Http
Http
Class: Drutiny\Http\Audit\Http
Extends: Drutiny\Audit
Package: drutiny/http
NOTE: This Audit is abstract and cannot be used directly by a policy.
HttpAnalysis
Class: Drutiny\Http\Audit\HttpAnalysis
Extends: Drutiny\Audit\AbstractAnalysis
Package: drutiny/http
Parameters
Name |
Type |
Description |
Default |
expression |
string |
The expression language to evaludate. See https://symfony.com/doc/current/components/expression_language/syntax.html |
'true' |
not_applicable |
string |
The expression language to evaludate if the analysis is not applicable. See https://symfony.com/doc/current/components/expression_language/syntax.html |
'false' |
send_warming_request |
boolean |
Send a warming request and store headers into cold_headers parameter. |
false |
use_cache |
boolean |
Indicator if Guzzle client should use cache middleware. |
true |
options |
array |
An options array passed to the Guzzle client request method. |
{ } |
Tokens
Name |
Type |
Description |
Default |
expression |
string |
The expression language to evaludate. See https://symfony.com/doc/current/components/expression_language/syntax.html |
'true' |
not_applicable |
string |
The expression language to evaludate if the analysis is not applicable. See https://symfony.com/doc/current/components/expression_language/syntax.html |
'false' |
send_warming_request |
boolean |
Send a warming request and store headers into cold_headers parameter. |
false |
use_cache |
boolean |
Indicator if Guzzle client should use cache middleware. |
true |
options |
array |
An options array passed to the Guzzle client request method. |
{ } |
Source
protected function gather(Sandbox $sandbox)
{
$use_cache = $sandbox->getParameter('use_cache', FALSE);
// For checking caching functionality, add a listener
// to pre-warm the origin.
if ($sandbox->setParameter('send_warming_request', FALSE)) {
$sandbox->setParameter('use_cache', FALSE);
$response = $this->getHttpResponse($sandbox);
$sandbox->setParameter('cold_headers', $this->gatherHeaders($response));
}
$sandbox->setParameter('use_cache', $use_cache);
$response = $this->getHttpResponse($sandbox);
$sandbox->setParameter('headers', $this->gatherHeaders($response));
}
final public function audit(Sandbox $sandbox)
{
$this->gather($sandbox);
$expressionLanguage = new ExpressionLanguage($sandbox);
$variables = $sandbox->getParameterTokens();
$sandbox->logger()->debug(__CLASS__ . ': ' . Yaml::dump($variables));
$expression = $sandbox->getParameter('not_applicable', 'false');
$sandbox->logger()->debug(__CLASS__ . ': ' . $expression);
if (@$expressionLanguage->evaluate($expression, $variables)) {
return self::NOT_APPLICABLE;
}
$expression = $sandbox->getParameter('expression', 'true');
$sandbox->logger()->info(__CLASS__ . ': ' . $expression);
return @$expressionLanguage->evaluate($expression, $variables);
}
Class: Drutiny\Http\Audit\HttpHeaderExists
Extends: Drutiny\Http\Audit\Http
Package: drutiny/http
Policies
These are the policies that use this class:
Name |
Title |
HTTP:X-Frame-Options |
HTTP X-Frame-Options |
HTTP:HSTS |
HTTP HSTS |
HTTP:Content-Security-Policy |
HTTP Content-Security-Policy |
HTTP:ReferrerPolicy |
HTTP Referrer Policy |
Parameters
Name |
Type |
Description |
Default |
header |
string |
The HTTP header to check the value of. |
null |
Tokens
Name |
Type |
Description |
Default |
header |
string |
The HTTP header to check the value of. |
null |
header_value |
string |
The value to check against. |
null |
Source
public function audit(Sandbox $sandbox)
{
$res = $this->getHttpResponse($sandbox);
if ($has_header = $res->hasHeader($sandbox->getParameter('header'))) {
$headers = $res->getHeader($sandbox->getParameter('header'));
$sandbox->setParameter('header_value', $headers[0]);
}
return $has_header;
}
Class: Drutiny\Http\Audit\HttpHeaderMatch
Extends: Drutiny\Http\Audit\Http
Package: drutiny/http
Policies
These are the policies that use this class:
Name |
Title |
HTTP:X-XSS-Protection |
HTTP X-XSS-Protection |
HTTP:X-Content-Type-Options |
HTTP X-Content-Type-Options |
Acquia:CloudEdgeCaching |
Cloud Edge Caching |
Parameters
Name |
Type |
Description |
Default |
header |
string |
The HTTP header to check the value of. |
null |
header_value |
string |
The value to check against. |
null |
Tokens
Name |
Type |
Description |
Default |
header |
string |
The HTTP header to check the value of. |
null |
header_value |
string |
The value to check against. |
null |
Source
public function audit(Sandbox $sandbox)
{
$value = $sandbox->getParameter('header_value');
$res = $this->getHttpResponse($sandbox);
$header = $sandbox->getParameter('header');
if (!$res->hasHeader($header)) {
return FALSE;
}
$headers = $res->getHeader($header);
return $value == $headers[0];
}
Class: Drutiny\Http\Audit\HttpHeaderNotExists
Extends: Drutiny\Http\Audit\HttpHeaderExists
Package: drutiny/http
Policies
These are the policies that use this class:
Name |
Title |
HTTP:X-Drupal-Cache-Tags |
X-Drupal-Cache-Tags Header Disabled |
HTTP:Authorization |
HTTP Authorization Disabled |
Parameters
Name |
Type |
Description |
Default |
header |
string |
The HTTP header to check the value of. |
null |
Tokens
Name |
Type |
Description |
Default |
header |
string |
