[ #584] Remove ExpectCt Header scanning

nabla-c0d3 · Feb 24, 2024 · 5ad5ff8 · 5ad5ff8
1 parent 410ac01
commit 5ad5ff8
Show file tree

Hide file tree

Showing 4 changed files with 1 addition and 27 deletions.
diff --git a/json_output_schema.json b/json_output_schema.json
@@ -538,7 +538,7 @@
       "type": "object"
     },
     "HttpHeadersScanResultAsJson": {
-      "description": "The result of testing a server for the presence of security-related HTTP headers.\n\nEach HTTP header described below will be ``None`` if the server did not return a valid HTTP response, or if the\nserver returned an HTTP response without the HTTP header.\n\nAttributes:\n    http_request_sent: The initial HTTP request sent to the server by SSLyze.\n    http_error_trace: An error the server returned after receiving the initial HTTP request. If this field is set,\n        all the subsequent fields will be ``None`` as SSLyze did not receive a valid HTTP response from the server.\n    http_path_redirected_to: The path SSLyze was eventually redirected to after sending the initial HTTP request.\n    strict_transport_security_header: The Strict-Transport-Security header returned by the server.\n    expect_ct_header: DEPRECATED - will always be ``None``. This is because the Expect-CT header has officially\n        been deprecated.",
+      "description": "The result of testing a server for the presence of security-related HTTP headers.\n\nEach HTTP header described below will be ``None`` if the server did not return a valid HTTP response, or if the\nserver returned an HTTP response without the HTTP header.\n\nAttributes:\n    http_request_sent: The initial HTTP request sent to the server by SSLyze.\n    http_error_trace: An error the server returned after receiving the initial HTTP request. If this field is set,\n        all the subsequent fields will be ``None`` as SSLyze did not receive a valid HTTP response from the server.\n    http_path_redirected_to: The path SSLyze was eventually redirected to after sending the initial HTTP request.\n    strict_transport_security_header: The Strict-Transport-Security header returned by the server.",
       "properties": {
         "http_request_sent": {
           "title": "Http Request Sent",
@@ -575,11 +575,6 @@
               "type": "null"
             }
           ]
-        },
-        "expect_ct_header": {
-          "default": null,
-          "title": "Expect Ct Header",
-          "type": "null"
         }
       },
       "required": [

diff --git a/sslyze/__init__.py b/sslyze/__init__.py
@@ -77,7 +77,6 @@
 from sslyze.plugins.http_headers_plugin import (
     HttpHeadersScanResult,
     StrictTransportSecurityHeader,
-    ExpectCtHeader,
 )
 
 

diff --git a/sslyze/plugins/http_headers_plugin.py b/sslyze/plugins/http_headers_plugin.py
@@ -29,21 +29,6 @@
 _logger = logging.getLogger(__name__)
 
 
-@dataclass(frozen=True)
-class ExpectCtHeader:
-    """An Expect-CT header parsed from a server's HTTP response.
-
-    Attributes:
-        max-age: The content of the max-age field.
-        report-uri: The content of report-uri field.
-        enforce: True if enforce directive is set.
-    """
-
-    max_age: Optional[int]
-    report_uri: Optional[str]
-    enforce: bool
-
-
 @dataclass(frozen=True)
 class StrictTransportSecurityHeader:
     """A Strict-Transport-Security header parsed from a server's HTTP response.
@@ -72,16 +57,13 @@ class HttpHeadersScanResult(ScanCommandResult):
             all the subsequent fields will be ``None`` as SSLyze did not receive a valid HTTP response from the server.
         http_path_redirected_to: The path SSLyze was eventually redirected to after sending the initial HTTP request.
         strict_transport_security_header: The Strict-Transport-Security header returned by the server.
-        expect_ct_header: DEPRECATED - will always be ``None``. This is because the Expect-CT header has officially
-            been deprecated.
     """
 
     http_request_sent: str
     http_error_trace: Optional[TracebackException]
 
     http_path_redirected_to: Optional[str]
     strict_transport_security_header: Optional[StrictTransportSecurityHeader]
-    expect_ct_header: None = None  # TODO(6.0.0): Remove as this is a deprecated field
 
 
 class _StrictTransportSecurityHeaderAsJson(BaseModel):
@@ -100,7 +82,6 @@ class HttpHeadersScanResultAsJson(BaseModelWithOrmMode):
 
     http_path_redirected_to: Optional[str]
     strict_transport_security_header: Optional[_StrictTransportSecurityHeaderAsJson]
-    expect_ct_header: None = None  # TODO(6.0.0): Remove as this is a deprecated field
 
     @model_validator(mode="before")
     @classmethod

diff --git a/tests/plugins_tests/test_http_headers_plugin.py b/tests/plugins_tests/test_http_headers_plugin.py
@@ -55,7 +55,6 @@ def test_all_headers_disabled(self) -> None:
         assert result.http_request_sent
         assert result.http_path_redirected_to
         assert not result.strict_transport_security_header
-        assert not result.expect_ct_header
 
         # And a CLI output can be generated
         assert HttpHeadersImplementation.cli_connector_cls.result_to_console_output(result)