search

SIWECOS / HSHS-DOMXSS-Scanner

MIT License
3 stars 1 forks source link

New master proposal #20

Closed Lednerb closed 6 years ago

Lednerb commented 6 years ago

I've Fixed the Issues #17 #18 #19

Regarding to #17 we should undo the changes by @Weegy to commit ff3f1fcc4390b8f28f211ff695ca8755fbc78629

Please check this version for deployment and if the scanner provides the matching and correct types according to the API.

That's the latest scan result of https://siwecos.de:

{
  "name": "HEADER",
  "hasError": false,
  "errorMessage": null,
  "score": 91,
  "tests": [
    {
      "name": "CONTENT_SECURITY_POLICY",
      "hasError": false,
      "errorMessage": null,
      "score": 50,
      "scoreType": "warning",
      "testDetails": [
        {
          "placeholder": "CSP_UNSAFE_INCLUDED",
          "values": {
            "HEADER": "default-src 'none'; connect-src 'self' api.siwecos.de; font-src 'self' fonts.gstatic.com data:; frame-src 'self' www.youtube.com www.google.com www.youtube-nocookie.com; img-src 'self' webstats.eco.de maps.googleapis.com maps.google.com maps.gstatic.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' webstats.eco.de siwecosfreescan.firebaseapp.com siwecosscanner.firebaseapp.com www.google.com www.gstatic.com maps.google.com maps.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com siwecosfreescan.firebaseapp.com siwecosscanner.firebaseapp.com;"
          }
        }
      ]
    },
    {
      "name": "CONTENT_TYPE",
      "hasError": false,
      "errorMessage": null,
      "score": 100,
      "scoreType": "warning",
      "testDetails": [
        {
          "placeholder": "CT_META_TAG_SET_CORRECT",
          "values": {
            "META": "<meta charset=\"UTF-8\" \\/>"
          }
        },
        {
          "placeholder": "CT_CORRECT",
          "values": {
            "HEADER": "text\\/html; charset=UTF-8"
          }
        }
      ]
    },
    {
      "name": "PUBLIC_KEY_PINS",
      "hasError": true,
      "errorMessage": "HEADER_NOT_SET",
      "score": 0,
      "scoreType": "bonus",
      "testDetails": []
    },
    {
      "name": "STRICT_TRANSPORT_SECURITY",
      "hasError": false,
      "errorMessage": null,
      "score": 100,
      "scoreType": "warning",
      "testDetails": [
        {
          "placeholder": "HSTS_MORE_6",
          "values": {
            "HEADER": "max-age=31536000; includeSubDomains"
          }
        },
        {
          "placeholder": "INCLUDE_SUBDOMAINS",
          "values": {
            "HEADER": "max-age=31536000; includeSubDomains"
          }
        }
      ]
    },
    {
      "name": "X_CONTENT_TYPE_OPTIONS",
      "hasError": false,
      "errorMessage": null,
      "score": 100,
      "scoreType": "warning",
      "testDetails": [
        {
          "placeholder": "XCTO_CORRECT",
          "values": {
            "HEADER": "nosniff"
          }
        }
      ]
    },
    {
      "name": "X_FRAME_OPTIONS",
      "hasError": false,
      "errorMessage": null,
      "score": 100,
      "scoreType": "warning",
      "testDetails": [
        {
          "placeholder": "XFO_CORRECT",
          "values": {
            "HEADER": "SAMEORIGIN"
          }
        }
      ]
    },
    {
      "name": "X_XSS_PROTECTION",
      "hasError": false,
      "errorMessage": null,
      "score": 100,
      "scoreType": "warning",
      "testDetails": [
        {
          "placeholder": "XXSS_CORRECT",
          "values": {
            "HEADER": "1; mode=block"
          }
        },
        {
          "placeholder": "XXSS_BLOCK",
          "values": {
            "HEADER": "1; mode=block"
          }
        }
      ]
    }
  ]
}
Lednerb commented 6 years ago

For a quick deploy via docker, you can spin up the server with:

docker run -d -p 80:8181 siwecos/hshs-domxss-scanner:development
Lednerb commented 6 years ago

Ping to merge and deploy.

Lednerb commented 6 years ago

Regarding to #17 we should undo the changes by @Weegy to commit ff3f1fc

It was not my (our) intention to merge the old master branch with this one. I've explicitly forked the branch from ff3f1fc to avoid possible issues by #17

Seems that there are errors now produced through the merge like #23 and #22

Please undo the merge and take a fresh branch as master or something.

@Skeeve @SniperSister @Weegy Please check the results via the docker command from above to see if there is an error in my fixed version.

Weegy commented 6 years ago

All crimes done by me are now reverted @Lednerb. We have now a clean development and a clean master branch again