Header names are case insensitive
Move header checks to web_site
This commit is contained in:
Christian Mehlmauer
@@ -1,9 +1,11 @@
|
|||||||
# encoding: UTF-8
|
# encoding: UTF-8
|
||||||
|
|
||||||
require 'web_site/robots_txt'
|
require 'web_site/robots_txt'
|
||||||
|
require 'web_site/interesting_headers'
|
||||||
|
|
||||||
class WebSite
|
class WebSite
|
||||||
include WebSite::RobotsTxt
|
include WebSite::RobotsTxt
|
||||||
|
include WebSite::InterestingHeaders
|
||||||
|
|
||||||
attr_reader :uri
|
attr_reader :uri
|
||||||
|
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
# encoding: UTF-8
|
# encoding: UTF-8
|
||||||
|
|
||||||
class WpTarget < WebSite
|
class WebSite
|
||||||
module InterestingHeaders
|
module InterestingHeaders
|
||||||
|
|
||||||
# Checks for interesting headers
|
# Checks for interesting headers
|
||||||
@@ -8,10 +8,15 @@ class WpTarget < WebSite
|
|||||||
def interesting_headers
|
def interesting_headers
|
||||||
response = Browser.head(@uri.to_s)
|
response = Browser.head(@uri.to_s)
|
||||||
headers = response.headers
|
headers = response.headers
|
||||||
InterestingHeaders.known_headers.each do |h|
|
# Header Names are case insensitve so convert them to upcase
|
||||||
headers.delete(h)
|
headers_uppercase = headers.inject({}) do |hash, keys|
|
||||||
|
hash[keys[0].upcase] = keys[1]
|
||||||
|
hash
|
||||||
end
|
end
|
||||||
headers.to_a.compact.sort
|
InterestingHeaders.known_headers.each do |h|
|
||||||
|
headers_uppercase.delete(h.upcase)
|
||||||
|
end
|
||||||
|
headers_uppercase.to_a.compact.sort
|
||||||
end
|
end
|
||||||
|
|
||||||
protected
|
protected
|
||||||
@@ -25,7 +30,6 @@ class WpTarget < WebSite
|
|||||||
Content-Length
|
Content-Length
|
||||||
Connection
|
Connection
|
||||||
Etag
|
Etag
|
||||||
ETag
|
|
||||||
Expires
|
Expires
|
||||||
Last-Modified
|
Last-Modified
|
||||||
Pragma
|
Pragma
|
||||||
@@ -6,7 +6,6 @@ require 'wp_target/wp_readme'
|
|||||||
require 'wp_target/wp_registrable'
|
require 'wp_target/wp_registrable'
|
||||||
require 'wp_target/wp_config_backup'
|
require 'wp_target/wp_config_backup'
|
||||||
require 'wp_target/wp_login_protection'
|
require 'wp_target/wp_login_protection'
|
||||||
require 'wp_target/interesting_headers'
|
|
||||||
require 'wp_target/wp_custom_directories'
|
require 'wp_target/wp_custom_directories'
|
||||||
require 'wp_target/wp_full_path_disclosure'
|
require 'wp_target/wp_full_path_disclosure'
|
||||||
|
|
||||||
@@ -16,7 +15,6 @@ class WpTarget < WebSite
|
|||||||
include WpTarget::WpRegistrable
|
include WpTarget::WpRegistrable
|
||||||
include WpTarget::WpConfigBackup
|
include WpTarget::WpConfigBackup
|
||||||
include WpTarget::WpLoginProtection
|
include WpTarget::WpLoginProtection
|
||||||
include WpTarget::InterestingHeaders
|
|
||||||
include WpTarget::WpCustomDirectories
|
include WpTarget::WpCustomDirectories
|
||||||
include WpTarget::WpFullPathDisclosure
|
include WpTarget::WpFullPathDisclosure
|
||||||
|
|
||||||
|
|||||||
@@ -7,6 +7,7 @@ describe 'WebSite' do
|
|||||||
subject(:web_site) { WebSite.new('http://example.localhost/') }
|
subject(:web_site) { WebSite.new('http://example.localhost/') }
|
||||||
|
|
||||||
it_behaves_like 'WebSite::RobotsTxt'
|
it_behaves_like 'WebSite::RobotsTxt'
|
||||||
|
it_behaves_like 'WebSite::InterestingHeaders'
|
||||||
|
|
||||||
before :all do
|
before :all do
|
||||||
Browser::reset
|
Browser::reset
|
||||||
|
|||||||
@@ -23,7 +23,6 @@ describe WpTarget do
|
|||||||
it_behaves_like 'WpTarget::WpRegistrable'
|
it_behaves_like 'WpTarget::WpRegistrable'
|
||||||
it_behaves_like 'WpTarget::WpConfigBackup'
|
it_behaves_like 'WpTarget::WpConfigBackup'
|
||||||
it_behaves_like 'WpTarget::WpLoginProtection'
|
it_behaves_like 'WpTarget::WpLoginProtection'
|
||||||
it_behaves_like 'WpTarget::InterestingHeaders'
|
|
||||||
it_behaves_like 'WpTarget::WpCustomDirectories'
|
it_behaves_like 'WpTarget::WpCustomDirectories'
|
||||||
it_behaves_like 'WpTarget::WpFullPathDisclosure'
|
it_behaves_like 'WpTarget::WpFullPathDisclosure'
|
||||||
|
|
||||||
|
|||||||
@@ -1,27 +1,27 @@
|
|||||||
# encoding: UTF-8
|
# encoding: UTF-8
|
||||||
|
|
||||||
shared_examples 'WpTarget::InterestingHeaders' do
|
shared_examples 'WebSite::InterestingHeaders' do
|
||||||
|
|
||||||
let(:known_headers) { WpTarget::InterestingHeaders.known_headers }
|
let(:known_headers) { WebSite::InterestingHeaders.known_headers }
|
||||||
|
|
||||||
describe '#interesting_headers' do
|
describe '#interesting_headers' do
|
||||||
|
|
||||||
it 'returns MyTestHeader' do
|
it 'returns MyTestHeader' do
|
||||||
stub_request(:head, wp_target.url).
|
stub_request(:head, web_site.url).
|
||||||
to_return(status: 200, headers: { 'Mytestheader' => 'Mytestheadervalue' })
|
to_return(status: 200, headers: { 'Mytestheader' => 'Mytestheadervalue' })
|
||||||
wp_target.interesting_headers.should =~ [ [ 'Mytestheader', 'Mytestheadervalue' ] ]
|
web_site.interesting_headers.should =~ [ [ 'MYTESTHEADER', 'Mytestheadervalue' ] ]
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'removes known headers' do
|
it 'removes known headers' do
|
||||||
stub_request(:head, wp_target.url).
|
stub_request(:head, web_site.url).
|
||||||
to_return(status: 200, headers: { 'Location' => 'a', 'Connection' => 'Close' })
|
to_return(status: 200, headers: { 'Location' => 'a', 'Connection' => 'Close' })
|
||||||
wp_target.interesting_headers.should be_empty
|
web_site.interesting_headers.should be_empty
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'returns nothing' do
|
it 'returns nothing' do
|
||||||
stub_request(:head, wp_target.url).
|
stub_request(:head, web_site.url).
|
||||||
to_return(status: 200, headers: { })
|
to_return(status: 200, headers: { })
|
||||||
wp_target.interesting_headers.should be_empty
|
web_site.interesting_headers.should be_empty
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
Reference in New Issue
Block a user