Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Assert HTTP headers
pip install assert_headers
# Assume headersSchema.json in current working directory
assert-headers-py https://example.com
or with specified configuration
assert-headers-py --config ./customConfiguration.json https://example.com
in silent mode
assert-headers-py --silent --config ./customConfiguration.json https://example.com
to see what version you are running
assert-headers-py --version
TODO: Add example of how to stream a column of a .csv into the tool
TODO: Show how the exit codes can be used in smoke tests
assert-headers-py
currently accepts configuration in JSON or YAML formats. It allows specifying a schema for the headers, but also the outgoing origin and user-agent headers for the request. Below is an example configuration:
{
"userAgent": "assert-headers-py",
"origin": "https://example.com",
"schema": {
"cache-control": false,
"strict-transport-security": true,
"x-content-type-options": "nosniff",
"x-frame-options": {
"DENY": true,
"SAMEORIGIN": false
}
}
}
userAgent: "assert-headers-py"
origin: "https://example.com"
schema:
cache-control: False
strict-transport-security: True
x-content-type-options: "nosniff"
x-frame-options:
DENY: True
SAMEORIGIN: False
Schema Explanation:
Note: Since the example format of the schema is JSON, the values will use
false
instead ofFalse
andtrue
instead ofTrue
.
"disallowed-header-name": false
- It is considered an error if this header is defined"required-header-name": true
- It is considered an error if this header is missing (or undefined
)"strict-header-name": "only good value"
- It is considered an error if this header does not have this value"enumerated-header-name": { "good header value": true, "another good value": true }
- It is considered an error if this header contains a value other than one marked true
."enumerated-header-name": { "bad header value": false, "another bad value": false }
- It is considered an error if this header contains a value not marked true
true
, all listed values are considered invalid values. It is highly recommended to ONLY use true
and false
for enumerated valuesfrom assert_headers import assertHeader
headers = {
"strict-transport-security": "max-age=31536000; includeSubDomains",
"x-content-type-options": "nosniff",
"x-frame-options": "DENY"
}
schema = {
"cache-control": False,
"strict-transport-security": True,
"x-content-type-options": "nosniff",
"x-frame-options": {
# if any are true, the header value must match a true schema value
"DENY": True
}
}
try:
assertHeaders(headers, schema)
except BaseException as err:
print("OOPS!")
print(err.message)
if err.errors:
for assertionError in err.errors:
print(f'The header {assertionError.headerName} was bad!')
This can also be used inside a test library for validating HTTP response headers.
from assert_headers import assertHeaderFromUrl
configuration = {
"userAgent": "Custom User Agent name",
"origin": "https://my-domain.com",
"schema": {
"cache-control": False,
"strict-transport-security": True,
"x-content-type-options": "nosniff",
"x-frame-options": {
# if any are true, the header value must match a true schema value
"DENY": True
}
}
}
assertHeaderFromUrl("https://example.com/my-test-page", configuration)
# 1. Install Poetry
# 2. Install dependencies
poetry install
# 3. Start contained environment
poetry shell
# 3 (alternate). Run virtualenv inside current shell
# source ./venv/bin/activate
# 4. Make changes
# 5. Run tests
poetry run pytest
If installing additional dependencies:
# Inside Poetry shell or virtualenv/venv
poetry add my_new_package
For more information, refer to https://python-poetry.org/docs/basic-usage/.
FAQs
Assert HTTP headers.
We found that assert-headers demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.