csp

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 19, 2023 License: Apache-2.0 Imports: 18 Imported by: 1

Documentation

Index

Constants

View Source
const (
	PolicyTag           request.Key = "content-security-policy"
	ReportNonceTag      request.Key = "content-security-policy-report-nonce"
	RequestNonceDataTag request.Key = "content-security-policy-request-nonce-data"
)
View Source
const (
	RequestDefaultSrcNonceTag     string = "default-src"
	RequestConnectSrcNonceTag     string = "connect-src"
	RequestFontSrcNonceTag        string = "font-src"
	RequestFrameSrcNonceTag       string = "frame-src"
	RequestImgSrcNonceTag         string = "img-src"
	RequestManifestSrcNonceTag    string = "manifest-src"
	RequestMediaSrcNonceTag       string = "media-src"
	RequestObjectSrcNonceTag      string = "object-src"
	RequestPrefetchSrcNonceTag    string = "prefetch-src"
	RequestScriptSrcNonceTag      string = "script-src"
	RequestScriptSrcElemNonceTag  string = "script-src-elem"
	RequestScriptSrcAttrNonceTag  string = "script-src-attr"
	RequestStyleSrcNonceTag       string = "style-src"
	RequestStyleSrcElemNonceTag   string = "style-src-elem"
	RequestStyleSrcAttrNonceTag   string = "style-src-attr"
	RequestWorkerSrcNonceTag      string = "worker-src"
	RequestBaseUriNonceTag        string = "base-uri"
	RequestFormActionNonceTag     string = "form-action"
	RequestFrameAncestorsNonceTag string = "frame-ancestors"
)
View Source
const HashSourceType string = "hash-source"
View Source
const HostSourceType string = "host-source"
View Source
const KeywordSourceType string = "keyword-source"
View Source
const NonceSourceType string = "nonce-source"
View Source
const SchemeSourceType string = "scheme-source"

Variables

View Source
var (
	DefaultReportPathPrefix = "/_/csp-violation"
)

Functions

This section is empty.

Types

type ConfigError

type ConfigError []string

func (ConfigError) Error

func (c ConfigError) Error() (msg string)

type ContentSecurityPolicyConfig

type ContentSecurityPolicyConfig struct {
	GenericSourceDirective Sources
	DefaultSrc             Sources
	ConnectSrc             Sources
	FontSrc                Sources
	FrameSrc               Sources
	ImgSrc                 Sources
	ManifestSrc            Sources
	MediaSrc               Sources
	ObjectSrc              Sources
	PrefetchSrc            Sources
	ScriptSrc              Sources
	ScriptSrcElem          Sources
	ScriptSrcAttr          Sources
	StyleSrc               Sources
	StyleSrcElem           Sources
	StyleSrcAttr           Sources
	WorkerSrc              Sources
	BaseUri                Sources
	FormAction             Sources
	FrameAncestors         Sources
}

func ParseContentSecurityPolicyConfig

func ParseContentSecurityPolicyConfig(ctx map[string]interface{}) (cspc ContentSecurityPolicyConfig, err error)

func (ContentSecurityPolicyConfig) Apply

func (c ContentSecurityPolicyConfig) Apply(policy Policy) (modified Policy)

type Directive

type Directive interface {
	DirectiveType() string
	Value() string
}

func NewBaseUri

func NewBaseUri(sources ...Source) Directive

func NewConnectSrc

func NewConnectSrc(sources ...Source) Directive

func NewDefaultSrc

func NewDefaultSrc(sources ...Source) Directive

func NewFontSrc

func NewFontSrc(sources ...Source) Directive

func NewFormAction

func NewFormAction(sources ...Source) Directive

func NewFrameAncestors

func NewFrameAncestors(sources ...Source) Directive

func NewFrameSrc

func NewFrameSrc(sources ...Source) Directive

func NewGenericSourceDirective

func NewGenericSourceDirective(name string, sources ...Source) (d Directive)

