Skip to content

Commit 720cce4

Browse files
committed
Feature: CSP broad and insecure checks show the directives
1 parent 582cb6a commit 720cce4

File tree

2 files changed

+46
-24
lines changed

2 files changed

+46
-24
lines changed

README.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
<a target="_blank" href="https://devguide.python.org/versions/" title="Minimum Python version required to run this tool"><img src="https://img.shields.io/badge/Python-%3E%3D3.9-blue?labelColor=343b41"></a>
77
<a target="_blank" href="LICENSE" title="License of this tool"><img src="https://img.shields.io/badge/License-MIT-blue.svg?labelColor=343b41"></a>
88
<a target="_blank" href="https://github.com/rfc-st/humble/releases" title="Latest release of this tool"><img src="https://img.shields.io/github/v/release/rfc-st/humble?display_name=release&label=Latest%20Release&labelColor=343b41"></a>
9-
<a target="_blank" href="https://github.com/rfc-st/humble/commits/master" title="Latest commit of this tool"><img src="https://img.shields.io/badge/Latest_Commit-2025--03--21-blue.svg?labelColor=343b41"></a>
9+
<a target="_blank" href="https://github.com/rfc-st/humble/commits/master" title="Latest commit of this tool"><img src="https://img.shields.io/badge/Latest_Commit-2025--03--22-blue.svg?labelColor=343b41"></a>
1010
<a target="_blank" href="https://pkg.kali.org/pkg/humble" title="Official tool in Kali Linux"><img src="https://img.shields.io/badge/Kali%20Linux-Tool-blue?labelColor=343b41"></a>
1111
<br />
1212
<a target="_blank" href="#" title="Featured on:"><img src="https://img.shields.io/badge/Featured%20on:-343b41"></a>

humble.py

+45-23
Original file line numberDiff line numberDiff line change
@@ -150,7 +150,7 @@
150150
XML_STRING = ('Ref: ', 'Value: ', 'Valor: ')
151151

152152
current_time = datetime.now().strftime("%Y/%m/%d - %H:%M:%S")
153-
local_version = datetime.strptime('2025-03-21', '%Y-%m-%d').date()
153+
local_version = datetime.strptime('2025-03-22', '%Y-%m-%d').date()
154154

155155

156156
class SSLContextAdapter(requests.adapters.HTTPAdapter):
@@ -750,19 +750,20 @@ def print_global_metrics(analytics_l, analytics_s, analytics_w,
750750
totals_m.items()}
751751

752752

753-
def csp_analyze_content(csp_header, l_csp_broad_s, l_csp_ins_s, i_cnt):
754-
csp_broad, csp_deprecated, csp_insecure = set(), set(), set()
753+
def csp_analyze_content(csp_header, i_cnt):
754+
csp_deprecated = set()
755755
csp_dirs = {dir.split()[0].strip() for dir in csp_header.split(';') if
756756
dir.strip()}
757757
csp_dirs_vals = [dir.strip() for dir in csp_header.split(';')]
758758
for csp_dir in csp_dirs_vals:
759-
csp_broad |= ({value for value in l_csp_broad_s if f' {value} ' in
760-
f' {csp_dir} '})
761759
csp_deprecated |= ({value for value in t_csp_dep if value in csp_dir})
762-
csp_insecure |= ({value for value in l_csp_ins_s if value in csp_dir})
763760
csp_check_missing(csp_dirs)
764-
csp_print_warnings(csp_broad, csp_deprecated, csp_insecure)
765-
if any(insecv in dir for dir in csp_dirs_vals for insecv in t_csp_insecv):
761+
csp_print_warnings(csp_deprecated)
762+
if any(broadv in dir for dir in csp_dirs_vals for broadv in t_csp_broad):
763+
csp_print_broad(csp_dirs_vals, i_cnt)
764+
if any(insecv in dir for dir in csp_dirs_vals for insecv in t_csp_insecs):
765+
csp_print_insecure(csp_dirs_vals)
766+
if any(unsafv in dir for dir in csp_dirs_vals for unsafv in t_csp_insecv):
766767
csp_print_unsafe(csp_dirs_vals, i_cnt)
767768

768769

@@ -811,12 +812,9 @@ def csp_check_ip(csp_h):
811812
print_details('[icsipa_h]', '[icsipa]', 'm', i_cnt)
812813

813814

814-
def csp_print_warnings(csp_broad, csp_deprecated, csp_insecure):
815+
def csp_print_warnings(csp_deprecated):
815816
csp_print_deprecated(csp_deprecated) if csp_deprecated else None
816-
csp_print_insecure(csp_insecure) if csp_insecure else None
817-
csp_print_broad(csp_broad) if csp_broad else None
818-
i_cnt[0] += sum(bool(csp) for csp in (csp_broad, csp_deprecated,
819-
csp_insecure))
817+
i_cnt[0] += sum(bool(csp) for csp in (csp_deprecated))
820818
return i_cnt
821819

