From f3e23793a7dede68fa3af1f9c2c0bcd857da6e36 Mon Sep 17 00:00:00 2001 From: Russ Young Date: Wed, 14 Apr 2021 10:55:04 -0600 Subject: [PATCH 1/4] Added the default OWASP http headers to http responses. --- configure.ac | 2 ++ src/worker-auth.c | 16 ++++++++++++++++ src/worker-http-handlers.c | 3 +++ src/worker-http.c | 27 +++++++++++++++++++++++++++ src/worker-kkdcp.c | 8 ++++++++ src/worker-vpn.c | 5 +++++ src/worker.h | 4 ++++ 7 files changed, 65 insertions(+) diff --git a/configure.ac b/configure.ac index f483b751..b74dead6 100644 --- a/configure.ac +++ b/configure.ac @@ -669,6 +669,8 @@ fi AM_CONDITIONAL(ENABLE_OIDC_AUTH, test "x$enable_oidc_auth" = xyes) AM_CONDITIONAL(ENABLE_OIDC_AUTH_TESTS, test "x$enable_oidc_auth" = xyes) +AC_DEFINE([ADD_OWASP_HEADERS], 1, [Add OWASP default http headers to responses]) + AC_CHECK_FILE(/proc/self/exe, AC_DEFINE([PROC_FS_SUPPORTED],[1], [procfs supported]), []) uid=$(id -u) diff --git a/src/worker-auth.c b/src/worker-auth.c index 4e9e1459..61413825 100644 --- a/src/worker-auth.c +++ b/src/worker-auth.c @@ -438,6 +438,14 @@ int get_auth_handler2(worker_st * ws, unsigned http_ver, const char *pmsg, unsig goto cleanup; } +#ifdef ADD_OWASP_HEADERS + ret = add_owasp_headers(ws); + if (ret < 0) { + ret = -1; + goto cleanup; + } +#endif + ret = cstp_puts(ws, "\r\n"); if (ret < 0) { ret = -1; @@ -1089,6 +1097,14 @@ int post_common_handler(worker_st * ws, unsigned http_ver, const char *imsg) if (ret < 0) goto fail; +#ifdef ADD_OWASP_HEADERS + ret = + add_owasp_headers(ws); + if (ret < 0) + goto fail; +#endif + + #ifdef ANYCONNECT_CLIENT_COMPAT if (WSCONFIG(ws)->xml_config_file) { ret = diff --git a/src/worker-http-handlers.c b/src/worker-http-handlers.c index 0d405798..d5afff20 100644 --- a/src/worker-http-handlers.c +++ b/src/worker-http-handlers.c @@ -58,6 +58,9 @@ static int send_headers(worker_st *ws, unsigned http_ver, const char *content_ty cstp_printf(ws, "Content-Type: %s\r\n", content_type) < 0 || cstp_puts (ws, "X-Transcend-Version: 1\r\n") < 0 || cstp_printf(ws, "Content-Length: %u\r\n", content_length) < 0 || +#ifdef ADD_OWASP_HEADERS + add_owasp_headers(ws) < 0 || +#endif cstp_puts (ws, "\r\n") < 0) return -1; return 0; diff --git a/src/worker-http.c b/src/worker-http.c index 7ca584ef..b032cbf3 100644 --- a/src/worker-http.c +++ b/src/worker-http.c @@ -863,3 +863,30 @@ void http_req_deinit(worker_st * ws) ws->req.body = NULL; } +#if defined(ADD_OWASP_HEADERS) +/* add_owasp_headers: + * @ws: an initialized worker structure + * + * This function adds the OWASP default headers + * There are security tools that flag the server as a security risk. + * These are added to help users comply with security best practices. + */ +int add_owasp_headers(worker_st * ws) +{ + if (cstp_puts(ws, "Strict-Transport-Security: max-age=31536000 ; includeSubDomains\r\n") < 0 || + cstp_puts(ws, "X-Frame-Options: deny\r\n") < 0 || + cstp_puts(ws, "X-Content-Type-Options: nosniff\r\n") < 0 || + cstp_puts(ws, "Content-Security-Policy: default-src \'none\'\r\n") < 0 || + cstp_puts(ws, "X-Permitted-Cross-Domain-Policies: