From b97740b410efe2498ba5246b8f0a2b7c51cb4f7a Mon Sep 17 00:00:00 2001 From: ctflearner <98345027+ctflearner@users.noreply.github.com> Date: Thu, 2 Jan 2025 20:35:16 +0530 Subject: [PATCH] Update DetectWeakReferrerPolicy.bambda --- .../HTTP/DetectWeakReferrerPolicy.bambda | 35 ++++++++++++------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/Filter/Proxy/HTTP/DetectWeakReferrerPolicy.bambda b/Filter/Proxy/HTTP/DetectWeakReferrerPolicy.bambda index b9a1e9c..cc20052 100644 --- a/Filter/Proxy/HTTP/DetectWeakReferrerPolicy.bambda +++ b/Filter/Proxy/HTTP/DetectWeakReferrerPolicy.bambda @@ -8,17 +8,26 @@ **/ -return requestResponse.hasResponse() && ( - // No Referrer-Policy header - requestResponse.response().headers().stream() - .noneMatch(header -> header.name().equalsIgnoreCase("Referrer-Policy")) || - - // Check for potentially weak referrer policies - requestResponse.response().headers().stream() - .filter(header -> header.name().equalsIgnoreCase("Referrer-Policy")) - .anyMatch(header -> { - String value = header.value().toLowerCase().trim(); - return value.equals("no-referrer-when-downgrade") || - value.equals("unsafe-url"); - }) +if (!requestResponse.hasResponse()) { + return false; +} + +Optional referrerPolicyHeader = Optional.ofNullable( + requestResponse.response().header("Referrer-Policy") ); + +if (referrerPolicyHeader.isEmpty()) { + return true; +} + +String headerValue = referrerPolicyHeader.get().value().toLowerCase(Locale.US).trim(); + +// Check for weak referrer policies using a stream +boolean hasWeakPolicy = requestResponse.response().headers().stream() + .filter(header -> header.name().equalsIgnoreCase("Referrer-Policy")) + .anyMatch(header -> { + String value = header.value().toLowerCase(Locale.US).trim(); // Include Locale for toLowerCase() + return value.equals("no-referrer-when-downgrade") || value.equals("unsafe-url"); + }); + +return headerValue.equals("no-referrer-when-downgrade") || headerValue.equals("unsafe-url") || hasWeakPolicy;