Merge pull request #218 from righettod/master

Add stats tab (further work).

Author: riramar

.github/workflows/tab-stats-headers-generate-related-files.yml

@@ -1,9 +1,13 @@
 name: update_tab_stats_related_files
 on:
   workflow_dispatch:
-  push:
   schedule:
-    - cron: '0 0 3 * *'
+    - cron: '0 0 3 * *'  
+  push:
+    paths:
+      - 'ci/tab_stats_generate_md_file.py'     
+      - 'ci/tab_stats_generate_png_files.sh'     
+      - 'ci/tab_stats_manage_generation.sh'         
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -19,7 +23,7 @@ jobs:
       run: |
         python -m pip install --upgrade pip
         if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
-        sudo apt install wget
+        sudo apt install -y wget dos2unix
     - name: Run update of the tab related files
       run: |
         cd ci; bash tab_stats_manage_generation.sh

README.md

@@ -3,9 +3,16 @@
 ![OSHP Logo](assets/images/oshp_logo.png)
 
 [![OWASP Production](https://img.shields.io/badge/owasp-production%20project-800080.svg)](https://www.owasp.org/projects)
+
 [![External Links Validity Check](https://github.com/OWASP/www-project-secure-headers/actions/workflows/check-external-links.yml/badge.svg?branch=master)](https://github.com/OWASP/www-project-secure-headers/actions/workflows/check-external-links.yml)
+
 [![Update headers reference JSON files](https://github.com/OWASP/www-project-secure-headers/actions/workflows/headers-generate-json-files.yml/badge.svg?branch=master)](https://github.com/OWASP/www-project-secure-headers/actions/workflows/headers-generate-json-files.yml)
-[![Update monitoring technical references dashboard](https://github.com/OWASP/www-project-secure-headers/actions/workflows/monitoring-technical-references-generate-dashboard.yml/badge.svg?branch=master)](https://github.com/OWASP/www-project-secure-headers/actions/workflows/monitoring-technical-references-generate-dashboard.yml) [![Perform_monitoring_oshp_site_references](https://github.com/OWASP/www-project-secure-headers/actions/workflows/monitoring-oshp-site-references.yml/badge.svg?branch=master)](https://github.com/OWASP/www-project-secure-headers/actions/workflows/monitoring-oshp-site-references.yml)
+
+[![Update monitoring technical references dashboard](https://github.com/OWASP/www-project-secure-headers/actions/workflows/monitoring-technical-references-generate-dashboard.yml/badge.svg?branch=master)](https://github.com/OWASP/www-project-secure-headers/actions/workflows/monitoring-technical-references-generate-dashboard.yml)
+
+[![Perform_monitoring_oshp_site_references](https://github.com/OWASP/www-project-secure-headers/actions/workflows/monitoring-oshp-site-references.yml/badge.svg?branch=master)](https://github.com/OWASP/www-project-secure-headers/actions/workflows/monitoring-oshp-site-references.yml)
+
+[![update_tab_stats_related_files](https://github.com/OWASP/www-project-secure-headers/actions/workflows/tab-stats-headers-generate-related-files.yml/badge.svg?branch=master)](https://github.com/OWASP/www-project-secure-headers/actions/workflows/tab-stats-headers-generate-related-files.yml)
 
 🎯 The **OWASP Secure Headers Project** (also named **OSHP**) describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities. The OWASP Secure Headers Project intends to raise awareness and use of these headers.
 
@@ -17,7 +24,7 @@
 
 📚 We aim to publish reports on header usage stats, developments and changes, code libraries that make these headers easily accessible to developers on a range of platforms, and data sets concerning the general usage of these headers.
 
-🌐 The OWASP Secure Headers Project was migrated to a [new OWASP website](https://owasp.org/www-project-secure-headers/).
+🌍 The OWASP Secure Headers Project was migrated to a [new OWASP website](https://owasp.org/www-project-secure-headers/).
 
