Update InsecureContentSecurityPolicy.bcheck

PortSwigger / BChecks

BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition

https://portswigger.net/burp/documentation/scanner/bchecks

GNU Lesser General Public License v3.0

588 stars 104 forks source link

Update InsecureContentSecurityPolicy.bcheck #162

Closed LabMC closed 6 months ago

LabMC commented 6 months ago

Updated Insecure Content-Security-Policy file.
- Added measures to reduce false positives.
- Added tests for missing default-src, script-src, object-src, object-src, & require-trusted-types-for directives.
- Added tests for usage of "http:", "data:", & non-specified https:; URL paths.
- Added some additional recommendations regarding suggestions/remediation.
I was able to successfully QA, confirm the plugin is working on my side & resolve what issues I found.
- Let me know if these updates appear noncomplaint or erronous for some reason.

BCheck Contributions

[x] BCheck compiles and executes as expected
[x] BCheck contains appropriate metadata (name, version, author, description and appropriate tags)
[x] Only .bcheck files have been added or modified
[x] BCheck is in the appropriate folder
[x] PR contains single or limited number of BChecks (Multiple PRs are preferred)
[x] BCheck attempts to minimize false positives

michael-eaton-portswigger commented 4 months ago

@LabMC As a contributor to our GitHub repository, we would like to invite you to our closed Discord community.

It is a place where passionate Burp users, including people who directly work on building and developing Burp here at PortSwigger, can talk about the tooling and web security in general.

If you would like to join, please email us at support@portswigger.net and we will send over an invite link.

Thank you!

LabMC commented 4 months ago

Hello,

Count me in! 👍

On Tue, Feb 20, 2024 at 8:38 AM Michael Eaton @.***> wrote:

@LabMC https://github.com/LabMC As a contributor to our GitHub repository, we would like to invite you to our closed Discord community.

It is a place where passionate Burp users, including people who directly work on building and developing Burp here at PortSwigger, can talk about the tooling and web security in general.

If you would like to join, please email us at @.*** and we will send over an invite link.

Thank you!

— Reply to this email directly, view it on GitHub https://github.com/PortSwigger/BChecks/pull/162#issuecomment-1954354919, or unsubscribe https://github.com/notifications/unsubscribe-auth/AITDGRVYXHDH6GEWGB5YIX3YUSYP5AVCNFSM6AAAAABBD3VE5CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNJUGM2TIOJRHE . You are receiving this because you were mentioned.Message ID: @.***>