gixy v0.1.21 releases: Nginx configuration static analyzer

by do son · Published October 13, 2018 · Updated November 4, 2024

1Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection.

Currently supported Python versions are 2.7 and 3.5+.

Right now Gixy can find:

Changelog v0.1.21

Freeze pyparsing version. Thnx @Darthfett and @JavaScriptDude

Installation

pip install gixy

Usage

By default, Gixy will try to analyze Nginx configuration placed in /etc/nginx/nginx.conf.

But you can always specify the needed path:

$ gixy /etc/nginx/nginx.conf

==================== Results ===================

Problem: [http_splitting] Possible HTTP-Splitting vulnerability.
Description: Using variables that can contain "\n" may lead to http injection.
Additional info: https://github.com/yandex/gixy/blob/master/docs/ru/plugins/httpsplitting.md
Reason: At least variable "$action" can contain "\n"
Pseudo config:
include /etc/nginx/sites/default.conf;

	server {

		location ~ /v1/((?<action>[^.]*)\.json)?$ {
			add_header X-Action $action;
		}
	}


==================== Summary ===================
Total issues:
    Unspecified: 0
    Low: 0
    Medium: 0
    High: 1

Source: https://github.com/yandex/

gixy v0.1.21 releases: Nginx configuration static analyzer

Search

Brilliantly

Content & Links