🎉 Advance DrHeader to evalute HSTS max-age #250:bug

manuel-sommer · manuel-sommer · commit 21bf6fd971f9 · 2022-06-24T06:50:33.000+02:00
diff --git a/drheader/validators/header_validator.py b/drheader/validators/header_validator.py
@@ -53,15 +53,31 @@ def validate_value(self, config, header, directive=None):
         header_value = self.headers[header]
         strip_chars = base.get_delimiter(config, 'strip') if header.lower() in _STRIP_HEADERS else None
         header_items = utils.parse_policy(header_value, item_delimiter=delimiter, strip=strip_chars)
-
         if config.get('preserve-order'):
             header_items = [item.lower() for item in header_items]
             expected_lower = [item.lower() for item in expected]
         else:
             header_items = {item.lower() for item in header_items}
             expected_lower = {item.lower() for item in expected}
-
-        if header_items != expected_lower:
+        if any("max-age" in item for item in header_items):
+            header_items_without_ma = []
+            for item in header_items:
+                if "max-age" not in item:
+                    header_items_without_ma.append(item)
+                else:
+                    header_items_ma = item.split("max-age=")[1]
+            expected_without_ma = []
+            for expect in expected:
+                if "max-age" not in expect:
+                    expected_without_ma.append(expect)
+                else:
+                    expected_ma = expect.split("max-age=")[1]
+            if header_items_without_ma != expected_without_ma or int(header_items_ma) < int(expected_ma):
+                severity = config.get('severity', 'high')
+                error_type = report.ErrorType.VALUE
+                return report.ReportItem(severity, error_type, header, value=header_value, expected=expected,
+                                     delimiter=delimiter)
+        if any("max-age" in item for item in header_items) == False and header_items != expected_lower:
             severity = config.get('severity', 'high')
             error_type = report.ErrorType.VALUE
             return report.ReportItem(severity, error_type, header, value=header_value, expected=expected,
