Class: Contrast::Agent::Assess::Rule::Response::HeaderRule
- Defined in:
- lib/contrast/agent/assess/rule/response/header_rule.rb
Overview
These rules check the content of the HTTP Response to determine if something was set incorrectly or insecurely in it.
Direct Known Subclasses
CacheControl, ClickJacking, CspHeaderInsecure, CspHeaderMissing, HSTSHeader, XContentType, XXssProtection
Constant Summary collapse
- HEADER_TYPE =
'Header'
Constants inherited from BaseRule
Instance Method Summary collapse
-
#analyze_response?(response) ⇒ Boolean
Rules discern which responses they can/should analyze.
-
#headers?(response) ⇒ Boolean
Determine if a response has headers.
-
#violated?(response) ⇒ Hash?
Determine if the Response violates the Rule or not.
Methods inherited from BaseRule
Instance Method Details
#analyze_response?(response) ⇒ Boolean
Rules discern which responses they can/should analyze.
22 23 24 |
# File 'lib/contrast/agent/assess/rule/response/header_rule.rb', line 22 def analyze_response? response super && headers?(response) end |
#headers?(response) ⇒ Boolean
Determine if a response has headers.
44 45 46 |
# File 'lib/contrast/agent/assess/rule/response/header_rule.rb', line 44 def headers? response !!response.headers&.any? end |
#violated?(response) ⇒ Hash?
Determine if the Response violates the Rule or not. If it does, return the evidence that proves it so.
30 31 32 33 34 35 36 37 38 |
# File 'lib/contrast/agent/assess/rule/response/header_rule.rb', line 30 def violated? response header_value = get_header_value(response) if header_value return evidence(header_value) unless valid_header?(header_value) else return evidence(header_value) unless cs__class::DEFAULT_SAFE end nil end |