From 8b8a4aa48e8853fa2765c34dc6b5668f38d30a06 Mon Sep 17 00:00:00 2001
From: Kyle Sullivan <sullivan.kyle@pm.me>
Date: Tue, 18 Apr 2023 10:26:27 -0300
Subject: [PATCH 1/2] Handle improper max_age directive

---
 scanners/web-processor/web_processor/web_processor.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scanners/web-processor/web_processor/web_processor.py b/scanners/web-processor/web_processor/web_processor.py
index cd1035356e..77552af93b 100644
--- a/scanners/web-processor/web_processor/web_processor.py
+++ b/scanners/web-processor/web_processor/web_processor.py
@@ -306,7 +306,7 @@ def check_https_downgrades(connections):
                 "preload": preload
             }
 
-            hsts_status = "pass" if hsts and max_age > 0 and "https14" not in negative_tags else "fail"
+            hsts_status = "pass" if hsts and isinstance(max_age, int) and max_age > 0 and "https14" not in negative_tags else "fail"
 
     http_down_or_redirect = not http_live or http_immediately_upgrades
 

From 6811951d30cb7b254d598ca2db4d5bdb3496fc61 Mon Sep 17 00:00:00 2001
From: Kyle Sullivan <sullivan.kyle@pm.me>
Date: Tue, 18 Apr 2023 10:57:33 -0300
Subject: [PATCH 2/2] Clean up

---
 scanners/web-processor/web_processor/web_processor.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/scanners/web-processor/web_processor/web_processor.py b/scanners/web-processor/web_processor/web_processor.py
index 77552af93b..bf0bc72e0f 100644
--- a/scanners/web-processor/web_processor/web_processor.py
+++ b/scanners/web-processor/web_processor/web_processor.py
@@ -306,7 +306,10 @@ def check_https_downgrades(connections):
                 "preload": preload
             }
 
-            hsts_status = "pass" if hsts and isinstance(max_age, int) and max_age > 0 and "https14" not in negative_tags else "fail"
+            if hsts and isinstance(max_age, int) and max_age > 0 and "https14" not in negative_tags:
+                hsts_status = "pass"
+            else:
+                hsts_status = "fail"
 
     http_down_or_redirect = not http_live or http_immediately_upgrades