func NewImgSrc

func NewImgSrc(sources ...Source) Directive

func NewManifestSrc

func NewManifestSrc(sources ...Source) Directive

func NewMediaSrc

func NewMediaSrc(sources ...Source) Directive

func NewObjectSrc

func NewObjectSrc(sources ...Source) Directive

func NewPrefetchSrc

func NewPrefetchSrc(sources ...Source) Directive

func NewReportTo

func NewReportTo(groupName string) Directive

func NewReportUri

func NewReportUri(uri string) Directive

func NewSandbox

func NewSandbox(values ...SandboxValue) Directive

func NewScriptSrc

func NewScriptSrc(sources ...Source) Directive

func NewScriptSrcAttr

func NewScriptSrcAttr(sources ...Source) Directive

func NewScriptSrcElem

func NewScriptSrcElem(sources ...Source) Directive

func NewStyleSrc

func NewStyleSrc(sources ...Source) Directive

func NewStyleSrcAttr

func NewStyleSrcAttr(sources ...Source) Directive

func NewStyleSrcElem

func NewStyleSrcElem(sources ...Source) Directive

func NewUpgradeInsecureRequests

func NewUpgradeInsecureRequests() Directive

func NewWorkerSrc

func NewWorkerSrc(sources ...Source) Directive

type HashSource

type HashSource struct {
	// contains filtered or unexported fields
}

func NewHashSource

func NewHashSource(algo, hash string) (value HashSource)

func ParseHashSource

func ParseHashSource(input string) (s HashSource, ok bool)

func (HashSource) SourceType

func (s HashSource) SourceType() string

func (HashSource) Value

func (s HashSource) Value() (value string)

type HostSource

type HostSource struct {
	// contains filtered or unexported fields
}

func NewHostSource

func NewHostSource(value string) (v HostSource)

func ParseHostSource

func ParseHostSource(input string) (s HostSource, ok bool)

func (HostSource) SourceType

func (s HostSource) SourceType() string

func (HostSource) Value

func (s HostSource) Value() (value string)

type KeywordSource

type KeywordSource string
const (
	None           KeywordSource = `none`
	Self           KeywordSource = `self`
	UnsafeEval     KeywordSource = `unsafe-eval`
	UnsafeHashes   KeywordSource = `unsafe-hashes`
	UnsafeInline   KeywordSource = `unsafe-inline`
	RequireSample  KeywordSource = `require-sample`
	StrictDynamic  KeywordSource = `strict-dynamic`
	WasmUnsafeEval KeywordSource = `wasm-unsafe-eval`
)

func ParseKeywordSource

func ParseKeywordSource(input string) (s KeywordSource, ok bool)

func (KeywordSource) SourceType

func (s KeywordSource) SourceType() string

func (KeywordSource) Value

func (s KeywordSource) Value() (value string)

type ModifyPolicyFn

type ModifyPolicyFn = func(policy Policy, r *http.Request) (modified Policy)

type NonceSource

type NonceSource string

func NewNonceSource

func NewNonceSource(nonce string) (value NonceSource)

func ParseNonceSource

func ParseNonceSource(input string) (s NonceSource, ok bool)

func (NonceSource) SourceType

func (s NonceSource) SourceType() string

func (NonceSource) Value

func (s NonceSource) Value() (value string)

type PageContextContentSecurity

type PageContextContentSecurity struct {
	Policy Policy
	Nonces beContext.Context
}

type Policy

type Policy interface {
	// Set overwrites any existing version of the same directives (chainable)
	Set(d Directive) Policy
	// Add appends the given directive (chainable)
	Add(d Directive) Policy
	// Value returns a string suitable for use in HTTP header responses
	Value() string
	// Find returns all directive instances of named type
	Find(name string) (found []Directive)
	// None returns true if Empty or there is only the None source present in the named directive
	None(name string) (none bool)
	// Empty returns true if there are no directives present
	Empty() (empty bool)
	// Unsafe returns true if any "unsafe" sources are present in the named directive
	Unsafe(name string) (unsafe bool)
	// Collapse reduces directives of the same type and places default-src first, returns a new Policy
	Collapse() Policy
	// Directives returns the list of directives present
	Directives() (directives []Directive)
}

func DefaultContentSecurityPolicy

func DefaultContentSecurityPolicy() Policy

func NewPolicy

func NewPolicy(directives ...Directive) (p Policy)

func StrictContentSecurityPolicy

func StrictContentSecurityPolicy() Policy

type PolicyHandler

type PolicyHandler struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func NewPolicyHandler

func NewPolicyHandler() (h *PolicyHandler)

func (*PolicyHandler) ApplyHeaders

func (h *PolicyHandler) ApplyHeaders(w http.ResponseWriter, r *http.Request)

