def single(target_url, json_output, debug, rule_file, merge, junit):
"""
Scan a single http(s) endpoint with drheader.
NOTE: URL parameters are currently only supported on bulk scans.
"""
if debug:
logging.basicConfig(level=logging.DEBUG)
logging.debug('Validating: {}'.format(target_url))
if not validators.url(target_url):
raise click.ClickException(
message='"{}" is not a valid URL.'.format(target_url))
rules = load_rules(rule_file, merge)
try:
logging.debug('Querying headers...')
drheader_instance = Drheader(url=target_url)
except Exception as e:
if debug:
raise click.ClickException(e)
else:
raise click.ClickException('Failed to get headers.')
try:
logging.debug('Analyzing headers...')
drheader_instance.analyze(rules)
except Exception as e:
if debug:
raise click.ClickException(e)
else:
raise click.ClickException('Failed to analyze headers.')
if json_output:
click.echo(json.dumps(drheader_instance.report))
else:
click.echo()
if not drheader_instance.report:
click.echo('No issues found!')
else:
click.echo('{0} issues found'.format(len(
drheader_instance.report)))
for i in drheader_instance.report:
values = []
for k, v in i.items():
values.append([k, v])
click.echo('----')
click.echo(tabulate(values, tablefmt="presto"))
if junit:
file_junit_report(rules, drheader_instance.report)
return 0
def setUp(self):
with open(
os.path.join(os.path.dirname(__file__),
'testfiles/default_rules.yml'), 'r') as f:
self.rules = yaml.safe_load(f.read())['Headers']
f.close()
with open(
os.path.join(os.path.dirname(__file__),
'testfiles/example_report.json'), 'r') as f:
self.report = json.loads(f.read())
f.close()
file_junit_report(self.rules, self.report)
with open('reports/junit.xml', 'r') as f:
self.xml = f.read()
f.close()
def single(ctx, target_url, json_output, debug, rule_file, rule_uri, merge,
junit):
"""
Scan a single http(s) endpoint with drheader.
NOTE: URL parameters are currently only supported on bulk scans.
"""
exit_code = EXIT_CODE_NO_ERROR
if debug:
logging.basicConfig(level=logging.DEBUG)
logging.debug('Validating: {}'.format(target_url))
if not validators.url(target_url):
raise click.ClickException(
message='"{}" is not a valid URL.'.format(target_url))
if rule_uri and not rule_file:
if not validators.url(rule_uri):
raise click.ClickException(
message='"{}" is not a valid URL.'.format(rule_uri))
try:
rule_file = get_rules_from_uri(rule_uri)
except Exception as e:
if debug:
raise click.ClickException(e)
else:
raise click.ClickException(
'No content retrieved from rules-uri.')
rules = load_rules(rule_file, merge)
try:
logging.debug('Querying headers...')
drheader_instance = Drheader(url=target_url, verify=ctx.obj['verify'])
except Exception as e:
if debug:
raise click.ClickException(e)
else:
raise click.ClickException('Failed to get headers.')
try:
logging.debug('Analyzing headers...')
drheader_instance.analyze(rules)
except Exception as e:
if debug:
raise click.ClickException(e)
else:
raise click.ClickException('Failed to analyze headers.')
if drheader_instance.report:
exit_code = EXIT_CODE_FAILURE
if json_output:
click.echo(json.dumps(drheader_instance.report))
else:
click.echo()
if not drheader_instance.report:
click.echo('No issues found!')
else:
click.echo('{0} issues found'.format(len(
drheader_instance.report)))
for i in drheader_instance.report:
values = []
for k, v in i.items():
values.append([k, v])
click.echo('----')
click.echo(tabulate(values, tablefmt="presto"))
if junit:
file_junit_report(rules, drheader_instance.report)
sys.exit(exit_code)