mirror of https://github.com/yandex/gixy
Fixed links to documentation
parent
696dbc1c47
commit
bbe5f89d8b
|
@ -73,7 +73,7 @@ Total issues:
|
|||
Or something else, you can find all other `gixy` arguments with the help command: `gixy --help`
|
||||
|
||||
# Documentation
|
||||
Full documentation and recommendations can be found [here](https://github.com/yandex/gixy/docs/ru/README.md) (sorry, but Russian language only so far)
|
||||
Full documentation and recommendations can be found [here](https://github.com/yandex/gixy/blob/master/docs/ru/README.md) (sorry, but Russian language only so far)
|
||||
|
||||
# Contributing
|
||||
Contributions to Gixy are always welcome! You can help us in different ways:
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
Gixy — это утилита для анализа конфигурации Nginx. Большей частью служит для обнаружения проблем безопасности, но может искать и иные ошибки.
|
||||
|
||||
Перечень проблем, которые Gixy способна обнаружить:
|
||||
* [[ssrf] Server Side Request Forgery](https://github.com/yandex/gixy/docs/ru/plugins/ssrf.md)
|
||||
* [[http_splitting] HTTP Splitting](https://github.com/yandex/gixy/docs/ru/plugins/httpsplitting.md)
|
||||
* [[origins] Проблемы валидации referrer/origin](https://github.com/yandex/gixy/docs/ru/plugins/origins.md)
|
||||
* [[add_header_redefinition] Переопределение "вышестоящих" заголовков ответа директивой "add_header"](https://github.com/yandex/gixy/docs/ru/plugins/addheaderredefinition.md)
|
||||
* [[host_spoofing] Подделка заголовка запроса Host](https://github.com/yandex/gixy/docs/ru/plugins/hostspoofing.md)
|
||||
* [[valid_referers] none in valid_referers](https://github.com/yandex/gixy/docs/ru/plugins/validreferers.md)
|
||||
* [[add_header_multiline] Многострочные заголовоки ответа](https://github.com/yandex/gixy/docs/ru/plugins/addheadermultiline.md)
|
||||
## Что умеет
|
||||
На текущий момент Gixy способна обнаружить:
|
||||
* [[ssrf] Server Side Request Forgery](https://github.com/yandex/gixy/blob/master/docs/ru/plugins/ssrf.md)
|
||||
* [[http_splitting] HTTP Splitting](https://github.com/yandex/gixy/blob/master/docs/ru/plugins/httpsplitting.md)
|
||||
* [[origins] Проблемы валидации referrer/origin](https://github.com/yandex/gixy/blob/master/docs/ru/plugins/origins.md)
|
||||
* [[add_header_redefinition] Переопределение "вышестоящих" заголовков ответа директивой "add_header"](https://github.com/yandex/gixy/blob/master/docs/ru/plugins/addheaderredefinition.md)
|
||||
* [[host_spoofing] Подделка заголовка запроса Host](https://github.com/yandex/gixy/blob/master/docs/ru/plugins/hostspoofing.md)
|
||||
* [[valid_referers] none in valid_referers](https://github.com/yandex/gixy/blob/master/docs/ru/plugins/validreferers.md)
|
||||
* [[add_header_multiline] Многострочные заголовоки ответа](https://github.com/yandex/gixy/blob/master/docs/ru/plugins/addheadermultiline.md)
|
||||
|
||||
Проблемы, которым Gixy только учится можно найти в [Issues с меткой "new plugin"](https://github.com/yandex/gixy/issues?q=is%3Aissue+is%3Aopen+label%3A%22new+plugin%22)
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@ add_header Content-Security-Policy "
|
|||
severity = gixy.severity.LOW
|
||||
description = ('Multi-line headers are deprecated (see RFC 7230). '
|
||||
'Some clients never supports them (e.g. IE/Edge).')