 📁 You can still access the old website [here](https://wiki.owasp.org/index.php/OWASP_Secure_Headers_Project).
 
@@ -36,19 +43,28 @@
 
 👩‍💻 Content editing is done with [Visual Studio Code](https://code.visualstudio.com/).
 
-A [workspace file](project.code-workspace) is provided with [recommended extensions](.vscode/extensions.json).
+📦 A [workspace file](project.code-workspace) is provided with [recommended extensions](.vscode/extensions.json).
 
 ## Automatically generated content
 
 🏭 The folder [ci](ci) (**CI** for **C**ontinuous **I**ntegration) contains materials to generate the following content.
 
-📝 Generate the both JSON files containing the header recommended to add and remove:
+📝 Generation of the both JSON files containing the header recommended to add and remove:
+
+* Processing is performed by this GitHub action [workflow](.github/workflows/headers-generate-json-files.yml) every time the file [tab_bestpractices.md](tab_bestpractices.md) is modified.
+
+📝 Generation of the [markdown file](monitoring_technical_references_dashboard.md) with the update health state of all GitHub repositories mentioned in the tab named **[Technical](tab_technical.md)**:
 
-* Generation is performed by this GitHub action [workflow](.github/workflows/headers-generate-json-files.yml) every time the file [tab_bestpractices.md](tab_bestpractices.md) is modified.
+* Processing is performed by this GitHub action [workflow](.github/workflows/monitoring-technical-references-generate-dashboard.yml) every week with a cron expression indicating `At 00:00 on Sunday` or every time the file [tab_technical.md](tab_technical.md) is modified.
 
-📝 Generate the [markdown file](monitoring_technical_references_dashboard.md) with the update health state of all GitHub repositories mentioned in the tab named **[Technical](tab_technical.md)**:
+📝 Generation of the file [tab_statistics.md](tab_statistics.md) as well as [all related PNG files](assets/tab_stats_generated_images):
 
-* Generation is performed by this GitHub action [workflow](.github/workflows/monitoring-technical-references-generate-dashboard.yml) every time the file [tab_technical.md](tab_technical.md) is modified.
+* Processing is performed by this GitHub action [workflow](.github/workflows/tab-stats-headers-generate-related-files.yml) every month with a cron expression indicating `At 00:00 on day-of-month 3` or every time any of the following files is modified:
+  * [ci/tab_stats_manage_generation.sh](ci/tab_stats_manage_generation.sh).
+  * [ci/tab_stats_generate_md_file.py](ci/tab_stats_generate_md_file.py).
+  * [ci/tab_stats_generate_png_files.sh](ci/tab_stats_generate_png_files.sh).
+* The specified cron expression was selected because the database containing the data used by the script [tab_stats_generate_md_file.py](ci/tab_stats_generate_md_file.py) is updated on the first day of each month by the project [oshp-stats](https://github.com/oshp/oshp-stats/):
+  * See [here](https://github.com/oshp/oshp-stats/blob/main/.github/workflows/update-datasource.yml) for technical details.
 
 ## Social media communication
 

assets/tab_stats_generated_images/00334f25a22543fb684dbe10861afee71c5263e0.png

@@ -1,7 +1,7 @@
 #!/usr/bin/python3
 """
 Script using the gathered data from the OSHP project "oshp-stats" to generate/update the 
-markdown file "tab_stats.md" with mermaid pie charts with differents statistics about HTTP security headers usage.
+markdown file "tab_statistics.md" with mermaid pie charts with differents statistics about HTTP security headers usage.
 
