Skip to content

Commit

Permalink
Update DetectWeakReferrerPolicy.bambda
Browse files Browse the repository at this point in the history
  • Loading branch information
@ctflearner
ctflearner authored Jan 2, 2025
1 parent 76a5d38 commit b97740b
Showing 1 changed file with 22 additions and 13 deletions.
35 changes: 22 additions & 13 deletions Filter/Proxy/HTTP/DetectWeakReferrerPolicy.bambda
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,17 +8,26 @@
**/


return requestResponse.hasResponse() && (
// No Referrer-Policy header
requestResponse.response().headers().stream()
.noneMatch(header -> header.name().equalsIgnoreCase("Referrer-Policy")) ||

// Check for potentially weak referrer policies
requestResponse.response().headers().stream()
.filter(header -> header.name().equalsIgnoreCase("Referrer-Policy"))
.anyMatch(header -> {
String value = header.value().toLowerCase().trim();
return value.equals("no-referrer-when-downgrade") ||
value.equals("unsafe-url");
})
if (!requestResponse.hasResponse()) {
return false;
}

Optional<HttpHeader> referrerPolicyHeader = Optional.ofNullable(
requestResponse.response().header("Referrer-Policy")
);

if (referrerPolicyHeader.isEmpty()) {
return true;
}

String headerValue = referrerPolicyHeader.get().value().toLowerCase(Locale.US).trim();

// Check for weak referrer policies using a stream
boolean hasWeakPolicy = requestResponse.response().headers().stream()
.filter(header -> header.name().equalsIgnoreCase("Referrer-Policy"))
.anyMatch(header -> {
String value = header.value().toLowerCase(Locale.US).trim(); // Include Locale for toLowerCase()
return value.equals("no-referrer-when-downgrade") || value.equals("unsafe-url");
});

return headerValue.equals("no-referrer-when-downgrade") || headerValue.equals("unsafe-url") || hasWeakPolicy;

0 comments on commit b97740b

Please sign in to comment.