Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Assert HTTP headers
pip install assert_headers
# Assume headersSchema.json in current working directory
assert-headers-py https://example.com
or with specified configuration
assert-headers-py --config ./customConfiguration.json https://example.com
in silent mode
assert-headers-py --silent --config ./customConfiguration.json https://example.com
to see what version you are running
assert-headers-py --version
TODO: Add example of how to stream a column of a .csv into the tool
TODO: Show how the exit codes can be used in smoke tests
assert-headers-py
currently accepts configuration in JSON or YAML formats. It allows specifying a schema for the headers, but also the outgoing origin and user-agent headers for the request. Below is an example configuration:
{
"userAgent": "assert-headers-py",
"origin": "https://example.com",
"schema": {
"cache-control": false,
"strict-transport-security": true,
"x-content-type-options": "nosniff",
"x-frame-options": {
"DENY": true,
"SAMEORIGIN": false
}
}
}
userAgent: "assert-headers-py"
origin: "https://example.com"
schema:
cache-control: False
strict-transport-security: True
x-content-type-options: "nosniff"
x-frame-options:
DENY: True
SAMEORIGIN: False
Schema Explanation:
Note: Since the example format of the schema is JSON, the values will use
false
instead ofFalse
andtrue
instead ofTrue
.
"disallowed-header-name": false
- It is considered an error if this header is defined"required-header-name": true
- It is considered an error if this header is missing (or undefined
)"strict-header-name": "only good value"
- It is considered an error if this header does not have this value"enumerated-header-name": { "good header value": true, "another good value": true }
- It is considered an error if this header contains a value other than one marked true
."enumerated-header-name": { "bad header value": false, "another bad value": false }
- It is considered an error if this header contains a value not marked true
true
, all listed values are considered invalid values. It is highly recommended to ONLY use true
and false
for enumerated valuesfrom assert_headers import assertHeader
headers = {
"strict-transport-security": "max-age=31536000; includeSubDomains",
"x-content-type-options": "nosniff",
"x-frame-options": "DENY"
}
schema = {
"cache-control": False,
"strict-transport-security": True,
"x-content-type-options": "nosniff",
"x-frame-options": {
# if any are true, the header value must match a true schema value
"DENY": True
}
}
try:
assertHeaders(headers, schema)
except BaseException as err:
print("OOPS!")
print(err.message)
if err.errors:
for assertionError in err.errors:
print(f'The header {assertionError.headerName} was bad!')
This can also be used inside a test library for validating HTTP response headers.
from assert_headers import assertHeaderFromUrl
configuration = {
"userAgent": "Custom User Agent name",
"origin": "https://my-domain.com",
"schema": {
"cache-control": False,
"strict-transport-security": True,
"x-content-type-options": "nosniff",
"x-frame-options": {
# if any are true, the header value must match a true schema value
"DENY": True
}
}
}
assertHeaderFromUrl("https://example.com/my-test-page", configuration)
# 1. Install Poetry
# 2. Install dependencies
poetry install
# 3. Start contained environment
poetry shell
# 3 (alternate). Run virtualenv inside current shell
# source ./venv/bin/activate
# 4. Make changes
# 5. Run tests
poetry run pytest
If installing additional dependencies:
# Inside Poetry shell or virtualenv/venv
poetry add my_new_package
For more information, refer to https://python-poetry.org/docs/basic-usage/.
FAQs
Assert HTTP headers.
We found that assert-headers demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.