 Source:
     https://mermaid-js.github.io/mermaid/#/pie
@@ -19,14 +19,14 @@
 HTTP_REQUEST_TIMEOUT = 60
 DATA_DB_FILE = "/tmp/data.db"
 OSHP_SECURITY_HEADERS_FILE_lOCATION = "https://owasp.org/www-project-secure-headers/ci/headers_add.json"
-MD_FILE = "../tab_stats.md"
+MD_FILE = "../tab_statistics.md"
 IMAGE_FOLDER_LOCATION = "../assets/tab_stats_generated_images"
 TAB_MD_TEMPLATE = """---
 title: statistics
 displaytext: Statistics
 layout: null
 tab: true
-order: 10
+order: 7
 tags: headers
 ---
 

assets/tab_stats_generated_images/0259a15512c639e10df724dc019babf03534b303.png

@@ -1,13 +1,15 @@
 #!/bin/bash
 #########################################################################
 # This script manage the generation/update of the tab represented by the 
-# file "tab_stats.md".
+# file "tab_statistics.md".
 #########################################################################
 DATA_DB_FILE_LOCATION="https://github.com/oshp/oshp-stats/raw/refs/heads/main/data/data.db"
 DATA_DB_FILE="/tmp/data.db"
 echo "[+] Download the database of headers analysis..."
 wget -q -O $DATA_DB_FILE $DATA_DB_FILE_LOCATION
 file $DATA_DB_FILE
+echo "[+] Set correct access rights for the scripts as well as UNIX CRLF settings..."
+dos2unix tab_stats_generate_*
 chmod +x tab_stats_generate_*
 echo "[+] Generate the MD file of the TAB and all the MMD files for every pie chart image..."
 python tab_stats_generate_md_file.py

assets/tab_stats_generated_images/0792b92709f42a7962c27c64b74b94a4dfbffda1.png

@@ -16,9 +16,16 @@ pitch: Provides technical information about HTTP security headers.
 ![OSHP Logo](assets/images/oshp_logo.png)
 
 [![OWASP Production](https://img.shields.io/badge/owasp-production%20project-800080.svg)](https://www.owasp.org/projects)
+
 [![External Links Validity Check](https://github.com/OWASP/www-project-secure-headers/actions/workflows/check-external-links.yml/badge.svg?branch=master)](https://github.com/OWASP/www-project-secure-headers/actions/workflows/check-external-links.yml)
+
 [![Update headers reference JSON files](https://github.com/OWASP/www-project-secure-headers/actions/workflows/headers-generate-json-files.yml/badge.svg?branch=master)](https://github.com/OWASP/www-project-secure-headers/actions/workflows/headers-generate-json-files.yml)
-[![Update monitoring technical references dashboard](https://github.com/OWASP/www-project-secure-headers/actions/workflows/monitoring-technical-references-generate-dashboard.yml/badge.svg?branch=master)](https://github.com/OWASP/www-project-secure-headers/actions/workflows/monitoring-technical-references-generate-dashboard.yml) [![Perform_monitoring_oshp_site_references](https://github.com/OWASP/www-project-secure-headers/actions/workflows/monitoring-oshp-site-references.yml/badge.svg?branch=master)](https://github.com/OWASP/www-project-secure-headers/actions/workflows/monitoring-oshp-site-references.yml)
+
+[![Update monitoring technical references dashboard](https://github.com/OWASP/www-project-secure-headers/actions/workflows/monitoring-technical-references-generate-dashboard.yml/badge.svg?branch=master)](https://github.com/OWASP/www-project-secure-headers/actions/workflows/monitoring-technical-references-generate-dashboard.yml)
+
+[![Perform_monitoring_oshp_site_references](https://github.com/OWASP/www-project-secure-headers/actions/workflows/monitoring-oshp-site-references.yml/badge.svg?branch=master)](https://github.com/OWASP/www-project-secure-headers/actions/workflows/monitoring-oshp-site-references.yml)
+
+[![update_tab_stats_related_files](https://github.com/OWASP/www-project-secure-headers/actions/workflows/tab-stats-headers-generate-related-files.yml/badge.svg?branch=master)](https://github.com/OWASP/www-project-secure-headers/actions/workflows/tab-stats-headers-generate-related-files.yml)
 