The HTTP header to check the value of. |
null |
header_value |
string |
The value to check against. |
null |
Source
public function audit(Sandbox $sandbox)
{
return !parent::audit($sandbox);
}
Class: Drutiny\Http\Audit\HttpHeaderRegex
Extends: Drutiny\Http\Audit\Http
Package: drutiny/http
Policies
These are the policies that use this class:
Name |
Title |
HTTP:Cache-Control |
HTTP Cache-Control |
Parameters
Name |
Type |
Description |
Default |
header |
string |
The HTTP header to check the value of. |
null |
regex |
string |
A regular expressions to validate the header value against. |
null |
Tokens
Name |
Type |
Description |
Default |
header |
string |
The HTTP header to check the value of. |
null |
regex |
string |
A regular expressions to validate the header value against. |
null |
Source
public function audit(Sandbox $sandbox)
{
$regex = $sandbox->getParameter('regex');
$regex = "/$regex/";
$res = $this->getHttpResponse($sandbox);
$header = $sandbox->getParameter('header');
if (!$res->hasHeader($header)) {
return FALSE;
}
$headers = $res->getHeader($header);
return preg_match($regex, $headers[0]);
}
HttpStatusCode
Class: Drutiny\Http\Audit\HttpStatusCode
Extends: Drutiny\Http\Audit\Http
Package: drutiny/http
Policies
These are the policies that use this class:
Name |
Title |
HTTP:ValidSSL |
HTTPS Valid SSL Certificate |
Parameters
Name |
Type |
Description |
Default |
status_code |
string |
The expected status code from the HTTP response |
200 |
Tokens
Name |
Type |
Description |
Default |
status_code |
string |
The expected status code from the HTTP response |
200 |
Source
public function audit(Sandbox $sandbox)
{
$status_code = $sandbox->getParameter('status_code', 200);
$res = $this->getHttpResponse($sandbox);
return $status_code == $res->getStatusCode();
}
HttpsRedirect
Class: Drutiny\Http\Audit\HttpsRedirect
Extends: Drutiny\Http\Audit\Http
Package: drutiny/http
Policies
These are the policies that use this class:
Name |
Title |
HTTP:ForceHTTPS |
Force HTTPS |
Source
public function audit(Sandbox $sandbox)
{
$url = $sandbox->getParameter('url', $uri = $sandbox->getTarget()->uri());
$url = strtr($url, [
'https://' => 'http://',
]);
$sandbox->setParameter('url', $url);
$sandbox->setParameter('expected_location', strtr($url, [
'http://' => 'https://',
]));
// Ensure the redirect is not followed.
$options = $sandbox->getParameter('options', []);
$options['allow_redirects'] = FALSE;
$sandbox->setParameter('options', $options);
$res = $this->getHttpResponse($sandbox);
if (!$res->hasHeader('Location')) {
return FALSE;
}
if ($res->getStatusCode() < 300 || $res->getStatusCode() > 400) {
return FALSE;
}
$headers = $res->getHeader('Location');
$sandbox->setParameter('location', $headers[0]);
return strpos($headers[0], 'https://') !== FALSE;
}
SslAssertion
Class: Drutiny\Http\Audit\SslAssertion
Extends: Drutiny\Audit\AbstractAnalysis
Package: drutiny/http
Policies
These are the policies that use this class:
Name |
Title |
SSL:DistrustedSymantecPKI |
Chrome distrusted Symantec PKI |
Parameters
Name |
Type |
Description |
Default |
host |
string |
The domain name to connect to. |
false |
port |
integer |
The SSL port to connect to |
443 |
expression |
string |
The expression language to evaludate. See https://symfony.com/doc/current/components/expression_language/syntax.html |
'true' |
Tokens
Name |
Type |
Description |
Default |
host |
string |
The domain name to connect to. |
false |
port |
integer |
The SSL port to connect to |
443 |
expression |
string |
The expression language to evaludate. See https://symfony.com/doc/current/components/expression_language/syntax.html |
'true' |
cert |
array |
An multidimension array of representing the certificate info |
null |
Source
public function gather(Sandbox $sandbox)
{
if (!$url = $sandbox->getParameter('host')) {
$url = $sandbox->getTarget()->uri();
}
$host = (strpos($url, '://') !== FALSE) ? parse_url($url, PHP_URL_HOST) : $url;
$sandbox->setParameter('host', $host);
$port = $sandbox->getParameter('port');
$url = 'ssl://' . $host . ':' . $port;
$context = stream_context_create(["ssl" => ["capture_peer_cert" => true]]);
if (!$client = @stream_socket_client($url, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context)) {
throw new AuditValidationException("$host did not accept an SSL connection on port $port");
}
$cert = stream_context_get_params($client);
$certinfo = openssl_x509_parse($cert['options']['ssl']['peer_certificate']);
$certinfo['issued'] = date('Y-m-d H:i:s', $certinfo['validFrom_time_t']);
$sandbox->setParameter('cert', $certinfo);
}
final public function audit(Sandbox $sandbox)
{
$this->gather($sandbox);
$expressionLanguage = new ExpressionLanguage($sandbox);
$variables = $sandbox->getParameterTokens();
$sandbox->logger()->debug(__CLASS__ . ': ' . Yaml::dump($variables));
$expression = $sandbox->getParameter('not_applicable', 'false');
$sandbox->logger()->debug(__CLASS__ . ': ' . $expression);
if (@$expressionLanguage->evaluate($expression, $variables)) {
return self::NOT_APPLICABLE;
}
$expression = $sandbox->getParameter('expression', 'true');
$sandbox->logger()->info(__CLASS__ . ': ' . $expression);
return @$expressionLanguage->evaluate($expression, $variables);
}