Minor: Improved OWASP compliance checks

rfc-st · Dec 24, 2024 · 621f382 · 621f382
1 parent 137ef8b
commit 621f382
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@
 <a target="_blank" href="https://www.python.org/downloads/" title="Minimum Python version required to run this tool"><img src="https://img.shields.io/badge/Python-%3E%3D3.8-blue?labelColor=343b41"></a>
 <a target="_blank" href="LICENSE" title="License of this tool"><img src="https://img.shields.io/badge/License-MIT-blue.svg?labelColor=343b41"></a>
 <a target="_blank" href="https://github.com/rfc-st/humble/releases" title="Latest release of this tool"><img src="https://img.shields.io/github/v/release/rfc-st/humble?display_name=release&label=Latest%20Release&labelColor=343b41"></a>
-<a target="_blank" href="https://github.com/rfc-st/humble/commits/master" title="Latest commit of this tool"><img src="https://img.shields.io/badge/Latest_Commit-2024--12--21-blue.svg?labelColor=343b41"></a>
+<a target="_blank" href="https://github.com/rfc-st/humble/commits/master" title="Latest commit of this tool"><img src="https://img.shields.io/badge/Latest_Commit-2024--12--24-blue.svg?labelColor=343b41"></a>
 <a target="_blank" href="https://github.com/rfc-st/humble/actions?query=workflow%3ACodeQL" title="Results of the last analysis of this tool with CodeQL"><img src="https://github.com/rfc-st/humble/workflows/CodeQL/badge.svg"></a>
 <a target="_blank" href="https://pkg.kali.org/pkg/humble" title="Official tool in Kali Linux"><img src="https://img.shields.io/badge/Kali%20Linux-Tool-blue?labelColor=343b41"></a>
 <br />

diff --git a/humble.py b/humble.py
@@ -133,7 +133,7 @@
 URL_STRING = ('rfc-st', ' URL  : ', 'caniuse')
 
 current_time = datetime.now().strftime("%Y/%m/%d - %H:%M:%S")
-local_version = datetime.strptime('2024-12-21', '%Y-%m-%d').date()
+local_version = datetime.strptime('2024-12-24', '%Y-%m-%d').date()
 
 
 class SSLContextAdapter(requests.adapters.HTTPAdapter):
@@ -1502,8 +1502,20 @@ def print_compliance_owasp(non_cnt, non_rules):
     if non_cnt > 0:
         print("")
         print_detail('[comp_ko_owasp]', num_lines=2)
-        for rule in non_rules:
-            print(f" {rule}")
+        print("")
+        header_v = get_detail('[comp_header]')
+        miss_h = [rule for rule in non_rules if header_v in rule]
+        miss_val = [rule for rule in non_rules if header_v not in rule]
+        if miss_h:
+            print(f"{STYLE[0]}{get_detail('[comp_rec]')}{STYLE[5]}")
+            print("\n".join(f" {rule.split(':')[0].strip()}" for rule in
+                            miss_h))
+            print("")
+        print("")
+        if miss_val:
+            print(f"{STYLE[0]}{get_detail('[comp_val]')}{STYLE[5]}")
+            print("\n".join(f" {rule}" for rule in miss_val))
+            print("")
         print("")
         print_detail('[comp_experimental]', 2)
     else:

diff --git a/l10n/details.txt b/l10n/details.txt
@@ -1654,5 +1654,11 @@ Unhandled exception type:
  '(*)' meaning: Experimental HTTP response header
  '(*)' ref:     https://mdn.io/Experimental_deprecated_obsolete
 
+[comp_rec]
+ Recommended headers not enabled
+
+[comp_val]
+ Enabled headers without recommended values
+
 [comp_header]
 (Header not enabled)
diff --git a/l10n/details_es.txt b/l10n/details_es.txt
@@ -1644,5 +1644,11 @@ Excepción no gestionada:
  Significado de '(*)': Cabecera de respuesta HTTP experimental
  Referencia de '(*)':  https://mdn.io/Experimental_deprecated_obsolete
 
+[comp_rec]
+ Cabeceras recomendadas no habilitadas
+
+[comp_val]
+ Cabeceras habilitadas sin valores recomendados
+
 [comp_header]
 (Cabecera no habilitada)