 🎯 The **OWASP Secure Headers Project** (also called **OSHP**) describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities. The OWASP Secure Headers Project intends to raise awareness and use of these headers.
 

assets/tab_stats_generated_images/2e12376a6c60ad301b25193c11517ea0cd6aba2f.png

@@ -3,7 +3,7 @@ title: statistics
 displaytext: Statistics
 layout: null
 tab: true
-order: 10
+order: 7
 tags: headers
 ---
 
@@ -15,108 +15,92 @@ tags: headers
 
 <!-- markdown-link-check-disable -->
 
-
-
-⏲️ Last update: 02/01/2025 at 23:36:52 - Domains analyzed count: 150000.
+⏲️ Last update: 02/02/2025 at 08:26:37 - Domains analyzed count: 150000.
 
 ## Global usage of secure headers
 
 Provide the distribution of usage of secure headers across all domains analyzed.
 
 ![be611e71c615c27471d766612bfb7e8b05d743c7](assets/tab_stats_generated_images/be611e71c615c27471d766612bfb7e8b05d743c7.png)
 
-
 ## Global usage of header 'Cache-Control'
 
 Provide the distribution of usage of the header 'Cache-Control' across all domains analyzed.
 
 ![5b54b09f5f5c815a014d71b3b07495a69e3a4509](assets/tab_stats_generated_images/5b54b09f5f5c815a014d71b3b07495a69e3a4509.png)
 
-
 ## Global usage of header 'Clear-Site-Data'
 
 Provide the distribution of usage of the header 'Clear-Site-Data' across all domains analyzed.
 
 ![2e12376a6c60ad301b25193c11517ea0cd6aba2f](assets/tab_stats_generated_images/2e12376a6c60ad301b25193c11517ea0cd6aba2f.png)
 
-
 ## Global usage of header 'Content-Security-Policy'
 
 Provide the distribution of usage of the header 'Content-Security-Policy' across all domains analyzed.
 
 ![5e74150e7d98f861bf3fa632ca32e2d7f3e59632](assets/tab_stats_generated_images/5e74150e7d98f861bf3fa632ca32e2d7f3e59632.png)
 
-
 ## Global usage of header 'Cross-Origin-Embedder-Policy'
 
 Provide the distribution of usage of the header 'Cross-Origin-Embedder-Policy' across all domains analyzed.
 
 ![00334f25a22543fb684dbe10861afee71c5263e0](assets/tab_stats_generated_images/00334f25a22543fb684dbe10861afee71c5263e0.png)
 
-
 ## Global usage of header 'Cross-Origin-Opener-Policy'
 
 Provide the distribution of usage of the header 'Cross-Origin-Opener-Policy' across all domains analyzed.
 
 ![f700c02d30083cf617bdeca51e7eec3d49fe4a08](assets/tab_stats_generated_images/f700c02d30083cf617bdeca51e7eec3d49fe4a08.png)
 
-
 ## Global usage of header 'Cross-Origin-Resource-Policy'
 
 Provide the distribution of usage of the header 'Cross-Origin-Resource-Policy' across all domains analyzed.
 
 ![fa069b07281496f391d957d8936337da1a601614](assets/tab_stats_generated_images/fa069b07281496f391d957d8936337da1a601614.png)
 
-
 ## Global usage of header 'Permissions-Policy'
 
 Provide the distribution of usage of the header 'Permissions-Policy' across all domains analyzed.
 
 ![0792b92709f42a7962c27c64b74b94a4dfbffda1](assets/tab_stats_generated_images/0792b92709f42a7962c27c64b74b94a4dfbffda1.png)
 
-
 ## Global usage of header 'Referrer-Policy'
 
 Provide the distribution of usage of the header 'Referrer-Policy' across all domains analyzed.
 
