{"id":13394832,"url":"https://github.com/yandex/gixy","last_synced_at":"2025-05-13T00:04:11.355Z","repository":{"id":38447911,"uuid":"85012942","full_name":"yandex/gixy","owner":"yandex","description":"Nginx configuration static analyzer","archived":false,"fork":false,"pushed_at":"2024-07-28T20:09:31.000Z","size":802,"stargazers_count":8450,"open_issues_count":56,"forks_count":421,"subscribers_count":153,"default_branch":"master","last_synced_at":"2025-05-13T00:04:03.608Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yandex.png","metadata":{"files":{"readme":"README.RU.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-03-15T01:02:40.000Z","updated_at":"2025-05-12T23:46:14.000Z","dependencies_parsed_at":"2023-02-04T23:32:02.473Z","dependency_job_id":"aa57a87f-6519-4b0a-92ce-24d5d8d2882d","html_url":"https://github.com/yandex/gixy","commit_stats":{"total_commits":118,"total_committers":20,"mean_commits":5.9,"dds":"0.22033898305084743","last_synced_commit":"e9008dcbd11f43ccac109b0cf2bf98a94e76b449"},"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yandex%2Fgixy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yandex%2Fgixy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yandex%2Fgixy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yandex%2Fgixy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yandex","download_url":"https://codeload.github.com/yandex/gixy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253843207,"owners_count":21972873,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-30T17:01:33.123Z","updated_at":"2025-05-13T00:04:11.326Z","avatar_url":"https://github.com/yandex.png","language":"Python","funding_links":[],"categories":["Python","\u003ca id=\"7e840ca27f1ff222fd25bc61a79b07ba\"\u003e\u003c/a\u003e特定目标","Python (144)","\u003e 3k ★","Tools","Python (1887)","Utilities","\u003ca id=\"40dbffa18ec695a618eef96d6fd09176\"\u003e\u003c/a\u003eNginx","Configuration","Other","Инфраструктура и DevOps"],"sub_categories":["\u003ca id=\"40dbffa18ec695a618eef96d6fd09176\"\u003e\u003c/a\u003eNginx","Lua Modules","Parsers","\u003ca id=\"0476f6b97e87176da0a0d7328f8747e7\"\u003e\u003c/a\u003eblog"],"readme":"GIXY\n====\n[![Mozilla Public License 2.0](https://img.shields.io/github/license/yandex/gixy.svg?style=flat-square)](https://github.com/yandex/gixy/blob/master/LICENSE)\n[![Build Status](https://img.shields.io/travis/yandex/gixy.svg?style=flat-square)](https://travis-ci.org/yandex/gixy)\n[![Your feedback is greatly appreciated](https://img.shields.io/maintenance/yes/2018.svg?style=flat-square)](https://github.com/yandex/gixy/issues/new)\n[![GitHub issues](https://img.shields.io/github/issues/yandex/gixy.svg?style=flat-square)](https://github.com/yandex/gixy/issues)\n[![GitHub pull requests](https://img.shields.io/github/issues-pr/yandex/gixy.svg?style=flat-square)](https://github.com/yandex/gixy/pulls)\n\n# Overview\n\u003cimg align=\"right\" width=\"192\" height=\"192\" src=\"/docs/logo.png\"\u003e\n\nGixy — это утилита для анализа конфигурации Nginx.\nБольшей частью служит для обнаружения проблем безопасности, но может искать и иные ошибки.\n\nОфициально поддерживаются версии Python 2.7, 3.5, 3.6 и 3.7\n\n\u0026nbsp;\n# Что умеет\nНа текущий момент Gixy способна обнаружить:\n  * [[ssrf] Server Side Request Forgery](https://github.com/yandex/gixy/blob/master/docs/ru/plugins/ssrf.md)\n  * [[http_splitting] HTTP Splitting](https://github.com/yandex/gixy/blob/master/docs/ru/plugins/httpsplitting.md)\n  * [[origins] Проблемы валидации referrer/origin](https://github.com/yandex/gixy/blob/master/docs/ru/plugins/origins.md)\n  * [[add_header_redefinition] Переопределение \"вышестоящих\" заголовков ответа директивой \"add_header\"](https://github.com/yandex/gixy/blob/master/docs/ru/plugins/addheaderredefinition.md)\n  * [[host_spoofing] Подделка заголовка запроса Host](https://github.com/yandex/gixy/blob/master/docs/ru/plugins/hostspoofing.md)\n  * [[valid_referers] none in valid_referers](https://github.com/yandex/gixy/blob/master/docs/ru/plugins/validreferers.md)\n  * [[add_header_multiline] Многострочные заголовоки ответа](https://github.com/yandex/gixy/blob/master/docs/ru/plugins/addheadermultiline.md)\n  * [[alias_traversal] Path traversal при использовании alias](https://github.com/yandex/gixy/blob/master/docs/ru/plugins/aliastraversal.md)\n\nПроблемы, которым Gixy только учится можно найти в [Issues с меткой \"new plugin\"](https://github.com/yandex/gixy/issues?q=is%3Aissue+is%3Aopen+label%3A%22new+plugin%22)\n\n# Установка\nНаиболее простой способ установки Gixy - воспользоваться pip для установки из [PyPI](https://pypi.python.org/pypi/gixy):\n```bash\npip install gixy\n```\n\n# Использование\nПосле установки должна стать доступна консольная утилита `gixy`.