822820

@@ -826,11 +824,22 @@ def csp_print_deprecated(csp_deprecated):
826824
'[icsi_d_r]')
827825

828826

829-
def csp_print_insecure(csp_insecure):
830-
print_detail_r('[icsh_h]', is_red=True) if args.brief else \
831-
csp_print_details(csp_insecure, '[icsh_h]', '[icsh]', '[icsh_b]')
827+
def csp_print_insecure(csp_dirs_vals):
828+
csp_insecure_v = {value for value in t_csp_insecs if
829+
any(value in dir for dir in csp_dirs_vals)}
830+
csp_insecure_dirs = {dir_vals.split()[0] for dir_vals in csp_dirs_vals
831+
if any(unsafe_val in dir_vals for unsafe_val in
832+
t_csp_insecs)}
833+
print_detail_r('[icsh_h]', is_red=True)
832834
if not args.brief:
833-
print("")
835+
csp_values = ', '.join(f"'{value}'" for value in csp_insecure_v)
836+
print_detail_l('[icsp_s]' if len(csp_insecure_dirs) > 1 else
837+
'[icsp_si]')
838+
print(f" {', '.join(f"'{dir}'" for dir in
839+
sorted(csp_insecure_dirs))}.")
840+
print_detail_l('[icsh]')
841+
print(csp_values)
842+
print_detail('[icsh_b]', num_lines=2)
834843

835844

836845
def csp_print_missing(csp_ref, csp_ref_brief):
@@ -841,9 +850,21 @@ def csp_print_missing(csp_ref, csp_ref_brief):
841850
print_details(csp_ref_brief, csp_ref, 'd', i_cnt)
842851

843852

844-
def csp_print_broad(csp_broad):
845-
print_detail_r('[icsw_h]', is_red=True) if args.brief else \
846-
csp_print_details(csp_broad, '[icsw_h]', '[icsw]', '[icsw_b]')
853+
def csp_print_broad(csp_dirs_vals, i_cnt):
854+
csp_broad_v = set(token for dir_vals in csp_dirs_vals if dir_vals.strip()
855+
for token in dir_vals.split()[1:]
856+
if f" {token} " in t_csp_broad)
857+
csp_broad_dirs = {dir_vals.split()[0] for dir_vals in csp_dirs_vals
858+
if any(f" {token} " in t_csp_broad for token in
859+
dir_vals.split()[1:])}
860+
print_detail_r('[icsw_h]', is_red=True)
861+
if not args.brief:
862+
print_detail_l('[icsp_s]' if len(csp_broad_dirs) > 1 else '[icsp_si]')
863+
print(f" {', '.join(f"'{dir}'" for dir in sorted(csp_broad_dirs))}.")
864+
print_detail_l('[icsw]')
865+
print(', '.join(f"'{value}'" for value in csp_broad_v))
866+
print_detail('[icsw_b]', num_lines=1)
867+
i_cnt[0] += 1
847868

848869

849870
def csp_print_details(csp_values, csp_title, csp_desc, csp_refs):
@@ -2154,8 +2175,9 @@ def custom_help_formatter(prog):
21542175

21552176
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
21562177
# https://www.w3.org/TR/CSP2/ & https://www.w3.org/TR/CSP3/
2157-
t_csp_broad = ('*', 'blob:', 'data:', 'ftp:', 'filesystem:', 'https:',
2158-
'https://*', 'https://*.*', 'schemes:', 'wss:', 'wss://')
2178+
t_csp_broad = (' * ', ' blob: ', ' data: ', ' ftp: ', 'filesystem:',
2179+
' https: ', ' https://* ', ' https://*.* ', ' mailto: ',
2180+
'schemes:', ' tel: ', ' wss: ', 'wss://')
21592181
t_csp_equal = ('nonce', 'sha', 'style-src-elem', 'report-to', 'report-uri')
21602182
t_csp_dep = ('block-all-mixed-content', 'disown-opener', 'plugin-types',
21612183
'prefetch-src', 'referrer', 'report-uri', 'require-sri-for')
@@ -2450,7 +2472,7 @@ def custom_help_formatter(prog):
24502472
print_details('[icsi_h]', '[icsi]', 'd', i_cnt)
24512473
if ('=' in csp_h) and not (any(elem in csp_h for elem in t_csp_equal)):
24522474
print_details('[icsn_h]', '[icsn]', 'd', i_cnt)
2453-
csp_analyze_content(csp_h, t_csp_broad, t_csp_insecs, i_cnt)
2475+
csp_analyze_content(csp_h, i_cnt)
24542476
if t_csp_checks[0] in csp_h and t_csp_checks[1] not in headers:
24552477
print_details('[icspi_h]', '[icspi]', 'm', i_cnt)
24562478
if t_csp_checks[2] in csp_h:

0 commit comments

Comments
 (0)