|
||||
help_url = 'https://github.com/yandex/gixy/docs/ru/plugins/addheadermultiline.md'
|
||||
help_url = 'https://github.com/yandex/gixy/blob/master/docs/ru/plugins/addheadermultiline.md'
|
||||
directives = ['add_header', 'more_set_headers']
|
||||
|
||||
def audit(self, directive):
|
||||
|
|
|
@ -16,7 +16,7 @@ class add_header_redefinition(Plugin):
|
|||
severity = gixy.severity.MEDIUM
|
||||
description = ('"add_header" replaces ALL parent headers. '
|
||||
'See documentation: http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header')
|
||||
help_url = 'https://github.com/yandex/gixy/docs/ru/plugins/addheaderredefinition.md'
|
||||
help_url = 'https://github.com/yandex/gixy/blob/master/docs/ru/plugins/addheaderredefinition.md'
|
||||
directives = ['server', 'location', 'if']
|
||||
options = {'headers': {'x-frame-options',
|
||||
'x-content-type-options',
|
||||
|
|
|
@ -10,7 +10,7 @@ class host_spoofing(Plugin):
|
|||
summary = 'The proxied Host header may be spoofed.'
|
||||
severity = gixy.severity.MEDIUM
|
||||
description = 'In most cases "$host" variable are more appropriate, just use it.'
|
||||
help_url = 'https://github.com/yandex/gixy/docs/ru/plugins/hostspoofing.md'
|
||||
help_url = 'https://github.com/yandex/gixy/blob/master/docs/ru/plugins/hostspoofing.md'
|
||||
directives = ['proxy_set_header']
|
||||
|
||||
def audit(self, directive):
|
||||
|
|
|
@ -20,7 +20,7 @@ class http_splitting(Plugin):
|
|||
summary = 'Possible HTTP-Splitting vulnerability.'
|
||||
severity = gixy.severity.HIGH
|
||||
description = 'Using variables that can contain "\\n" may lead to http injection.'
|
||||
help_url = 'https://github.com/yandex/gixy/docs/ru/plugins/httpsplitting.md'
|
||||
help_url = 'https://github.com/yandex/gixy/blob/master/docs/ru/plugins/httpsplitting.md'
|
||||
directives = ['rewrite', 'return', 'add_header', 'proxy_set_header', 'proxy_pass']
|
||||
|
||||
def audit(self, directive):
|
||||
|
|
|
@ -17,7 +17,7 @@ class origins(Plugin):
|
|||
summary = 'Validation regex for "origin" or "referrer" matches untrusted domain.'
|
||||
severity = gixy.severity.MEDIUM
|
||||
description = 'Improve the regular expression to match only trusted referrers.'
|
||||
help_url = 'https://github.com/yandex/gixy/docs/ru/plugins/origins.md'
|
||||
help_url = 'https://github.com/yandex/gixy/blob/master/docs/ru/plugins/origins.md'
|
||||
directives = ['if']
|
||||
options = {
|
||||
'domains': ['*'],
|
||||
|
|
|
@ -24,7 +24,7 @@ class ssrf(Plugin):
|
|||
summary = 'Possible SSRF (Server Side Request Forgery) vulnerability.'
|
||||
severity = gixy.severity.HIGH
|
||||
description = 'The configuration may allow attacker to create a arbitrary requests from the vulnerable server.'
|
||||
help_url = 'https://github.com/yandex/gixy/docs/ru/plugins/ssrf.md'
|
||||
help_url = 'https://github.com/yandex/gixy/blob/master/docs/ru/plugins/ssrf.md'
|
||||
directives = ['proxy_pass']
|
||||
|
||||
def __init__(self, config):
|
||||
|
|
|
@ -10,7 +10,7 @@ class valid_referers(Plugin):
|
|||
summary = 'Used "none" as valid referer.'
|
||||
severity = gixy.severity.HIGH
|
||||
description = 'Never trust undefined referer.'
|
||||
help_url = 'https://github.com/yandex/gixy/docs/ru/plugins/validreferers.md'
|
||||
help_url = 'https://github.com/yandex/gixy/blob/master/docs/ru/plugins/validreferers.md'
|
||||
directives = ['valid_referers']
|
||||
|
||||
def audit(self, directive):
|
||||
|
|
Loading…
Reference in New Issue