\nПо умолчанию Gixy ищет конфигурацию по стандартному пути `/etc/nginx/nginx.conf`, однако вы можете указать специфичное расположение:\n```\n$ gixy /etc/nginx/nginx.conf\n\n==================== Results ===================\n\nProblem: [http_splitting] Possible HTTP-Splitting vulnerability.\nDescription: Using variables that can contain \"\\n\" may lead to http injection.\nAdditional info: https://github.com/yandex/gixy/wiki/ru/httpsplitting\nReason: At least variable \"$action\" can contain \"\\n\"\nPseudo config:\ninclude /etc/nginx/sites/default.conf;\n\n\tserver {\n\n\t\tlocation ~ /v1/((?\u003caction\u003e[^.]*)\\.json)?$ {\n\t\t\tadd_header X-Action $action;\n\t\t}\n\t}\n\n\n==================== Summary ===================\nTotal issues:\n    Unspecified: 0\n    Low: 0\n    Medium: 0\n    High: 1\n```\n\nGixy умеет обрабатывать директиву `include` и попробует максимально корректно обработать все зависимости, если что-то пошло не так можно попробовать запустить `gixy` с флагом `-d` для вывода дополнительной информации.\nВсе доступные опции:\n```\n$ gixy -h\nusage: gixy [-h] [-c CONFIG_FILE] [--write-config CONFIG_OUTPUT_PATH]\n            [-v] [-l] [-f {console,text,json}] [-o OUTPUT_FILE] [-d]\n            [--tests TESTS] [--skips SKIPS] [--disable-includes]\n            [--origins-domains domains]\n            [--origins-https-only https_only]\n            [--add-header-redefinition-headers headers]\n            [nginx.conf]\n\nGixy - a Nginx configuration [sec]analyzer\n\npositional arguments:\n  nginx.conf            Path to nginx.conf, e.g. /etc/nginx/nginx.conf\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -c CONFIG_FILE, --config CONFIG_FILE\n                        config file path\n  --write-config CONFIG_OUTPUT_PATH\n                        takes the current command line args and writes them\n                        out to a config file at the given path, then exits\n  -v, --version         show program's version number and exit\n  -l, --level           Report issues of a given severity level or higher (-l\n                        for LOW, -ll for MEDIUM, -lll for HIGH)\n  -f {console,text,json}, --format {console,text,json}\n                        Specify output format\n  -o OUTPUT_FILE, --output OUTPUT_FILE\n                        Write report to file\n  -d, --debug           Turn on debug mode\n  --tests TESTS         Comma-separated list of tests to run\n  --skips SKIPS         Comma-separated list of tests to skip\n  --disable-includes    Disable \"include\" directive processing\n\nplugins options:\n  --origins-domains domains\n                        Default: *\n  --origins-https-only https_only\n                        Default: False\n  --add-header-redefinition-headers headers\n                        Default: content-security-policy,x-xss-\n                        protection,x-frame-options,x-content-type-\n                        options,strict-transport-security,cache-control\n\n\navailable plugins:\n\thost_spoofing\n\tadd_header_multiline\n\thttp_splitting\n\tvalid_referers\n\torigins\n\tadd_header_redefinition\n\tssrf\n```\n\n# Contributing\nContributions to Gixy are always welcome! You can help us in different ways:\n  * Open an issue with suggestions for improvements and errors you're facing;\n  * Fork this repository and submit a pull request;\n  * Improve the documentation.\n\nCode guidelines:\n  * Python code style should follow [pep8](https://www.python.org/dev/peps/pep-0008/) standards whenever possible;\n  * Pull requests with new plugins must have unit tests for it.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyandex%2Fgixy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyandex%2Fgixy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyandex%2Fgixy/lists"}