Fixed links to documentation

pull/9/head
Andrew Krasichkov 2017-04-05 01:31:42 +03:00
parent 696dbc1c47
commit bbe5f89d8b
9 changed files with 17 additions and 16 deletions

View File

@ -73,7 +73,7 @@ Total issues:
Or something else, you can find all other `gixy` arguments with the help command: `gixy --help`
# Documentation
Full documentation and recommendations can be found [here](https://github.com/yandex/gixy/docs/ru/README.md) (sorry, but Russian language only so far)
Full documentation and recommendations can be found [here](https://github.com/yandex/gixy/blob/master/docs/ru/README.md) (sorry, but Russian language only so far)
# Contributing
Contributions to Gixy are always welcome! You can help us in different ways:

View File

@ -1,13 +1,14 @@
Gixy — это утилита для анализа конфигурации Nginx. Большей частью служит для обнаружения проблем безопасности, но может искать и иные ошибки.
Перечень проблем, которые Gixy способна обнаружить:
* [[ssrf] Server Side Request Forgery](https://github.com/yandex/gixy/docs/ru/plugins/ssrf.md)
* [[http_splitting] HTTP Splitting](https://github.com/yandex/gixy/docs/ru/plugins/httpsplitting.md)
* [[origins] Проблемы валидации referrer/origin](https://github.com/yandex/gixy/docs/ru/plugins/origins.md)
* [[add_header_redefinition] Переопределение "вышестоящих" заголовков ответа директивой "add_header"](https://github.com/yandex/gixy/docs/ru/plugins/addheaderredefinition.md)
* [[host_spoofing] Подделка заголовка запроса Host](https://github.com/yandex/gixy/docs/ru/plugins/hostspoofing.md)
* [[valid_referers] none in valid_referers](https://github.com/yandex/gixy/docs/ru/plugins/validreferers.md)
* [[add_header_multiline] Многострочные заголовоки ответа](https://github.com/yandex/gixy/docs/ru/plugins/addheadermultiline.md)
## Что умеет
На текущий момент Gixy способна обнаружить:
* [[ssrf] Server Side Request Forgery](https://github.com/yandex/gixy/blob/master/docs/ru/plugins/ssrf.md)
* [[http_splitting] HTTP Splitting](https://github.com/yandex/gixy/blob/master/docs/ru/plugins/httpsplitting.md)
* [[origins] Проблемы валидации referrer/origin](https://github.com/yandex/gixy/blob/master/docs/ru/plugins/origins.md)
* [[add_header_redefinition] Переопределение "вышестоящих" заголовков ответа директивой "add_header"](https://github.com/yandex/gixy/blob/master/docs/ru/plugins/addheaderredefinition.md)
* [[host_spoofing] Подделка заголовка запроса Host](https://github.com/yandex/gixy/blob/master/docs/ru/plugins/hostspoofing.md)
* [[valid_referers] none in valid_referers](https://github.com/yandex/gixy/blob/master/docs/ru/plugins/validreferers.md)
* [[add_header_multiline] Многострочные заголовоки ответа](https://github.com/yandex/gixy/blob/master/docs/ru/plugins/addheadermultiline.md)
Проблемы, которым Gixy только учится можно найти в [Issues с меткой "new plugin"](https://github.com/yandex/gixy/issues?q=is%3Aissue+is%3Aopen+label%3A%22new+plugin%22)

View File

@ -14,7 +14,7 @@ add_header Content-Security-Policy "
severity = gixy.severity.LOW
description = ('Multi-line headers are deprecated (see RFC 7230). '
'Some clients never supports them (e.g. IE/Edge).')
help_url = 'https://github.com/yandex/gixy/docs/ru/plugins/addheadermultiline.md'
help_url = 'https://github.com/yandex/gixy/blob/master/docs/ru/plugins/addheadermultiline.md'
directives = ['add_header', 'more_set_headers']
def audit(self, directive):

View File

@ -16,7 +16,7 @@ class add_header_redefinition(Plugin):
severity = gixy.severity.MEDIUM
description = ('"add_header" replaces ALL parent headers. '
'See documentation: http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header')
help_url = 'https://github.com/yandex/gixy/docs/ru/plugins/addheaderredefinition.md'
help_url = 'https://github.com/yandex/gixy/blob/master/docs/ru/plugins/addheaderredefinition.md'
directives = ['server', 'location', 'if']
options = {'headers': {'x-frame-options',
'x-content-type-options',

View File

@ -10,7 +10,7 @@ class host_spoofing(Plugin):
summary = 'The proxied Host header may be spoofed.'
severity = gixy.severity.MEDIUM
description = 'In most cases "$host" variable are more appropriate, just use it.'
help_url = 'https://github.com/yandex/gixy/docs/ru/plugins/hostspoofing.md'
help_url = 'https://github.com/yandex/gixy/blob/master/docs/ru/plugins/hostspoofing.md'
directives = ['proxy_set_header']
def audit(self, directive):

View File

@ -20,7 +20,7 @@ class http_splitting(Plugin):
summary = 'Possible HTTP-Splitting vulnerability.'
severity = gixy.severity.HIGH
description = 'Using variables that can contain "\\n" may lead to http injection.'
help_url = 'https://github.com/yandex/gixy/docs/ru/plugins/httpsplitting.md'
help_url = 'https://github.com/yandex/gixy/blob/master/docs/ru/plugins/httpsplitting.md'
directives = ['rewrite', 'return', 'add_header', 'proxy_set_header', 'proxy_pass']
def audit(self, directive):

View File

@ -17,7 +17,7 @@ class origins(Plugin):
summary = 'Validation regex for "origin" or "referrer" matches untrusted domain.'
severity = gixy.severity.MEDIUM
description = 'Improve the regular expression to match only trusted referrers.'
help_url = 'https://github.com/yandex/gixy/docs/ru/plugins/origins.md'
help_url = 'https://github.com/yandex/gixy/blob/master/docs/ru/plugins/origins.md'
directives = ['if']
options = {
'domains': ['*'],

View File

@ -24,7 +24,7 @@ class ssrf(Plugin):
summary = 'Possible SSRF (Server Side Request Forgery) vulnerability.'
severity = gixy.severity.HIGH
description = 'The configuration may allow attacker to create a arbitrary requests from the vulnerable server.'
help_url = 'https://github.com/yandex/gixy/docs/ru/plugins/ssrf.md'
help_url = 'https://github.com/yandex/gixy/blob/master/docs/ru/plugins/ssrf.md'
directives = ['proxy_pass']
def __init__(self, config):

View File

@ -10,7 +10,7 @@ class valid_referers(Plugin):
summary = 'Used "none" as valid referer.'
severity = gixy.severity.HIGH
description = 'Never trust undefined referer.'
help_url = 'https://github.com/yandex/gixy/docs/ru/plugins/validreferers.md'
help_url = 'https://github.com/yandex/gixy/blob/master/docs/ru/plugins/validreferers.md'
directives = ['valid_referers']
def audit(self, directive):