none\r\n") < 0 || + cstp_puts(ws, "Referrer-Policy: no-referrer\r\n") < 0 || + cstp_puts(ws, "Clear-Site-Data: \"cache\",\"cookies\",\"storage\"\r\n") < 0 || + cstp_puts(ws, "Cross-Origin-Embedder-Policy: require-corp\r\n") < 0 || + cstp_puts(ws, "Cross-Origin-Opener-Policy: same-origin\r\n") < 0 || + cstp_puts(ws, "Cross-Origin-Resource-Policy: same-origin\r\n") < 0 || + cstp_puts(ws, "X-XSS-Protection: 0\r\n") < 0) + { + return -1; + } + return 0; +} +#endif diff --git a/src/worker-kkdcp.c b/src/worker-kkdcp.c index 817fe2f8..3563fc6e 100644 --- a/src/worker-kkdcp.c +++ b/src/worker-kkdcp.c @@ -273,6 +273,14 @@ int post_kkdcp_handler(worker_st *ws, unsigned http_ver) goto fail; } +#ifdef ADD_OWASP_HEADERS + ret = add_owasp_headers(ws); + if (ret < 0) { + goto fail; + } +#endif + + ret = cstp_puts(ws, "\r\n"); if (ret < 0) { goto fail; diff --git a/src/worker-vpn.c b/src/worker-vpn.c index e747768f..9a411657 100644 --- a/src/worker-vpn.c +++ b/src/worker-vpn.c @@ -1931,6 +1931,11 @@ static int connect_handler(worker_st * ws) ret = cstp_puts(ws, "HTTP/1.1 200 CONNECTED\r\n"); SEND_ERR(ret); +#ifdef ADD_OWASP_HEADERS + ret = add_owasp_headers(ws); + SEND_ERR(ret); +#endif + ret = cstp_puts(ws, "X-CSTP-Version: 1\r\n"); SEND_ERR(ret); diff --git a/src/worker.h b/src/worker.h index cf9443ff..2c5bba27 100644 --- a/src/worker.h +++ b/src/worker.h @@ -422,6 +422,10 @@ int parse_proxy_proto_header(struct worker_st *ws, int fd); void cookie_authenticate_or_exit(worker_st *ws); +#ifdef ADD_OWASP_HEADERS +int add_owasp_headers(worker_st * ws); +#endif + /* after that time (secs) of inactivity in the UDP part, connection switches to * TCP (if activity occurs there). */ From 065f51e6af6b1716bedc5a04a06de6cc8f7a5abb Mon Sep 17 00:00:00 2001 From: Russ Young Date: Tue, 20 Apr 2021 11:55:28 -0600 Subject: [PATCH 2/4] Added build flags and Test for OWASP headers --- configure.ac | 12 +++- src/worker-auth.c | 4 +- src/worker-http-handlers.c | 2 +- src/worker-http.c | 2 +- src/worker-kkdcp.c | 2 +- src/worker-vpn.c | 2 +- src/worker.h | 2 +- tests/Makefile.am | 3 + tests/test-owasp-headers | 115 +++++++++++++++++++++++++++++++++++++ 9 files changed, 136 insertions(+), 8 deletions(-) create mode 100644 tests/test-owasp-headers diff --git a/configure.ac b/configure.ac index b74dead6..a80ad471 100644 --- a/configure.ac +++ b/configure.ac @@ -669,7 +669,17 @@ fi AM_CONDITIONAL(ENABLE_OIDC_AUTH, test "x$enable_oidc_auth" = xyes) AM_CONDITIONAL(ENABLE_OIDC_AUTH_TESTS, test "x$enable_oidc_auth" = xyes) -AC_DEFINE([ADD_OWASP_HEADERS], 1, [Add OWASP default http headers to responses]) +AC_ARG_ENABLE([owasp-headers], + [AS_HELP_STRING([--enable-owasp-headers], + [whether to add owasp.org http security headers (default is no)])], + [enable_owasp_headers=$enableval], + [enable_owasp_headers=no] +) + +if test "x$enable_owasp_headers" = xyes; then + AC_DEFINE([ENABLE_OWASP_HEADERS], 1, [Add OWASP default http headers to responses]) +fi +AM_CONDITIONAL(ENABLE_OWASP_HEADERS_TESTS, test "x$enable_owasp_headers" = xyes) AC_CHECK_FILE(/proc/self/exe, AC_DEFINE([PROC_FS_SUPPORTED],[1], [procfs supported]), []) diff --git a/src/worker-auth.c b/src/worker-auth.c index 61413825..2fbc4d5b 100644 --- a/src/worker-auth.c +++ b/src/worker-auth.c @@ -438,7 +438,7 @@ int get_auth_handler2(worker_st * ws, unsigned http_ver, const char *pmsg, unsig goto cleanup; } -#ifdef ADD_OWASP_HEADERS +#ifdef ENABLE_OWASP_HEADERS ret = add_owasp_headers(ws); if (ret < 0) { ret = -1; @@ -1097,7 +1097,7 @@ int post_common_handler(worker_st * ws, unsigned http_ver, const char *imsg) if (ret < 0) goto fail; -#ifdef ADD_OWASP_HEADERS +#ifdef ENABLE_OWASP_HEADERS ret = add_owasp_headers(ws); if (ret < 0) diff --git a/src/worker-http-handlers.c b/src/worker-http-handlers.c index d5afff20..bf72d8fd 100644 --- a/src/worker-http-handlers.c +++ b/src/worker-http-handlers.c @@ -58,7 +58,7 @@ static int send_headers(worker_st *ws, unsigned http_ver, const char *content_ty cstp_printf(ws, "Content-Type: %s\r\n", content_type) < 0 || cstp_puts (ws, "X-Transcend-Version: 1\r\n") < 0 || cstp_printf(ws, "Content-Length: %u\r\n", content_length) < 0 || -#ifdef ADD_OWASP_HEADERS +#ifdef ENABLE_OWASP_HEADERS add_owasp_headers(ws) < 0 || #endif cstp_puts (ws, "\r\n") < 0) diff --git a/src/worker-http.c b/src/worker-http.c index b032cbf3..39d1bebf 100644 --- a/src/worker-http.c +++ b/src/worker-http.c @@ -863,7 +863,7 @@ void http_req_deinit(worker_st * ws) ws->req.body = NULL; } -#if defined(ADD_OWASP_HEADERS) +#ifdef ENABLE_OWASP_HEADERS /* add_owasp_headers: * @ws: an initialized worker structure * diff --git a/src/worker-kkdcp.c b/src/worker-kkdcp.c index 3563fc6e..ec50b429 100644 --- a/src/worker-kkdcp.c +++ b/src/worker-kkdcp.c @@ -273,7 +273,7 @@ int post_kkdcp_handler(worker_st *ws, unsigned http_ver) goto fail; } -#ifdef ADD_OWASP_HEADERS +#ifdef ENABLE_OWASP_HEADERS ret = add_owasp_headers(ws); if (ret < 0) { goto fail; diff --git a/src/worker-vpn.c b/src/worker-vpn.c index 9a411657..3574c5f3 100644 --- a/src/worker-vpn.c +++ b/src/worker-vpn.c @@ -1931,7 +1931,7 @@ static int connect_handler(worker_st * ws) ret = cstp_puts(ws, "HTTP/1.1 200 CONNECTED\r\n"); SEND_ERR(ret); -#ifdef ADD_OWASP_HEADERS +#ifdef ENABLE_OWASP_HEADERS ret = add_owasp_headers(ws); SEND_ERR(ret); #endif diff --git a/src/worker.h b/src/worker.h index 2c5bba27..e3660e6f 100644 --- a/src/worker.h +++ b/src/worker.h @@ -422,7 +422,7 @@ int parse_proxy_proto_header(struct worker_st *ws, int fd); void cookie_authenticate_or_exit(worker_st *ws); -#ifdef ADD_OWASP_HEADERS +#ifdef ENABLE_OWASP_HEADERS int add_owasp_headers(worker_st * ws); #endif diff --git a/tests/Makefile.am b/tests/Makefile.am index a419e2ad..e0c75329 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -180,6 +180,9 @@ check_PROGRAMS += gen_oidc_test_data dist_check_SCRIPTS += test-oidc endif +if ENABLE_OWASP_HEADERS_TESTS +dist_check_SCRIPTS += test-owasp-headers +endif dist_check_SCRIPTS += test-replay diff --git a/tests/test-owasp-headers b/tests/test-owasp-headers new file mode 100644 index 00000000..870fece4 --- /dev/null +++ b/tests/test-owasp-headers @@ -0,0 +1,115 @@ +#!