README
¶
go-csp-util
Content-Security-Policy utils, i.e. CSP parser in compliance with the W3C CSP Level 2 and CSP Level 3 specs.
ABNF
see https://www.w3.org/TR/CSP2/#policy-syntax
and https://www.w3.org/TR/CSP3/#framework
serialized-policy = serialized-directive *( OWS ";" [ OWS serialized-directive ] )
serialized-directive = directive-name [ RWS directive-value ]
directive-name = 1*( ALPHA / DIGIT / "-" )
directive-value = *( %x09 / %x20-%x2B / %x2D-%x3A / %x3C-%7E )
; Directive values may contain whitespace and VCHAR characters,
; excluding ";" and ","
Usage
import "github.com/templarbit/go-csp-util"
directives, err := csp.ParseDirectives("default-src 'self'; script-src 'self'; object-src 'self'; base-uri 'none'; report-uri https://ingest.templarbit.com/csp-reports")
Docs
- Chromium Content Security Policy implementation https://cs.chromium.org/chromium/src/content/common/content_security_policy/?type=cs&sq=package:chromium
Documentation
¶
Index ¶
Constants ¶
View Source
const ( DispositionEnforce = "enforce" DispositionReport = "report" ContentSecurityPolicy = "Content-Security-Policy" ContentSecurityPolicyReportOnly = "Content-Security-Policy-Report-Only" )
Variables ¶
View Source
var ( ErrDuplicateDirective = fmt.Errorf("duplicate directive") ErrDirectiveNameUnknown = fmt.Errorf("unknown directive name") ErrDirectiveNameDeprecated = fmt.Errorf("deprecated directive name") ErrCommaInDirectiveValue = fmt.Errorf("directive value contains comma") ErrInvalidValueChars = fmt.Errorf("invalid characters in value") )
View Source
var (
ErrJsonReportMalformed = fmt.Errorf("json report malformed")
)
Functions ¶
func IsValidDirectiveName ¶
Types ¶
type Directives ¶
type Directives []Directive
func ParseDirectives ¶
func ParseDirectives(serializedPolicy string) (Directives, error)
func (*Directives) AddDirective ¶
func (d *Directives) AddDirective(v Directive) error
func (*Directives) RemoveDirectiveByName ¶
func (d *Directives) RemoveDirectiveByName(name string)
func (Directives) String ¶
func (d Directives) String() string
type ParseError ¶
func (*ParseError) Error ¶
func (e *ParseError) Error() string
type Policy ¶
type Policy struct {
Disposition string
Directives Directives
}
type Report ¶
type Report struct {
BlockedUri string `json:"blocked-uri"`
DocumentUri string `json:"document-uri"`
Disposition string `json:"disposition"`
Referrer string `json:"referrer"`
StatusCode int `json:"status-code"`
OriginalPolicy string `json:"original-policy"`
ViolatedDirective string `json:"violated-directive"`
EffectiveDirective string `json:"effective-directive"`
ScriptSample string `json:"script-sample"`
SourceFile string `json:"source-file"`
LineNumber int `json:"line-number"`
ColumnNumber int `json:"column-number"`
}
func ParseReportBytes ¶
func ParseReportString ¶
Source Files
Click to show internal directories.
Click to hide internal directories.