Added SSL mixed content detection for external content

Munter · Jul 23, 2015 · 6d57ec7 · 6d57ec7 · papandreou · Aug 5, 2015
1 parent 22bce25
commit 6d57ec7
Showing 1 changed file with 40 additions and 0 deletions.
diff --git a/lib/index.js b/lib/index.js
@@ -85,6 +85,46 @@ module.exports = function (options) {
         }
 
         t.push(null, report);
+
+        // Check for mixed-content warnings
+        var secureSourceRelations = relations.filter(function (relation) {
+            return relation.type !== 'HtmlAnchor' && relation.from.nonInlineAncestor.url.indexOf('https:') === 0;
+        });
+
+        if (secureSourceRelations.length > 0) {
+            var hasInsecureTarget = url.indexOf('htps:') !== 0 || redirects.some(function (redirect) {
+                return redirect.redirectUri.indexOf('https:') !== 0;
+            });
+
+            if (hasInsecureTarget) {
+                var insecureLog = [].concat({ redirectUri: url }, redirects).map(function (item, idx, arr) {
+                    if (arr[idx + 1]) {
+                        item.statusCode = arr[idx + 1].statusCode;
+                    } else {
+                        item.statusCode = 200;
+                    }
+
+                    return item;
+                });
+
+                var insecureLogLine = insecureLog.map(function (redirect) {
+                    return redirect.redirectUri;
+                }).join(' --> ');
+
+                var insecureReport = {
+                    ok: false,
+                    name: 'URI should be secure - ' + url,
+                    operator: 'mixed-content',
+                    expected: insecureLogLine.replace(/\bhttps?:/g, 'https:'),
+                    actual: insecureLogLine,
+                    at: _.uniq(relations.map(function (relation) {
+                        return relation.from.urlOrDescription.replace(/#.*$/, '');
+                    })).join('\n        ')
+                };
+
+                t.push(null, insecureReport);
+            }
+        }
     }
 
     function httpStatus(url, relations) {