github
/
gixy
mirror of https://github.com/yandex/gixy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

By default use english docs. 

// TODO: i18n
pull/24/head
Andrew Krasichkov 2017-05-11 11:44:39 +03:00
parent 150d9f2a3d
commit 1cbcc2661f
7 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
gixy/plugins/add_header_multiline.py
View File

@ -14,7 +14,7 @@ add_header Content-Security-Policy "
severity = gixy.severity.LOW
description = ('Multi-line headers are deprecated (see RFC 7230). '
'Some clients never supports them (e.g. IE/Edge).')
help_url = 'https://github.com/yandex/gixy/blob/master/docs/ru/plugins/addheadermultiline.md'
help_url = 'https://github.com/yandex/gixy/blob/master/docs/en/plugins/addheadermultiline.md'
directives = ['add_header', 'more_set_headers']
def audit(self, directive):

2
gixy/plugins/add_header_redefinition.py
View File

@ -16,7 +16,7 @@ class add_header_redefinition(Plugin):
severity = gixy.severity.MEDIUM
description = ('"add_header" replaces ALL parent headers. '
'See documentation: http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header')
help_url = 'https://github.com/yandex/gixy/blob/master/docs/ru/plugins/addheaderredefinition.md'
help_url = 'https://github.com/yandex/gixy/blob/master/docs/en/plugins/addheaderredefinition.md'
directives = ['server', 'location', 'if']
options = {'headers': {'x-frame-options',
'x-content-type-options',

2
gixy/plugins/host_spoofing.py
View File

@ -10,7 +10,7 @@ class host_spoofing(Plugin):
summary = 'The proxied Host header may be spoofed.'
severity = gixy.severity.MEDIUM
description = 'In most cases "$host" variable are more appropriate, just use it.'
help_url = 'https://github.com/yandex/gixy/blob/master/docs/ru/plugins/hostspoofing.md'
help_url = 'https://github.com/yandex/gixy/blob/master/docs/en/plugins/hostspoofing.md'
directives = ['proxy_set_header']
def audit(self, directive):

2
gixy/plugins/http_splitting.py
View File

@ -20,7 +20,7 @@ class http_splitting(Plugin):
summary = 'Possible HTTP-Splitting vulnerability.'
severity = gixy.severity.HIGH
description = 'Using variables that can contain "\\n" may lead to http injection.'
help_url = 'https://github.com/yandex/gixy/blob/master/docs/ru/plugins/httpsplitting.md'
help_url = 'https://github.com/yandex/gixy/blob/master/docs/en/plugins/httpsplitting.md'
directives = ['rewrite', 'return', 'add_header', 'proxy_set_header', 'proxy_pass']
def audit(self, directive):

2
gixy/plugins/origins.py
View File

@ -17,7 +17,7 @@ class origins(Plugin):
summary = 'Validation regex for "origin" or "referrer" matches untrusted domain.'
severity = gixy.severity.MEDIUM
description = 'Improve the regular expression to match only trusted referrers.'
help_url = 'https://github.com/yandex/gixy/blob/master/docs/ru/plugins/origins.md'
help_url = 'https://github.com/yandex/gixy/blob/master/docs/en/plugins/origins.md'
directives = ['if']
options = {
'domains': ['*'],

2
gixy/plugins/ssrf.py
View File

@ -24,7 +24,7 @@ class ssrf(Plugin):
summary = 'Possible SSRF (Server Side Request Forgery) vulnerability.'
severity = gixy.severity.HIGH
description = 'The configuration may allow attacker to create a arbitrary requests from the vulnerable server.'
help_url = 'https://github.com/yandex/gixy/blob/master/docs/ru/plugins/ssrf.md'
help_url = 'https://github.com/yandex/gixy/blob/master/docs/en/plugins/ssrf.md'
directives = ['proxy_pass']
def __init__(self, config):

2
gixy/plugins/valid_referers.py
View File

@ -10,7 +10,7 @@ class valid_referers(Plugin):
summary = 'Used "none" as valid referer.'
severity = gixy.severity.HIGH
description = 'Never trust undefined referer.'
help_url = 'https://github.com/yandex/gixy/blob/master/docs/ru/plugins/validreferers.md'
help_url = 'https://github.com/yandex/gixy/blob/master/docs/en/plugins/validreferers.md'
directives = ['valid_referers']
def audit(self, directive):