forked from voorhoede/lighthouse-security
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig.js
106 lines (102 loc) · 3.41 KB
/
config.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
'use strict';
const path = require('path');
const lighthouseDir = path.dirname(require.resolve('lighthouse'));
const dirs = {
audits: path.join(__dirname, 'audits'),
gatherers: path.join(__dirname, 'gather', 'gatherers'),
lighthouseAudits: path.join(lighthouseDir, 'audits'),
lighthouseGatherers: path.join(lighthouseDir, 'gather', 'gatherers'),
};
const addDirFiles = (dirname, basenames) => basenames.map(basename => path.join(dirname, basename));
module.exports = {
// Add gatherer to the default Lighthouse load ('pass') of the page.
passes: [{
passName: 'defaultPass',
gatherers: [
...addDirFiles(dirs.gatherers, [
'csp-meta',
'generator-meta',
'response-headers',
]),
...addDirFiles(dirs.lighthouseGatherers, [
'dobetterweb/anchors-with-no-rel-noopener',
'dobetterweb/password-inputs-with-prevented-paste',
'http-redirect',
'url',
])
]
}],
// Add custom audit to the list of audits 'lighthouse:default' will run.
audits: [
...addDirFiles(dirs.audits, [
'csp',
'cookie-httponly',
'cookie-secure',
'cookie-samesite',
'generator-meta',
'manual-ssl-grade',
'server-header',
'strict-transport-security',
'x-frame-options-header',
'x-generator-header',
'xss-protection-header',
]),
...addDirFiles(dirs.lighthouseAudits, [
'dobetterweb/external-anchors-use-rel-noopener',
'dobetterweb/password-inputs-can-be-pasted-into',
'is-on-https',
'redirects-http',
])
],
groups: {
'secure-connection': {
title: 'Secure connection',
description: ''
},
'secure-cookies': {
title: 'Secure cookies',
description: ''
},
'secure-content': {
title: 'Secure content',
description: ''
},
'secure-ux': {
title: 'Secure UX',
description: ''
},
'fingerprinting': {
title: 'Fingerprinting',
description: ''
},
'manual-security-checks': {
title: 'Manual checks to verify',
description: ''
},
},
// Add custom sections to the default report.
categories: {
security: {
name: 'Security',
description: 'Scores for some of the best practices for web security',
audits: [
// When we add more custom audits, `weight` controls how they're averaged together.
{group: 'secure-connection', id: 'is-on-https', weight: 1},
{group: 'secure-connection', id: 'redirects-http', weight: 1},
{group: 'secure-connection', id: 'strict-transport-security', weight: 1},
{group: 'secure-cookies', id: 'cookie-secure', weight: 1},
{group: 'secure-cookies', id: 'cookie-httponly', weight: 1},
{group: 'secure-cookies', id: 'cookie-samesite', weight: 1},
{group: 'secure-content', id: 'csp', weight: 1},
{group: 'secure-content', id: 'xss-headers', weight: 1},
{group: 'secure-ux', id: 'x-frame-options-header', weight: 1},
{group: 'secure-ux', id: 'external-anchors-use-rel-noopener', weight: 1},
{group: 'secure-ux', id: 'password-inputs-can-be-pasted-into', weight: 1},
{group: 'fingerprinting', id: 'server-header', weight: 0},
{group: 'fingerprinting', id: 'x-generator-header', weight: 0},
{group: 'fingerprinting', id: 'generator-meta', weight: 0},
{group: 'manual-security-checks', id: 'maual-ssl-grade', weight: 0},
]
}
}
};