README
¶
Violations Receiver
Content Security Policy violations receiver.
Currently it uses Elasticsearch as a storage, but other dbs could be easily implemented.
How to start
Docker
sudo docker-compose up -d
Do not forget to specify volume for the Elasticsearch data if you want to persist the data.
Development version
Only Go 1.9+ is supported.
Listen on :8080
and use 127.0.0.1:9200
as the Elastic server storage.
$: VIOR_PORT=8080 \
VIOR_ELASTIC_URL=http://127.0.0.1:9200 \
go run cmd/vior-http/main.go
Documentation
¶
Index ¶
Constants ¶
const (
// InputPath is http handle path as you specified in the report-uri
InputPath = "/csp-violation"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
Storage DataStorage
}
Config represents application configuration
func (*Config) ListenAndServe ¶
ListenAndServe wraps http server ListenAndServe call
func (*Config) ReportReceive ¶
func (conf *Config) ReportReceive(ctx *fasthttp.RequestCtx)
ReportReceive handles fasthttp server requests
type DataStorage ¶
type DataStorage interface { Init() error // initializes storage GetPipe() chan *ExtReport // returns pipe consuming timestamped reports Save(csp *ExtReport) error // saves timestamped report to the storage }
DataStorage represents an interface for the actual reports storage
type ElasticStorage ¶
type ElasticStorage struct { Pipe chan *ExtReport URL string Client *elastic.Client IdxName string DocType string Ctx context.Context }
ElasticStorage is an example of the storage for CSP reports, that implements DataStorage interface
func NewElasticStorage ¶
func NewElasticStorage(url string, idxname string, doctype string) (*ElasticStorage, error)
NewElasticStorage bootstraps and initializes ElasticStorage
func (*ElasticStorage) GetPipe ¶
func (e *ElasticStorage) GetPipe() chan *ExtReport
GetPipe returns a pipe to write reports to
func (*ElasticStorage) Init ¶
func (e *ElasticStorage) Init() error
Init initializes Elastic client, creates index and starts goroutine that pops reports from incomming channel
func (*ElasticStorage) Save ¶
func (e *ElasticStorage) Save(r *ExtReport) error
Save saves the report in Elastic
type ExtReport ¶
type ExtReport struct { Report Date time.Time `json:"date"` RemoteIP net.IP `json:"remote-ip"` UserAgent string `json:"useragent"` }
ExtReport is an extended Report with additional metadata
type Report ¶
type Report struct { DocumentURI string `json:"document-uri"` Referrer string `json:"referrer"` BlockedURI string `json:"blocked-uri"` ViolatedDirective string `json:"violated-directive"` OriginalPolicy string `json:"original-policy"` }
Report represents Content Security Policy violation report Link: https://w3c.github.io/webappsec-csp/2/#directive-report-uri (8.2 Sample violation report)
type Request ¶
type Request struct {
Report `json:"csp-report"`
}
Request is a top struct of the CSP violation report request.
func (*Request) UnmarshalJSON ¶
UnmarshalJSON is custom unmarshal function for the report. Any Report should contain at least:
document-uri blocked-uri violated-directive original-policy