How to use the lighthouse.Audit function in lighthouse

To help you get started, we’ve selected a few lighthouse examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github GoogleChrome / lighthouse / docs / recipes / lighthouse-plugin-example / audits / preload-as.js View on Github external
/**
 * @license Copyright 2019 Google Inc. All Rights Reserved.
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
 * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
 */
'use strict';

const Audit = require('lighthouse').Audit;

/**
 * @fileoverview A fake additional check of the robots.txt file.
 */

// https://fetch.spec.whatwg.org/#concept-request-destination
const allowedTypes = new Set(['font', 'image', 'script', 'serviceworker', 'style', 'worker']);

class PreloadAsAudit extends Audit {
  static get meta() {
    return {
      id: 'preload-as',
      title: 'Preloaded requests have proper `as` attributes',
      failureTitle: 'Some preloaded requests do not have proper `as` attributes',
      description: '`` tags need an `as` attribute to specify the type of ' +
          'content being loaded.',
github voorhoede / lighthouse-security / audits / cookie-samesite.js View on Github external
'use strict';
const Audit = require('lighthouse').Audit;
const parseHeader = require('../lib/parse-header');

// see https://tools.ietf.org/html/draft-west-first-party-cookies-06#section-4
class SameSiteCookieAudit extends Audit {
  static get meta() {
    return {
      category: 'Security',
      name: 'cookie-samesite',
      description: 'Cookies are SameSite',
      failureDescription: 'Cookies are not SameSite',
      helpText: 'SameSite prevents the browser from sending the cookie along ' +
                'with cross-site requests. which provides some protection ' +
                'against cross-site request forgery attacks (CSRF). ' +
                '[Learn more](https://www.owasp.org/index.php/SameSite)',
      requiredArtifacts: ['ResponseHeaders']
    };
github voorhoede / lighthouse-security / audits / csp-meta.js View on Github external
'use strict';

const Audit = require('lighthouse').Audit;

class CspMetaAudit extends Audit {
  static get meta() {
    return {
      category: 'PageSecurity',
      name: 'csp-meta-audit',
      description: 'CSP meta tag is set',
      helpText: 'For more information visit https://developers.google.com/web/fundamentals/security/csp/',
      requiredArtifacts: ['CspMetaGatherer']
    };
  }

  static audit(artifacts) {
    const cspMetaTags = artifacts.CspMetaGatherer;
    const hasCspMetaTags = cspMetaTags.length > 0;
github voorhoede / lighthouse-security / audits / x-frame-options-header.js View on Github external
'use strict';
const Audit = require('lighthouse').Audit;
const validUrl = require('valid-url');

/**
 * A valid X-Frame-Header option is `DENY`, `SAMEORIGIN` or `ALLOW :url`.
 * The value is case-insenstive and can optionally have trailing whitespaces and a trailing semicolon.
 * See https://tools.ietf.org/html/rfc7034#section-2.1
 *
 * @param {string} [value]
 * @returns {boolean}
 */
const isValidOption = value => {
  if (!(typeof value === 'string')) {
    return false;
  }
  value = value.toUpperCase();
  return /DENY *;?/i.test(value) ||
github voorhoede / lighthouse-security / audits / xss-protection-header.js View on Github external
'use strict';
const Audit = require('lighthouse').Audit;

class XssAudit extends Audit {
  static get meta() {
    return {
      category: 'Security',
      name: 'xss-headers',
      description: 'X-XSS-Protection header is set',
      failureDescription: 'X-XSS-Protection header is missing',
      helpText: 'The HTTP `X-XSS-Protection` response header stops pages from loading ' +
                'when they detect reflected cross-site scripting (XSS) attacks. ' +
                '[Learn more](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection).',
      requiredArtifacts: ['ResponseHeaders']
    };
  }

  static audit(artifacts) {
github voorhoede / lighthouse-security / audits / csp.js View on Github external
'use strict';
const Audit = require('lighthouse').Audit;

class CspAudit extends Audit {
  static get meta() {
    return {
      category: 'Security',
      name: 'csp',
      description: 'Has a Content Security Policy (CSP)',
      failureDescription: 'Is missing Content Security Policy (CSP)',
      helpText: 'A Content Security Policy helps prevent cross-site scripting (XSS), ' +
                'clickjacking and other code injection by whitelisting trusted resources. ' +
                '[Learn more](https://developers.google.com/web/fundamentals/security/csp/)',
      requiredArtifacts: ['CspMetaGatherer', 'ResponseHeaders']
    };
  }

  static audit(artifacts) {
github voorhoede / lighthouse-security / audits / x-generator-header.js View on Github external
'use strict';

const Audit = require('lighthouse').Audit;

class XgeneratorHeaderAudit extends Audit {
  static get meta() {
    return {
      category: 'Security',
      name: 'x-generator-header',
      description: 'Page has no `X-Generator` header',
      failureDescription: 'Page has `X-Generator` header set to',
      helpText: 'Make sure to remove the X-Generator header to prevent ' +
          'web framework fingerprinting. The header exposes known vulnerabilities ' +
          'in unpatched versions as well as specific misconfigurations in the ' +
          'framework and known file structures. ' +
          '[Learn more](https://goo.gl/XhsuhC).',
      requiredArtifacts: ['ResponseHeaders']
    };
  }
github voorhoede / lighthouse-security / audits / server-header.js View on Github external
'use strict';
const Audit = require('lighthouse').Audit;

class ServerHeaderAudit extends Audit {
  static get meta() {
    return {
      category: 'Security',
      name: 'server-header',
      description: 'Page has no `Server` header',
      failureDescription: 'Page has `Server` header set to',
      helpText: 'Make sure to remove the Server header to prevent ' +
          'web server fingerprinting. The header exposes known vulnerabilities ' +
          'in unpatched versions as well as specific misconfigurations of the ' +
          'server. [Learn more](https://goo.gl/RjBJHw).',
      requiredArtifacts: ['ResponseHeaders']
    };
  }
github voorhoede / lighthouse-security / audits / cookie-secure.js View on Github external
'use strict';
const Audit = require('lighthouse').Audit;
const parseHeader = require('../lib/parse-header');

class SecureCookiesAudit extends Audit {
  static get meta() {
    return {
      category: 'Security',
      name: 'cookie-secure',
      description: 'Cookies are Secure',
      failureDescription: 'Cookies are not Secure',
      helpText: 'Using the Secure flag ensures a cookie can only be transmitted ' +
                'over an encrypted connection and not over the insecure HTTP. ' +
                '[Learn more](https://www.owasp.org/index.php/SecureFlag)',
      requiredArtifacts: ['ResponseHeaders']
    };
  }
github voorhoede / lighthouse-security / audits / cookie-httponly.js View on Github external
'use strict';
const Audit = require('lighthouse').Audit;
const parseHeader = require('../lib/parse-header');

class CookieHttpOnlyAudit extends Audit {
  static get meta() {
    return {
      category: 'Security',
      name: 'cookie-httponly',
      description: 'Cookies are HttpOnly',
      failureDescription: 'Cookies are not HttpOnly',
      helpText: 'Using the HttpOnly flag when generating a cookie helps mitigate ' +
          'the risk of client side script accessing the protected cookie. ' +
          '[Learn more](https://www.owasp.org/index.php/HttpOnly)',
      requiredArtifacts: ['ResponseHeaders']
    };
  }