76 lines
2.1 KiB
Go
76 lines
2.1 KiB
Go
// This file is part of the happyDomain (R) project.
|
|
// Copyright (c) 2020-2026 happyDomain
|
|
// Authors: Pierre-Olivier Mercier, et al.
|
|
|
|
package checker
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
|
|
sdk "git.happydns.org/checker-sdk-go/checker"
|
|
)
|
|
|
|
// Rules returns the full list of independent rules this checker provides.
|
|
// Each concern surfaces independently in the UI rather than being squashed
|
|
// into a single aggregated verdict.
|
|
func Rules() []sdk.CheckRule {
|
|
return []sdk.CheckRule{
|
|
&reachabilityRule{scheme: "http", code: "http.tcp_reachable"},
|
|
&reachabilityRule{scheme: "https", code: "https.tcp_reachable"},
|
|
&httpsRedirectRule{},
|
|
&hstsRule{},
|
|
&cspRule{},
|
|
&xFrameOptionsRule{},
|
|
&xContentTypeOptionsRule{},
|
|
&xXSSProtectionRule{},
|
|
&cookieFlagsRule{},
|
|
&sriRule{},
|
|
}
|
|
}
|
|
|
|
// loadHTTPData fetches the HTTPData observation. On failure, returns a
|
|
// single error CheckState the caller should emit and bail out.
|
|
func loadHTTPData(ctx context.Context, obs sdk.ObservationGetter) (*HTTPData, *sdk.CheckState) {
|
|
var data HTTPData
|
|
if err := obs.Get(ctx, ObservationKeyHTTP, &data); err != nil {
|
|
return nil, &sdk.CheckState{
|
|
Status: sdk.StatusError,
|
|
Message: fmt.Sprintf("failed to load HTTP observation: %v", err),
|
|
Code: "http.observation_error",
|
|
}
|
|
}
|
|
return &data, nil
|
|
}
|
|
|
|
func passState(code, msg string) sdk.CheckState {
|
|
return sdk.CheckState{Status: sdk.StatusOK, Code: code, Message: msg}
|
|
}
|
|
|
|
func unknownState(code, msg string) sdk.CheckState {
|
|
return sdk.CheckState{Status: sdk.StatusUnknown, Code: code, Message: msg}
|
|
}
|
|
|
|
// probesByScheme returns the subset of probes for a given scheme.
|
|
func probesByScheme(probes []HTTPProbe, scheme string) []HTTPProbe {
|
|
var out []HTTPProbe
|
|
for _, p := range probes {
|
|
if p.Scheme == scheme {
|
|
out = append(out, p)
|
|
}
|
|
}
|
|
return out
|
|
}
|
|
|
|
// successfulHTTPSProbes returns HTTPS probes that completed an HTTP
|
|
// transaction (status code != 0). These are the probes whose headers we
|
|
// can meaningfully inspect.
|
|
func successfulHTTPSProbes(probes []HTTPProbe) []HTTPProbe {
|
|
var out []HTTPProbe
|
|
for _, p := range probes {
|
|
if p.Scheme == "https" && p.StatusCode != 0 {
|
|
out = append(out, p)
|
|
}
|
|
}
|
|
return out
|
|
}
|