/bin/bash +# +# Copyright (C) 2021 Microsoft Corporation +# +# This file is part of ocserv. +# +# ocserv is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at +# your option) any later version. +# +# ocserv is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +SERV="${SERV:-../src/ocserv}" +srcdir=${srcdir:-.} +NO_NEED_ROOT=1 + +. `dirname $0`/common.sh + +eval "${GETPORT}" + +echo "Testing ocserv owasp headers... " + +update_config test-user-cert.config +launch_simple_sr_server -d 1 -f -c ${CONFIG} +PID=$! + +wait_server $PID + +function CheckHeaders +{ + [[ "$1" =~ .*"Strict-Transport-Security".* ]] || fail $PID "Missing HTTP header (Strict-Transport-Security)" + [[ "$1" =~ .*"X-Frame-Options".* ]] || fail $PID "Missing HTTP header (X-Frame-Options)" + [[ "$1" =~ .*"X-Content-Type-Options".* ]] || fail $PID "Missing HTTP header (X-Content-Type-Options)" + [[ "$1" =~ .*"Content-Security-Policy".* ]] || fail $PID "Missing HTTP header (Content-Security-Policy)" + [[ "$1" =~ .*"X-Permitted-Cross-Domain-Policies".* ]] || fail $PID "Missing HTTP header (X-Permitted-Cross-Domain-Policies)" + [[ "$1" =~ .*"Referrer-Policy".* ]] || fail $PID "Missing HTTP header (Referrer-Policy)" + [[ "$1" =~ .*"Clear-Site-Data".* ]] || fail $PID "Missing HTTP header (Clear-Site-Data)" + [[ "$1" =~ .*"Cross-Origin-Embedder-Policy".* ]] || fail $PID "Missing HTTP header (Cross-Origin-Embedder-Policy)" + [[ "$1" =~ .*"Cross-Origin-Opener-Policy".* ]] || fail $PID "Missing HTTP header (Cross-Origin-Opener-Policy)" + [[ "$1" =~ .*"Cross-Origin-Resource-Policy".* ]] || fail $PID "Missing HTTP header (Cross-Origin-Resource-Policy)" + [[ "$1" =~ .*"X-XSS-Protection".* ]] || fail $PID "Missing HTTP header (X-XSS-Protection)" + + while IFS=':' read name value; do + case "$name" in + Strict-Transport-Security) + [[ "$value" =~ "max-age=31536000 ; includeSubDomains" ]] || fail $PID "Unexpected HTTP header value ($name: $value)";; + X-Frame-Options) + [[ "$value" =~ "deny" ]] || fail $PID "Unexpected HTTP header value ($name: $value)";; + X-Content-Type-Options) + [[ "$value" =~ "nosniff" ]] || fail $PID "Unexpected HTTP header value ($name: $value)";; + Content-Security-Policy) + [[ "$value" =~ "default-src 'none'" ]] || fail $PID "Unexpected HTTP header value ($name: $value)";; + X-Permitted-Cross-Domain-Policies) + [[ "$value" =~ "none" ]] || fail $PID "Unexpected HTTP header value ($name: $value)";; + Referrer-Policy) + [[ "$value" =~ "no-referrer" ]] || fail $PID "Unexpected HTTP header value ($name: $value)";; + Clear-Site-Data) + [[ "$value" =~ "\"cache\",\"cookies\",\"storage\"" ]] || fail $PID "Unexpected HTTP header value ($name: $value)";; + Cross-Origin-Embedder-Policy) + [[ "$value" =~ "require-corp" ]] || fail $PID "Unexpected HTTP header value ($name: $value)";; + Cross-Origin-Opener-Policy) + [[ "$value" =~ "same-origin" ]] || fail $PID "Unexpected HTTP header value ($name: $value)";; + Cross-Origin-Resource-Policy) + [[ "$value" =~ "same-origin" ]] || fail $PID "Unexpected HTTP header value ($name: $value)";; + X-XSS-Protection) + [[ "$value" =~ "0" ]] || fail $PID "Unexpected HTTP header value ($name: $value)";; + esac + done < <(echo "$1") +} + +echo -n "Testing / ... " +results=$(LD_PRELOAD=libsocket_wrapper.so curl -I -X GET -s https://$ADDRESS:$PORT/ --insecure) +CheckHeaders "$results" + +echo -n "Testing /auth ... " +results=$(LD_PRELOAD=libsocket_wrapper.so curl -I -X GET -s https://$ADDRESS:$PORT/auth --insecure) +CheckHeaders "$results" + +echo -n "Testing /VPN ... " +results=$(LD_PRELOAD=libsocket_wrapper.so curl -I -X GET -s https://$ADDRESS:$PORT/VPN --insecure) +CheckHeaders "$results" +echo "ok" + +echo -n "Testing /cert.pem ... " +results=$(LD_PRELOAD=libsocket_wrapper.so curl -I -X GET -s https://$ADDRESS:$PORT/cert.pem --insecure) +CheckHeaders "$results" +echo "ok" + +echo -n "Testing /cert.cer ... " +results=$(LD_PRELOAD=libsocket_wrapper.so curl -I -X GET -s https://$ADDRESS:$PORT/cert.cer --insecure) +CheckHeaders "$results" +echo "ok" + +echo -n "Testing /ca.pem ... " +results=$(LD_PRELOAD=libsocket_wrapper.so curl -I -X GET -s https://$ADDRESS:$PORT/ca.pem --insecure) +CheckHeaders "$results" +echo "ok" + +echo -n "Testing /ca.cer ... " +results=$(LD_PRELOAD=libsocket_wrapper.so curl -I -X GET -s https://$ADDRESS:$PORT/ca.cer --insecure) +CheckHeaders "$results" +echo "ok" + + +cleanup + +exit 0 From c4bc01766d2723a641f0bc9bd81815b6da472407 Mon Sep 17 00:00:00 2001 From: Russ Young Date: Wed, 12 May 2021 11:56:09 -0600 Subject: [PATCH 3/4] Removed conditional code for OWASP headers --- configure.ac | 12 ------------ src/worker-auth.c | 4 ---- src/worker-http-handlers.c | 2 -- src/worker-http.c | 4 +--- src/worker-kkdcp.c | 3 --- src/worker-vpn.c | 2 -- src/worker.h | 2 -- tests/Makefile.am | 2 -- 8 files changed, 1 insertion(+), 30 deletions(-) diff --git a/configure.ac b/configure.ac index a80ad471..f483b751 100644 --- a/configure.ac +++ b/configure.ac @@ -669,18 +669,6 @@ fi AM_CONDITIONAL(ENABLE_OIDC_AUTH, test "x$enable_oidc_auth" = xyes) AM_CONDITIONAL(ENABLE_OIDC_AUTH_TESTS, test "x$enable_oidc_auth" = xyes) -AC_ARG_ENABLE([owasp-headers], - [AS_HELP_STRING([--enable-owasp-headers], - [whether to add owasp.org http security headers (default is no)])], - [enable_owasp_headers=$enableval], - [enable_owasp_headers=no] -) - -if test "x$enable_owasp_headers" = xyes; then - AC_DEFINE([ENABLE_OWASP_HEADERS], 1, [Add OWASP default http headers to responses]) -fi -AM_CONDITIONAL(ENABLE_OWASP_HEADERS_TESTS, test "x$enable_owasp_headers" = xyes) - AC_CHECK_FILE(/proc/self/exe, AC_DEFINE([PROC_FS_SUPPORTED],[1], [procfs supported]), []) uid=$(id -u) diff --git a/src/worker-auth.c b/src/worker-auth.c index 2fbc4d5b..761c8813 100644 --- a/src/worker-auth.c +++ b/src/worker-auth.c @@ -438,13 +438,11 @@ int get_auth_handler2(worker_st * ws, unsigned http_ver, const char *pmsg, unsig goto cleanup; } -#ifdef ENABLE_OWASP_HEADERS ret = add_owasp_headers(ws); if (ret < 0) { ret = -1; goto cleanup; } -#endif ret = cstp_puts(ws, "\r\n"); if (ret < 0) { @@ -1097,12 +1095,10 @@ int post_common_handler(worker_st * ws, unsigned http_ver, const char *imsg) if (ret < 0) goto fail; -#ifdef ENABLE_OWASP_HEADERS ret = add_owasp_headers(ws); if (ret < 0) goto fail; -#endif #ifdef ANYCONNECT_CLIENT_COMPAT diff --git a/src/worker-http-handlers.c b/src/worker-http-handlers.c index bf72d8fd..4df5c2cd 100644 --- a/src/worker-http-handlers.c +++ b/src/worker-http-handlers.c @@ -58,9 +58,7 @@ static int send_headers(worker_st *ws, unsigned http_ver, const char *content_ty cstp_printf(ws, "Content-Type: %s\r\n", content_type) < 0 || cstp_puts (ws, "X-Transcend-Version: 1\r\n") < 0 || cstp_printf(ws, "Content-Length: %u\r\n", content_length) < 0 || -#ifdef ENABLE_OWASP_HEADERS add_owasp_headers(ws) < 0 || -#endif cstp_puts (ws, "\r\n") < 0) return -1; return 0; diff --git a/src/worker-http.c b/src/worker-http.c index 39d1bebf..adf00d5b 100644 --- a/src/worker-http.c +++ b/src/worker-http.c @@ -863,7 +863,6 @@ void http_req_deinit(worker_st * ws) ws->req.body = NULL; } -#ifdef ENABLE_OWASP_HEADERS /* add_owasp_headers: * @ws: an initialized worker structure * @@ -888,5 +887,4 @@ int add_owasp_headers(worker_st * ws) return -1; } return 0; -} -#endif +} \ No newline at end of file diff --git a/src/worker-kkdcp.c b/src/worker-kkdcp.c index ec50b429..2e126536 100644 --- a/src/worker-kkdcp.c +++ b/src/worker-kkdcp.c @@ -273,13 +273,10 @@ int post_kkdcp_handler(worker_st *ws, unsigned http_ver) goto fail; } -#ifdef ENABLE_OWASP_HEADERS ret = add_owasp_headers(ws); if (ret < 0) { goto fail; } -#endif - ret = cstp_puts(ws, "\r\n"); if (ret < 0) { diff --git a/src/worker-vpn.c b/src/worker-vpn.c index 3574c5f3..228174a5 100644 --- a/src/worker-vpn.c +++ b/src/worker-vpn.c @@ -1931,10 +1931,8 @@ static int connect_handler(worker_st * ws) ret = cstp_puts(ws, "HTTP/1.1 200 CONNECTED\r\n"); SEND_ERR(ret); -#ifdef ENABLE_OWASP_HEADERS ret = add_owasp_headers(ws); SEND_ERR(ret); -#endif ret = cstp_puts(ws, "X-CSTP-Version: 1\r\n"); SEND_ERR(ret); diff --git a/src/worker.h b/src/worker.h index e3660e6f..be94e415 100644 --- a/src/worker.h +++ b/src/worker.h @@ -422,9 +422,7 @@ int parse_proxy_proto_header(struct worker_st *ws, int fd); void cookie_authenticate_or_exit(worker_st *ws); -#ifdef ENABLE_OWASP_HEADERS int add_owasp_headers(worker_st * ws); -#endif /* after that time (secs) of inactivity in the UDP part, connection switches to * TCP (if activity occurs there). diff --git a/tests/Makefile.am b/tests/Makefile.am index e0c75329..8e86d6f1 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -180,9 +180,7 @@ check_PROGRAMS += gen_oidc_test_data dist_check_SCRIPTS += test-oidc endif -if ENABLE_OWASP_HEADERS_TESTS dist_check_SCRIPTS += test-owasp-headers -endif dist_check_SCRIPTS += test-replay From 1d5b699e49125dc6263101e080fec06213848862 Mon Sep 17 00:00:00 2001 From: Russ Young Date: Wed, 12 May 2021 13:27:35 -0600 Subject: [PATCH 4/4] Changed mode --- tests/test-owasp-headers | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 tests/test-owasp-headers diff --git a/tests/test-owasp-headers b/tests/test-owasp-headers old mode 100644 new mode 100755