README
¶
- CSP stands for Content Security Policy: http://en.wikipedia.org/wiki/Content_Security_Policy
- HPKP stands for HTTP Public Key Pinning: https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
To use CSP and/or HPKP in report mode, you need a tool that gathers violation reports and puts them into a decent storage.
Intended architecture: Nginx -> THIS TOOL -> RabbitMQ -> Elastic RabbitMQ River -> Elastic -> Kibana.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BatchReportStorage ¶
type BatchReportStorage interface {
Start() error
Stop() error
AddCSPReport(CSPReport)
AddPKPReport(PKPReport)
}
BatchReportStorage is a way to store incoming reports
type CSPReport ¶
type CSPReport struct {
Body struct {
DocumentURI string `json:"document-uri"`
Referrer string `json:"referrer"`
BlockedURI string `json:"blocked-uri"`
ViolatedDirective string `json:"violated-directive"`
EffectiveDirective string `json:"effective-directive"`
OriginalPolicy string `json:"original-policy"`
Timestamp string `json:"@timestamp"`
} `json:"csp-report"`
}
CSPReport is a Content Security Policy report as per http://www.w3.org/TR/CSP/
type Logger ¶
type Logger interface {
Log(...interface{}) error
}
Logger is a simple logging wrapper interface
type PKPReport ¶
type PKPReport struct {
DateTime string `json:"date-time"`
Hostname string `json:"hostname"`
Port int `json:"port"`
EffectiveExpirationDate string `json:"effective-expiration-date"`
IncludeSubdomains bool `json:"include-subdomains"`
NotedHostname string `json:"noted-hostname"`
ServedCertificateChain []string `json:"served-certificate-chain"`
ValidatedCertificateChain []string `json:"validated-certificate-chain"`
KnownPins []string `json:"known-pins"`
}
PKPReport is a Public Key Pinning report as per https://tools.ietf.org/html/draft-ietf-websec-key-pinning-21
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.