From dfbd3dd3dada37b854cf16df12a84c242488e032 Mon Sep 17 00:00:00 2001
From: idealphase <mynameisphase@gmail.com>
Date: Mon, 29 Apr 2024 16:23:33 +0700
Subject: [PATCH] Update https-to-http-redirect.yaml

added HTTP status code 303, 306, 308 that can be redirected as well.
---
 http/misconfiguration/https-to-http-redirect.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/http/misconfiguration/https-to-http-redirect.yaml b/http/misconfiguration/https-to-http-redirect.yaml
index b32e2d48b7..ec60c5c28b 100644
--- a/http/misconfiguration/https-to-http-redirect.yaml
+++ b/http/misconfiguration/https-to-http-redirect.yaml
@@ -2,7 +2,7 @@ id: https-to-http-redirect
 
 info:
   name: HTTPS to HTTP redirect Misconfiguration
-  author: kazet
+  author: kazet, idealphase
   severity: info
   description: |
     Detects whether there is a redirect from https:// to http://
@@ -21,6 +21,6 @@ http:
         dsl:
           - 'startswith(tolower(location), "http://")'
           - 'startswith(tostring(BaseURL), "https://")'
-          - '(status_code == 301 || status_code == 302 || status_code == 307)'
+          - '(status_code == 301 || status_code == 302 || status_code == 303 || status_code == 306 || status_code == 307 || status_code == 308)'
         condition: and
-# digest: 4a0a0047304502206212deffff885bc2abd110b7921124764815e61844a28cf278f271f6d9753151022100861fee57cff6e033d3b77a48aa8a88595f5d7ea267d502b1aadf739e417f6608:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100efb999299d91727307015418aa6194270d37d3aec81b3357ac608f26e25b304a0220034415e5f53862e08c79733a9b20cc2f86959c7344e8d9c97d533260b086aa95:32bd8904a85baa2268cd2e24368f3b1a