Http Security Save
Parse HTTP Security Headers
Project README
HTTP Security
Security Headers is a parser for security-relevant HTTP headers. Each header value is parsed and validated according to the syntax specified in its relevant RFC.
Security Headers relies on parslet for constructing its parsing grammar.
Currently parsed security headers are:
-
Cache-Control -
Content-Security-Policy -
Content-Security-Policy-Report-Only -
Expires -
Pragma -
Public-Key-Pins -
Public-Key-Pins-Report-Only -
Set-Cookie -
Strict-Transport-Security -
X-Content-Type-Options -
X-Frame-Options -
X-Permitted-Cross-Domain-Policies -
X-XSS-Protection
Example
require 'net/https'
response = Net::HTTP.get_response(URI('https://twitter.com/'))
require 'http/security'
headers = HTTP::Security::Response.parse(response)
headers.cache_control
# => #<HTTP::Security::Headers::CacheControl:0x00000002f65778 @private=nil, @max_age=nil, @no_cache=true>
headers.content_security_policy
# => #<HTTP::Security::Headers::ContentSecurityPolicy:0x00000002d8e238 @default_src="https:"@12, @script_src="'unsafe-inline' 'unsafe-eval' https:"@172, @object_src="https:"@153, @style_src="'unsafe-inline' https:"@220, @img_src="https: blob: data:"@98, @media_src="https: blob:"@128, @frame_src="https: twitter:"@73, @font_src="https: data:"@49, @connect_src="https:"@32, @report_uri=[#<URI::HTTPS:0x00000002d94250 URL:https://twitter.com/i/csp_report?a=NVQWGYLXFVZXO2LGOQ%3D%3D%3D%3D%3D%3D&ro=false;>], @sandbox=nil>
headers.expires
# => #<HTTP::Security::HTTPDate: Tue, 31 Mar 1981 00:00:00 GMT ((2444695j,0s,0n),+0s,2299161j)>
headers.pragma
# => #<HTTP::Security::Headers::Pragma:0x00000002ccc5e8 @no_cache=true>
headers.strict_transport_security
# => #<HTTP::Security::Headers::StrictTransportSecurity:0x00000002c928c0 @max_age=631138519, @include_sub_domains=nil>
headers.x_content_type_options
# => #<HTTP::Security::Headers::XContentTypeOptions:0x00000002a46e40 @no_sniff=true>
headers.x_frame_options
# => #<HTTP::Security::Headers::XFrameOptions:0x000000028163c8 @deny=nil, @same_origin=true, @allow_from=nil, @allow_all=nil>
headers.x_permitted_cross_domain_policies
# => nil
headers.x_xss_protection
# => #<HTTP::Security::Headers::XXSSProtection:0x0000000297a408 @enabled=true, @mode="block"@8, @report=nil>
Requirements
Install
$ gem install http-security
Testing
To run the RSpec tests:
$ rake spec
To test the parser against the Alexa Top 100:
$ rake spec:gauntlet
License
See the {file:LICENSE.txt} file.
Open Source Agenda is not affiliated with "Http Security" Project. README Source: trailofbits/http-security
Stars
36
Open Issues
4
Last Commit
8 months ago
Repository
License
Tags
Open Source Agenda Badge
