Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2026-06-23 08:47:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add HSTS preload list check via the hstspreload.org API (#1248)

Browse Source 
Revives and rebases #1809 by @tosticated (Jim Blankendaal) onto 3.3dev. When --phone-out is set, run_hsts now queries https://hstspreload.org/api/v2/status and reports whether the domain is on the browser HSTS preload list (preloaded/pending/rejected/unknown), cross-referenced with the served header, the same-domain check and the bulk flag.

Addresses the review comments on #1809: the API-response matching uses native bash string matching instead of forking grep, the JSON quoting is handled inside check_hsts_preloadlist_match() so callers pass plain values, and the value arrays use 'local -a'. The output decision table is kept as-is (per maintainer feedback). Adds t/53_hsts_preload.t. Original design and decision table by @tosticated.
This commit is contained in:
potato-20
2026-06-11 16:30:45 +05:30
parent 826449115c
commit 57fc5850d1
5 changed files with 186 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CREDITS.md
+1
View File
@@ -55,6 +55,7 @@ Full contribution, see git log.
- maximum certificate lifespan of 398 days
- ssl renegotiation amount variable
- custom http request headers
- HSTS preload list lookup
* Frank Breedijk
- Detection of insecure redirects