func (*PolicyHandler) FinalizeRequest

func (h *PolicyHandler) FinalizeRequest(w http.ResponseWriter, r *http.Request)

func (*PolicyHandler) GetRequestNonce

func (h *PolicyHandler) GetRequestNonce(tag string, r *http.Request) (nonce string, modified *http.Request)

func (*PolicyHandler) GetRequestNonceData

func (h *PolicyHandler) GetRequestNonceData(r *http.Request) (data *RequestNonceData, modified *http.Request)

func (*PolicyHandler) GetRequestPolicy

func (h *PolicyHandler) GetRequestPolicy(r *http.Request) (policy Policy)

func (*PolicyHandler) ModifyPolicyMiddleware

func (h *PolicyHandler) ModifyPolicyMiddleware(fn ModifyPolicyFn) (mw func(next http.Handler) http.Handler)

func (*PolicyHandler) NewReportNonce

func (h *PolicyHandler) NewReportNonce() (nonce string)

func (*PolicyHandler) PreparePageContext

func (h *PolicyHandler) PreparePageContext(config ContentSecurityPolicyConfig, ctx beContext.Context, r *http.Request) (pccs *PageContextContentSecurity, modified *http.Request)

func (*PolicyHandler) PrepareRequestMiddleware

func (h *PolicyHandler) PrepareRequestMiddleware(next http.Handler) http.Handler

func (*PolicyHandler) PruneReportNonces

func (h *PolicyHandler) PruneReportNonces()

func (*PolicyHandler) SetRequestPolicy

func (h *PolicyHandler) SetRequestPolicy(r *http.Request, policy Policy) (modified *http.Request)

func (*PolicyHandler) ValidateReportNonce

func (h *PolicyHandler) ValidateReportNonce(nonce string) (valid bool)

type RequestNonceData

type RequestNonceData map[string]string

type SandboxValue

type SandboxValue string
const (
	AllowDownloads                      SandboxValue = "allow-downloads"
	AllowDownloadsWithoutUserActivation SandboxValue = "allow-downloads-without-user-activation"
	AllowForms                          SandboxValue = "allow-forms"
	AllowModals                         SandboxValue = "allow-modals"
	AllowOrientationLock                SandboxValue = "allow-orientation-lock"
	AllowPointerLock                    SandboxValue = "allow-pointer-lock"
	AllowPopups                         SandboxValue = "allow-popups"
	AllowPopupsToEscapeSandbox          SandboxValue = "allow-popups-to-escape-sandbox"
	AllowPresentation                   SandboxValue = "allow-presentation"
	AllowSameOrigin                     SandboxValue = "allow-same-origin"
	AllowScripts                        SandboxValue = "allow-scripts"
	AllowStorageAccessByUserActivation  SandboxValue = "allow-storage-access-by-user-activation"
	AllowTopNavigation                  SandboxValue = "allow-top-navigation"
	AllowTopNavigationByUserActivation  SandboxValue = "allow-top-navigation-by-user-activation"
	AllowTopNavigationToCustomProtocols SandboxValue = "allow-top-navigation-to-custom-protocols"
)

type SchemeSource

type SchemeSource string

func NewSchemeSource

func NewSchemeSource(value string) (v SchemeSource)

func ParseSchemeSource

func ParseSchemeSource(input string) (s SchemeSource, ok bool)

func (SchemeSource) SourceType

func (s SchemeSource) SourceType() string

func (SchemeSource) Value

func (s SchemeSource) Value() (value string)

type Source

type Source interface {
	SourceType() string
	Value() string
}

func ParseSource

func ParseSource(input string) (s Source, ok bool)

type SourceDirective

type SourceDirective interface {
	Directive
	Sources() (sources []Source)
	Append(sources ...Source)
}

type Sources

type Sources []Source

func (Sources) Append

func (s Sources) Append(sources ...Source) (modified Sources)

func (Sources) Collapse

func (s Sources) Collapse() (collapsed Sources)

func (Sources) FilterAllowedKeywords

func (s Sources) FilterAllowedKeywords(allowed ...KeywordSource) (filtered Sources)

func (Sources) FilterAllowedTypes

func (s Sources) FilterAllowedTypes(allowed ...string) (filtered Sources)

func (Sources) FilterUnsafeInline

func (s Sources) FilterUnsafeInline() (filtered Sources)

func (Sources) Sort

func (s Sources) Sort() (sorted Sources)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL