Merge pull request #8079 from Lucky-Pulse/sri-missing

Added check for <script> subresource integrity via integrity attribute

http/misconfiguration/missing-sri.yaml

@@ -0,0 +1,38 @@
+id: missing-sri
+info:
+  name: Missing Subresource Integrity
+  author: lucky0x0d,PulseSecurity.co.nz
+  severity: info
+  description: |
+     Checks if script tags within the HTML response have Subresource Integrity implemented via the integrity attribute
+  reference:
+    - https://cheatsheetseries.owasp.org/cheatsheets/Third_Party_Javascript_Management_Cheat_Sheet.html#subresource-integrity
+  metadata:
+    max-request: 1
+  tags: compliance,js,sri,misconfig
+
+http:
+  - raw:
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+
+    redirects: true
+    max-redirects: 5
+    matchers-condition: and
+    matchers:
+      - type: xpath
+        part: body
+        xpath:
+          - "//script[contains(@src,'//') and not(contains(translate(@integrity,'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz'),'^sha'))]"
+
+      - type: word
+        words:
+          - "text/html"
+        part: header
+
+    extractors:
+      - type: xpath
+        attribute: src
+        xpath:
+          - "//script[contains(@src,'//') and not(contains(translate(@integrity,'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz'),'^sha'))]"