From 820102daa5c82d8ad8c6cacc97ef20ef2b838967 Mon Sep 17 00:00:00 2001
From: Patrick <patrick.p.schmid@gmail.com>
Date: Thu, 6 Jul 2023 08:57:37 +0200
Subject: [PATCH 1/2] add a bcheck for a missing security.txt

---
 other/missing-security-txt.bcheck | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 other/missing-security-txt.bcheck

diff --git a/other/missing-security-txt.bcheck b/other/missing-security-txt.bcheck
new file mode 100644
index 0000000..2d362bf
--- /dev/null
+++ b/other/missing-security-txt.bcheck
@@ -0,0 +1,22 @@
+metadata:
+    language: v1-beta
+    name: "Missing security.txt"
+    description: "Checks for a missing security.txt according to RFC 9116"
+    author: "Patrick Schmid"
+
+run for each:
+    potential_path =
+        "/.well-known/security.txt"
+
+given host then
+    send request called check:
+        method: "GET"
+        path: {potential_path}
+
+    if not("Contact:" in {check.response.body}) then
+        report issue:
+            severity: info
+            confidence: certain
+            detail: `No security.txt could be found at {potential_path}.`
+            remediation: "Consider describing your security vulnerability disclosure process in a security.txt file according to RFC 9116 (https://www.rfc-editor.org/rfc/rfc9116)."
+    end if

From ca6c82d4e12f30a0e29218c5e57e894e53e9bc8d Mon Sep 17 00:00:00 2001
From: Patrick <patrick.p.schmid@gmail.com>
Date: Thu, 6 Jul 2023 10:13:55 +0200
Subject: [PATCH 2/2] Optimized run for each

---
 other/missing-security-txt.bcheck | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/other/missing-security-txt.bcheck b/other/missing-security-txt.bcheck
index 2d362bf..439254c 100644
--- a/other/missing-security-txt.bcheck
+++ b/other/missing-security-txt.bcheck
@@ -4,7 +4,7 @@ metadata:
     description: "Checks for a missing security.txt according to RFC 9116"
     author: "Patrick Schmid"
 
-run for each:
+define:
     potential_path =
         "/.well-known/security.txt"