-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Nicolas Oelgart
committed
Apr 14, 2019
1 parent
b441bbe
commit 70e5d55
Showing
13 changed files
with
117 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
.DS_Store | ||
/.idea/ | ||
/vendor/ | ||
/composer.lock | ||
/build/*.phar |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
.DEFAULT_GOAL := build-phar | ||
.PHONY: clean | ||
|
||
build-phar: | ||
composer install --no-dev | ||
php ./bin/create-phar.php ./build/httpsec.phar | ||
|
||
install: | ||
cp ./build/httpsec.phar /usr/local/bin/httpsec | ||
chmod u+x /usr/local/bin/httpsec | ||
|
||
test: | ||
composer install --dev | ||
./vendor/bin/phpunit | ||
|
||
clean: | ||
rm ./build/httpsec.phar |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,35 @@ | ||
# Security Headers Check | ||
# httpsec (beta) | ||
|
||
WIP | ||
Test a site's HTTP headers for possible security issues | ||
|
||
**Basic usage** | ||
```shell | ||
$ httpsec https://www.target.com | ||
``` | ||
|
||
**Advances usage** | ||
|
||
If you're trying to test a site that requires authentication, a POST request, or anything | ||
of the like, you can use `curl` and pipe the result to `httpsec` | ||
```shell | ||
$ curl https://yahoo.com/ --head | httpsec | ||
``` | ||
|
||
**Screenshot** | ||
|
||
![screenshot](resources/screenshots/screenshot.png) | ||
|
||
**Build** | ||
```shell | ||
$ make | ||
``` | ||
|
||
**Test** | ||
```shell | ||
$ make test | ||
``` | ||
|
||
**Install** | ||
```shell | ||
$ make install | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
<?php declare(strict_types=1); | ||
|
||
require __DIR__ . '/../vendor/autoload.php'; | ||
|
||
use Symfony\Component\Finder\Finder; | ||
|
||
if (!isset($argv[1])) { | ||
echo 'No output filename supplied', PHP_EOL; | ||
exit(1); | ||
} | ||
|
||
$pharFile = $argv[1]; | ||
|
||
if (is_file($pharFile)) { | ||
unlink($pharFile); | ||
} | ||
|
||
$baseDir = dirname(__DIR__); | ||
|
||
$finder = new Finder(); | ||
$finder->files()->in([ | ||
$baseDir . '/bin', | ||
$baseDir . '/config', | ||
$baseDir . '/src', | ||
$baseDir . '/vendor' | ||
]); | ||
|
||
$phar = new Phar($pharFile); | ||
$phar->setStub("#!/usr/bin/env php\n<?php Phar::mapPhar('phpsec.phar'); require 'phar://phpsec.phar/bin/run.php'; __HALT_COMPILER();"); | ||
$phar->compress(Phar::GZ); | ||
$phar->buildFromIterator($finder->getIterator(), $baseDir); | ||
|
||
echo "$pharFile successfully created", PHP_EOL; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,4 @@ | ||
#!/usr/bin/env php | ||
<?php | ||
<?php declare(strict_types=1); | ||
|
||
require __DIR__ . '/../vendor/autoload.php'; | ||
|
||
|
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
15 changes: 15 additions & 0 deletions
15
src/Domain/Result/Warning/XFrameOptionsNotNecessaryDueToValidContentSecurityPolicyKudos.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
<?php declare(strict_types=1); | ||
|
||
/** | ||
* @license http://opensource.org/licenses/mit-license.php MIT | ||
* @link https://github.com/nicoSWD | ||
* @author Nicolas Oelgart <nico@oelgart.com> | ||
*/ | ||
namespace nicoSWD\SecHeaderCheck\Domain\Result\Warning; | ||
|
||
use nicoSWD\SecHeaderCheck\Domain\Result\Kudos; | ||
|
||
final class XFrameOptionsNotNecessaryDueToValidContentSecurityPolicyKudos extends Kudos | ||
{ | ||
protected $message = 'Not necessary due to valid Content-Security-Policy frame-ancestors'; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters