request.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)
- func HTTPTraceMethodScanHandler(operation *request.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)
Constants ¶
View Source
const ( HTTPCookiesScanID = "best_practices.http_cookies" HTTPCookiesScanName = "HTTP Cookies Best Practices" HTTPCookiesNotHTTPOnlySeverityLevel = 0 HTTPCookiesNotHTTPOnlyOWASP2023Category = report.OWASP2023SecurityMisconfigurationCategory HTTPCookiesNotHTTPOnlyVulnerabilityID = "security_misconfiguration.http_cookies_not_http_only" HTTPCookiesNotHTTPOnlyVulnerabilityName = "Cookies not HTTP-Only" HTTPCookiesNotHTTPOnlyVulnerabilityURL = "https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#security" HTTPCookiesNotSecureSeverityLevel = 0 HTTPCookiesNotSecureOWASP2023Category = report.OWASP2023SecurityMisconfigurationCategory HTTPCookiesNotSecureVulnerabilityID = "security_misconfiguration.http_cookies_not_secure" HTTPCookiesNotSecureVulnerabilityName = "Cookies not Secure" HTTPCookiesNotSecureVulnerabilityURL = "https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#security" HTTPCookiesSameSiteSeverityLevel = 0 HTTPCookiesSameSiteOWASP2023Category = report.OWASP2023SecurityMisconfigurationCategory HTTPCookiesSameSiteVulnerabilityID = "security_misconfiguration.http_cookies_same_site" HTTPCookiesSameSiteVulnerabilityName = "Cookies SameSite not set or set to None" HTTPCookiesSameSiteVulnerabilityURL = "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value" HTTPCookiesExpiresSeverityLevel = 0 HTTPCookiesExpiresOWASP2023Category = report.OWASP2023SecurityMisconfigurationCategory HTTPCookiesExpiresVulnerabilityID = "security_misconfiguration.http_cookies_expires" HTTPCookiesExpiresVulnerabilityName = "Cookies Expires not set" HTTPCookiesExpiresVulnerabilityURL = "https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#security" )
View Source
const ( CSPHTTPHeader = "Content-Security-Policy" HSTSHTTPHeader = "Strict-Transport-Security" CORSOriginHTTPHeader = "Access-Control-Allow-Origin" XContentTypeOptionsHTTPHeader = "X-Content-Type-Options" XFrameOptionsHTTPHeader = "X-Frame-Options" )
View Source
const ( HTTPHeadersScanID = "best_practices.http_headers" HTTPHeadersScanName = "HTTP Headers Best Practices" CSPHTTPHeaderIsNotSetSeverityLevel = 0 CSPHTTPHeaderISNotSetOWASP2023Category = report.OWASP2023SecurityMisconfigurationCategory CSPHTTPHeaderIsNotSetVulnerabilityID = "security_misconfiguration.http_headers_csp_not_set" CSPHTTPHeaderIsNotSetVulnerabilityName = "CSP Header is not set" CSPHTTPHeaderIsNotSetVulnerabilityURL = "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy" CSPHTTPHeaderFrameAncestorsIsNotSetSeverityLevel = 0 CSPHTTPHeaderFrameAncestorsIsNotSetOWASP2023Category = report.OWASP2023SecurityMisconfigurationCategory CSPHTTPHeaderFrameAncestorsIsNotSetVulnerabilityID = "security_misconfiguration.http_headers_csp_frame_ancestors_not_set" CSPHTTPHeaderFrameAncestorsIsNotSetVulnerabilityName = "CSP frame-ancestors policy is not set" CSPHTTPHeaderFrameAncestorsIsNotSetVulnerabilityURL = "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors" HTSTHTTPHeaderIsNotSetSeverityLevel = 0 HTSTHTTPHeaderIsNotSetOWASP2023Category = report.OWASP2023SecurityMisconfigurationCategory HTSTHTTPHeaderIsNotSetVulnerabilityID = "security_misconfiguration.http_headers_hsts_not_set" HSTSHTTPHeaderIsNotSetVulnerabilityName = "HSTS Header is not set" HSTSHTTPHeaderIsNotSetVulnerabilityURL = "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security" CORSHTTPHeaderIsNotSetSeverityLevel = 0 CORSHTTPHeaderIsNotSetOWASP2023Category = report.OWASP2023SecurityMisconfigurationCategory CORSHTTPHeaderIsNotSetVulnerabilityID = "security_misconfiguration.http_headers_cors_not_set" CORSHTTPHeaderIsNotSetVulnerabilityName = "CORS Headers are not set" CORSHTTPHeaderIsNotSetVulnerabilityURL = "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin" CORSHTTPHeaderIsPermisiveSeverityLevel = 0 CORSHTTPHeaderIsPermisiveOWASP2023Category = report.OWASP2023SecurityMisconfigurationCategory CORSHTTPHeaderIsPermisiveVulnerabilityID = "security_misconfiguration.http_headers_cors_permissive" CORSHTTPHeaderIsPermisiveVulnerabilityName = "CORS Header is set but permissive" CORSHTTPHeaderIsPermisiveVulnerabilityURL = "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin" XContentTypeOptionsHTTPHeaderIsNotSetSeverityLevel = 0 XContentTypeOptionsHTTPHeaderIsNotSetOWASP2023Category = report.OWASP2023SecurityMisconfigurationCategory XContentTypeOptionsHTTPHeaderIsNotSetVulnerabilityID = "security_misconfiguration.http_headers_x_content_type_options_not_set" XContentTypeOptionsHTTPHeaderIsNotSetVulnerabilityName = "X-Content-Type-Options Header is not set" XContentTypeOptionsHTTPHeaderIsNotSetVulnerabilityURL = "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options" XFrameOptionsHTTPHeaderIsNotSetSeverityLevel = 0 XFrameOptionsHTTPHeaderIsNotSetOWASP2023Category = report.OWASP2023SecurityMisconfigurationCategory XFrameOptionsHTTPHeaderIsNotSetVulnerabilityID = "security_misconfiguration.http_headers_x_frame_options_not_set" XFrameOptionsHTTPHeaderIsNotSetVulnerabilityName = "X-Frame-Options Header is not set" XFrameOptionsHTTPHeaderIsNotSetVulnerabilityURL = "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options" )
View Source
const ( HTTPTraceScanID = "best_practices.http_trace" HTTPTraceScanName = "HTTP Trace Method Best Practices" HTTPTraceMethodSeverityLevel = 0 HTTPTraceMethodOWASP2023Category = report.OWASP2023SecurityMisconfigurationCategory HTTPTraceMethodVulnerabilityID = "security_misconfiguration.http_trace_method" HTTPTraceMethodVulnerabilityName = "HTTP Trace Method enabled" HTTPTraceMethodVulnerabilityURL = "https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/TRACE" )
Variables ¶
This section is empty.
Functions ¶
func CheckCORSAllowOrigin ¶
func HTTPCookiesScanHandler ¶ added in v0.4.0
func HTTPCookiesScanHandler(operation *request.Operation, securityScheme auth.SecurityScheme) (*report.ScanReport, error)
func HTTPHeadersBestPracticesScanHandler ¶
func HTTPHeadersBestPracticesScanHandler(operation *request.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)
func HTTPTraceMethodScanHandler ¶
func HTTPTraceMethodScanHandler(operation *request.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.