colin
/
ploughshares
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ploughshares/test_headers.sh

123 lines
4.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Colors for better readability
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[0;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Base URLs to test
DEV_URL="http://localhost:5005"
PROD_URL="https://ploughshares.nixc.us"
# Default to development URL unless specified
URL=${1:-$DEV_URL}
echo -e "${BLUE}Testing headers for ${URL}${NC}"
echo "=================================================="
# Function to test an endpoint
test_endpoint() {
local endpoint=$1
local method=$2
local description=$3
local full_url="${URL}${endpoint}"
echo -e "\n${YELLOW}Testing ${method} ${endpoint}: ${description}${NC}"
echo "------------------------------------------------"
if [ "$method" == "HEAD" ]; then
# Use -I for HEAD requests
curl -s -I "${full_url}" | grep -v "Date:" | grep -v "Server:"
elif [ "$method" == "OPTIONS" ]; then
# Use -X OPTIONS for OPTIONS requests
curl -s -X OPTIONS "${full_url}" -I | grep -v "Date:" | grep -v "Server:"
elif [ "$method" == "GET" ]; then
# First check headers
echo -e "${BLUE}Headers:${NC}"
curl -s -I "${full_url}" | grep -v "Date:" | grep -v "Server:"
# Then check response body
echo -e "\n${BLUE}Response:${NC}"
curl -s "${full_url}"
echo -e "\n"
else
echo "Unsupported method: ${method}"
fi
echo "------------------------------------------------"
}
# Function to check for specific security headers
check_security_headers() {
local endpoint=$1
local full_url="${URL}${endpoint}"
echo -e "\n${YELLOW}Checking security headers for ${endpoint}${NC}"
echo "------------------------------------------------"
# Store headers in a variable
headers=$(curl -s -I "${full_url}")
# Check for important security headers
check_header "Content-Security-Policy" "$headers"
check_header "Cross-Origin-Resource-Policy" "$headers"
check_header "Cross-Origin-Embedder-Policy" "$headers"
check_header "Cross-Origin-Opener-Policy" "$headers"
check_header "X-Frame-Options" "$headers"
check_header "X-Content-Type-Options" "$headers"
check_header "X-XSS-Protection" "$headers"
check_header "Referrer-Policy" "$headers"
# For API endpoints, check CORS headers
if [[ "$endpoint" == "/api/"* ]]; then
check_header "Access-Control-Allow-Origin" "$headers"
check_header "Access-Control-Allow-Methods" "$headers"
check_header "Access-Control-Allow-Headers" "$headers"
fi
echo "------------------------------------------------"
}
# Function to check for a specific header
check_header() {
local header=$1
local headers=$2
if echo "$headers" | grep -q "$header"; then
header_value=$(echo "$headers" | grep "$header" | sed "s/$header: //")
echo -e "${GREEN}$header: $header_value${NC}"
else
echo -e "${RED}$header not found${NC}"
fi
}
# Test UI endpoints
test_endpoint "/" "HEAD" "Main page headers"
check_security_headers "/"
# Test API endpoints
test_endpoint "/api/test" "HEAD" "API test endpoint headers"
check_security_headers "/api/test"
test_endpoint "/api/test" "GET" "API test endpoint response"
# Test OPTIONS request for CORS preflight
test_endpoint "/api/test" "OPTIONS" "API CORS preflight request"
# Test a POST request to API
echo -e "\n${YELLOW}Testing POST to /api/transactions${NC}"
echo "------------------------------------------------"
curl -s -X POST "${URL}/api/transactions" \
-H "Content-Type: application/json" \
-d '{"test": "data"}' | jq 2>/dev/null || echo "Response is not valid JSON"
echo -e "\n------------------------------------------------"
# Test with different Accept headers
echo -e "\n${YELLOW}Testing with Accept: application/json header${NC}"
echo "------------------------------------------------"
curl -s -H "Accept: application/json" "${URL}/api/test" | jq 2>/dev/null || echo "Response is not valid JSON"
echo -e "\n------------------------------------------------"
echo -e "\n${BLUE}Tests completed for ${URL}${NC}"
Reference in New Issue View Git Blame Copy Permalink