OP Custom Tag - Unsecured Content v2

Overview

Version 1 of this script is limited in the type of content it searches for. Version 2 collects all requests made on the page, regardless of file type. Additionally, any request made without a secure connection is identified.

Under Variable Summary report in ObservePoint data, the account Unsecured Content 2 contains the relevant variables.

  • failed: Shows all the URLs and a status of failed. This means that the URL is not secured.
  • nonSecure_Requests.0-xx: Shows the pages that contain unsecured content.
  • nonSecure_Requests.length: Shows the number of unsecured items for each URL.

To capture the following details in an Audit or Journey, paste the snippet below into an Execute Action:

function opReqGetAsync(paramObject, acct, callback) {
    var baseURL = "https://opreq.observepoint.com/?acct=" + acct;
    var opReq = new XMLHttpRequest();
    opReq.onreadystatechange = function() {
        if (opReq.readyState == 4 && opReq.status == 200) {
            callback(opReq.responseText);
        }
    }
    opReq.open("POST", baseURL, true);
    opReq.send(JSON.stringify(paramObject));
}
function unsecureContentCheck() {
    var object = new Object(),
        page = location.href,
        allImgs = Object.keys(document.querySelectorAll('img[src]')).map(function(key) {
            return document.querySelectorAll('img[src]')[key]
        }),
        allLinks = Object.keys(document.querySelectorAll('a[href]')).map(function(key) {
            return document.querySelectorAll('a[href]')[key]
        }),
        allScripts = Object.keys(document.querySelectorAll('script[src]')).map(function(key) {
            return document.querySelectorAll('script[src]')[key]
        }),
        regEx = /^https/,
        regEx2 = /^(http:)+.+\.+(txt|cvs|ppt|pdf|doc|docx|xls|xlsx)$/,
        unsecureFiles = [],
        unsecureImgs = [],
        unsecureLinks = [],
        unsecureScripts = [];
    for (var i = allImgs.length - 1; i >= 0; i--) {
        if (allImgs[i].src.search(regEx) == -1) {
            unsecureImgs.push(allImgs[i].src)
        }
    };
    for (var i = allScripts.length - 1; i >= 0; i--) {
        if (allScripts[i].src.search(regEx) == -1) {
            unsecureScripts.push(allScripts[i].src)
        }
    };
    if (location.href.search("https://") == -1) {
        for (var i = allLinks.length - 1; i >= 0; i--) {
            if (allLinks[i].href.search(regEx) == -1) {
                unsecureLinks.push(allLinks[i].href)
            }
        };
        for (var i = allLinks.length - 1; i >= 0; i--) {
            if (allLinks[i].href.search(regEx2) == 0) {
                unsecureFiles.push(allLinks[i].href)
            }
        };
    }
    object.page = location.href;
    object.totalLinks = allLinks.length;
    object.totalImages = allImgs.length;
    unsecureLinks.length == 0 ? object.unsecureLinks = 'no unsecure links found' : object.unsecureLinks = unsecureLinks;
    unsecureImgs.length == 0 ? object.unsecureImages = 'no unsecure images found' : object.unsecureImages = unsecureImgs;
    unsecureFiles.length > 0 ? object.unsecureFiles = unsecureFiles : object.unsecureFiles = 'no unsecure files found';
    unsecureScripts.length > 0 ? object.unsecureScripts = unsecureScripts : object.unsecureScripts = 'no unsecure scripts found';
    opReqGetAsync(object, "Unsecured Content 2");
};
unsecureContentCheck();
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us

Related Articles