 ![d5e855464d800d7b27eb3e430c5ae378497ddf50](assets/tab_stats_generated_images/d5e855464d800d7b27eb3e430c5ae378497ddf50.png)
 
-
 ## Global usage of header 'Strict-Transport-Security'
 
 Provide the distribution of usage of the header 'Strict-Transport-Security' across all domains analyzed.
 
 ![dbeb94ebb1ed7763f390b7be97a292f3c66920c7](assets/tab_stats_generated_images/dbeb94ebb1ed7763f390b7be97a292f3c66920c7.png)
 
-
 ## Global usage of header 'X-Content-Type-Options'
 
 Provide the distribution of usage of the header 'X-Content-Type-Options' across all domains analyzed.
 
 ![0259a15512c639e10df724dc019babf03534b303](assets/tab_stats_generated_images/0259a15512c639e10df724dc019babf03534b303.png)
 
-
 ## Global usage of header 'X-Frame-Options'
 
 Provide the distribution of usage of the header 'X-Frame-Options' across all domains analyzed.
 
 ![6ddd8e89eb34224bf460f672999c7dd447baef79](assets/tab_stats_generated_images/6ddd8e89eb34224bf460f672999c7dd447baef79.png)
 
-
 ## Global usage of header 'X-Permitted-Cross-Domain-Policies'
 
 Provide the distribution of usage of the header 'X-Permitted-Cross-Domain-Policies' across all domains analyzed.
 
 ![364a633adcd63d315ec3df781fed6008c57ad00d](assets/tab_stats_generated_images/364a633adcd63d315ec3df781fed6008c57ad00d.png)
 
-
 ## Global usage of insecure framing configuration via the header 'x-frame-options'
 
 Provide the distribution of usage of the header 'x-frame-options' across all domains analyzed with a insecure framing configuration: value different from `DENY` or `SAMEORIGIN` including unsupported values.
 
 ![ccc438a754b6d9324c9c1ea62662969c6114bfdf](assets/tab_stats_generated_images/ccc438a754b6d9324c9c1ea62662969c6114bfdf.png)
 
-
 ## Global usage of insecure referrer configuration via the header 'referrer-policy'
 
 Provide the distribution of usage of the header 'referrer-policy' across all domains analyzed with a insecure referrer configuration: value set to `unsafe-url` or `no-referrer-when-downgrade`.
@@ -125,21 +109,18 @@ Provide the distribution of usage of the header 'referrer-policy' across all dom
 
 ![e90a8350bb77972b086599b65efc8fcd02036a11](assets/tab_stats_generated_images/e90a8350bb77972b086599b65efc8fcd02036a11.png)
 
-
 ## Global usage of the Strict Transport Security 'preload' feature
 
 Provide the distribution of usage of the '[preload](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security#preloading_strict_transport_security)' feature for the header 'strict-transport-security' across all domains analyzed.
 
 ![8dd898e970a4cc540e0394ace9c9cedd425bc1c5](assets/tab_stats_generated_images/8dd898e970a4cc540e0394ace9c9cedd425bc1c5.png)
 
-
 ## Global common 'max-age' values of the Strict Transport Security header
 
 * Most common value used is 31536000 seconds (525600 minutes) across all domains analyzed.
 * Maximum value used is 1234513412313 seconds (20575223539 minutes) across all domains analyzed.
 * Minimum value used is -5375190 seconds (-89586 minutes) across all domains analyzed.
 
-
 ## Global usage of content security policy with directives allowing unsafe expressions
 
 Provide the distribution of content security policy allowing unsafe expressions across all domains analyzed.
@@ -149,4 +130,3 @@ Determine if a CSP policy contains `(default-src|script-src|script-src-elem|scri
 Based on [Report-URI CSP](https://report-uri.com/home/generate) generator allowed instructions for CSP directives.
 
 ![c7ef83055cf836a48ed9dd26b3a8d55103645022](assets/tab_stats_generated_images/c7ef83055cf836a48ed9dd26b3a8d55103645022.png)
-