GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

Removed conditional code for OWASP headers

Browse Source
This commit is contained in:
Russ Young
2021-05-12 11:56:09 -06:00
parent 065f51e6af
commit c4bc01766d
8 changed files with 1 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
configure.ac
View File

@@ -669,18 +669,6 @@ fi
AM_CONDITIONAL(ENABLE_OIDC_AUTH, test "x$enable_oidc_auth" = xyes) AM_CONDITIONAL(ENABLE_OIDC_AUTH, test "x$enable_oidc_auth" = xyes)
AM_CONDITIONAL(ENABLE_OIDC_AUTH_TESTS, test "x$enable_oidc_auth" = xyes) AM_CONDITIONAL(ENABLE_OIDC_AUTH_TESTS, test "x$enable_oidc_auth" = xyes)
AC_ARG_ENABLE([owasp-headers],
[AS_HELP_STRING([--enable-owasp-headers],
[whether to add owasp.org http security headers (default is no)])],
[enable_owasp_headers=$enableval],
[enable_owasp_headers=no]
)
if test "x$enable_owasp_headers" = xyes; then
AC_DEFINE([ENABLE_OWASP_HEADERS], 1, [Add OWASP default http headers to responses])
fi
AM_CONDITIONAL(ENABLE_OWASP_HEADERS_TESTS, test "x$enable_owasp_headers" = xyes)
AC_CHECK_FILE(/proc/self/exe, AC_DEFINE([PROC_FS_SUPPORTED],[1], [procfs supported]), []) AC_CHECK_FILE(/proc/self/exe, AC_DEFINE([PROC_FS_SUPPORTED],[1], [procfs supported]), [])
uid=$(id -u) uid=$(id -u)

4
src/worker-auth.c
View File

@@ -438,13 +438,11 @@ int get_auth_handler2(worker_st * ws, unsigned http_ver, const char *pmsg, unsig
goto cleanup; goto cleanup;
} }
#ifdef ENABLE_OWASP_HEADERS
ret = add_owasp_headers(ws); ret = add_owasp_headers(ws);
if (ret < 0) { if (ret < 0) {
ret = -1; ret = -1;
goto cleanup; goto cleanup;
} }
#endif
ret = cstp_puts(ws, "\r\n"); ret = cstp_puts(ws, "\r\n");
if (ret < 0) { if (ret < 0) {
@@ -1097,12 +1095,10 @@ int post_common_handler(worker_st * ws, unsigned http_ver, const char *imsg)
if (ret < 0) if (ret < 0)
goto fail; goto fail;
#ifdef ENABLE_OWASP_HEADERS
ret = ret =
add_owasp_headers(ws); add_owasp_headers(ws);
if (ret < 0) if (ret < 0)
goto fail; goto fail;
#endif
#ifdef ANYCONNECT_CLIENT_COMPAT #ifdef ANYCONNECT_CLIENT_COMPAT

2
src/worker-http-handlers.c
View File

@@ -58,9 +58,7 @@ static int send_headers(worker_st *ws, unsigned http_ver, const char *content_ty
cstp_printf(ws, "Content-Type: %s\r\n", content_type) < 0 || cstp_printf(ws, "Content-Type: %s\r\n", content_type) < 0 ||
cstp_puts (ws, "X-Transcend-Version: 1\r\n") < 0 || cstp_puts (ws, "X-Transcend-Version: 1\r\n") < 0 ||
cstp_printf(ws, "Content-Length: %u\r\n", content_length) < 0 || cstp_printf(ws, "Content-Length: %u\r\n", content_length) < 0 ||
#ifdef ENABLE_OWASP_HEADERS
add_owasp_headers(ws) < 0 || add_owasp_headers(ws) < 0 ||
#endif
cstp_puts (ws, "\r\n") < 0) cstp_puts (ws, "\r\n") < 0)
return -1; return -1;
return 0; return 0;

4
src/worker-http.c
View File

@@ -863,7 +863,6 @@ void http_req_deinit(worker_st * ws)
ws->req.body = NULL; ws->req.body = NULL;
} }
#ifdef ENABLE_OWASP_HEADERS
/* add_owasp_headers: /* add_owasp_headers:
* @ws: an initialized worker structure * @ws: an initialized worker structure
* *
@@ -888,5 +887,4 @@ int add_owasp_headers(worker_st * ws)
return -1; return -1;
} }
return 0; return 0;
} }
#endif

3
src/worker-kkdcp.c
View File

@@ -273,13 +273,10 @@ int post_kkdcp_handler(worker_st *ws, unsigned http_ver)
goto fail; goto fail;
} }
#ifdef ENABLE_OWASP_HEADERS
ret = add_owasp_headers(ws); ret = add_owasp_headers(ws);
if (ret < 0) { if (ret < 0) {
goto fail; goto fail;
} }
#endif
ret = cstp_puts(ws, "\r\n"); ret = cstp_puts(ws, "\r\n");
if (ret < 0) { if (ret < 0) {

2
src/worker-vpn.c
View File

@@ -1931,10 +1931,8 @@ static int connect_handler(worker_st * ws)
ret = cstp_puts(ws, "HTTP/1.1 200 CONNECTED\r\n"); ret = cstp_puts(ws, "HTTP/1.1 200 CONNECTED\r\n");
SEND_ERR(ret); SEND_ERR(ret);
#ifdef ENABLE_OWASP_HEADERS
ret = add_owasp_headers(ws); ret = add_owasp_headers(ws);
SEND_ERR(ret); SEND_ERR(ret);
#endif
ret = cstp_puts(ws, "X-CSTP-Version: 1\r\n"); ret = cstp_puts(ws, "X-CSTP-Version: 1\r\n");
SEND_ERR(ret); SEND_ERR(ret);

2
src/worker.h
View File

@@ -422,9 +422,7 @@ int parse_proxy_proto_header(struct worker_st *ws, int fd);
void cookie_authenticate_or_exit(worker_st *ws); void cookie_authenticate_or_exit(worker_st *ws);
#ifdef ENABLE_OWASP_HEADERS
int add_owasp_headers(worker_st * ws); int add_owasp_headers(worker_st * ws);
#endif
/* after that time (secs) of inactivity in the UDP part, connection switches to /* after that time (secs) of inactivity in the UDP part, connection switches to
* TCP (if activity occurs there). * TCP (if activity occurs there).

2
tests/Makefile.am
View File

@@ -180,9 +180,7 @@ check_PROGRAMS += gen_oidc_test_data
dist_check_SCRIPTS += test-oidc dist_check_SCRIPTS += test-oidc
endif endif
if ENABLE_OWASP_HEADERS_TESTS
dist_check_SCRIPTS += test-owasp-headers dist_check_SCRIPTS += test-owasp-headers
endif
dist_check_SCRIPTS += test-replay dist_check_SCRIPTS += test-replay