id: mixed-active-content

info:
  name: Mixed Active Content
  author: Liwermor
  severity: info
  description: |
    This check detects if there are any active content loaded over HTTP instead of HTTPS.
  reference:
    - https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content
    - https://portswigger.net/kb/issues/01000400_mixed-content
    - https://resources.infosecinstitute.com/topics/vulnerabilities/https-mixed-content-vulnerability/
    - https://docs.gitlab.com/ee/user/application_security/dast/checks/319.1.html
  impact: |
    Loading third-party scripts over HTTP can expose sensitive user data and lead to potential security vulnerabilities.
  tags: misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    host-redirects: true
    max-redirects: 3
    matchers-condition: or
    matchers:
      - type: regex
        part: body
        name: script
        regex:
          - "<script[^>]*src=['\"]http://[^'\">]+['\"]"

      - type: regex
        part: body
        name: iframe
        regex:
          - "<iframe[^>]*src=['\"]http://[^'\">]+['\"]"

      - type: regex
        part: body
        name: object
        regex:
          - "<object[^>]*data=['\"]http://[^'\">]+['\"]"

      - type: regex
        part: body
        name: link
        regex:
          - "<link[^>]*href=['\"]http://[^'\">]+['\"]"

    extractors:
      - type: regex
        group: 1
        part: body
        regex:
          - "<script[^>]*src=['\"](http[^s'\">][^'\">]*)['\"]"
          - "<iframe[^>]*src=['\"](http[^s'\">][^'\">]*)['\"]"
          - "<object[^>]*data=['\"](http[^s'\">][^'\">]*)['\"]"
          - "<link[^>]*href=['\"](http[^s'\">][^'\">]*)['\"]"
# digest: 490a004630440220292ccc1cb89b04969ac49647288cd72144d6ca403dbb83763a4990272a69ea09022024c35afea9c6604092f10750aca67082c004977ef8019f95a68ed33a4b31a6dd:922c64590222798bb761d5b6d8e72950