private string CreateCspHeaderValue(ICspConfiguration config, string builtinReportHandlerUri = null) { var sb = new StringBuilder(); AppendDirective(sb, "default-src", GetDirectiveList(config.DefaultSrcDirective)); AppendDirective(sb, "script-src", GetDirectiveList(config.ScriptSrcDirective)); AppendDirective(sb, "object-src", GetDirectiveList(config.ObjectSrcDirective)); AppendDirective(sb, "style-src", GetDirectiveList(config.StyleSrcDirective)); AppendDirective(sb, "img-src", GetDirectiveList(config.ImgSrcDirective)); AppendDirective(sb, "media-src", GetDirectiveList(config.MediaSrcDirective)); AppendDirective(sb, "frame-src", GetDirectiveList(config.FrameSrcDirective)); AppendDirective(sb, "font-src", GetDirectiveList(config.FontSrcDirective)); AppendDirective(sb, "connect-src", GetDirectiveList(config.ConnectSrcDirective)); AppendDirective(sb, "base-uri", GetDirectiveList(config.BaseUriDirective)); AppendDirective(sb, "child-src", GetDirectiveList(config.ChildSrcDirective)); AppendDirective(sb, "form-action", GetDirectiveList(config.FormActionDirective)); AppendDirective(sb, "frame-ancestors", GetDirectiveList(config.FrameAncestorsDirective)); AppendDirective(sb, "plugin-types", GetPluginTypesDirectiveList(config.PluginTypesDirective)); AppendDirective(sb, "sandbox", GetSandboxDirectiveList(config.SandboxDirective)); if (sb.Length == 0) { return(null); } AppendDirective(sb, "report-uri", GetReportUriList(config.ReportUriDirective, builtinReportHandlerUri)); //Get rid of trailing ; sb.Length--; return(sb.ToString()); }
public ICspDirectiveConfiguration GetCspDirectiveConfig(ICspConfiguration cspConfig, CspDirectives directive) { if (cspConfig == null) { return(null); } switch (directive) { case CspDirectives.DefaultSrc: return(cspConfig.DefaultSrcDirective); case CspDirectives.ScriptSrc: return(cspConfig.ScriptSrcDirective); case CspDirectives.ObjectSrc: return(cspConfig.ObjectSrcDirective); case CspDirectives.StyleSrc: return(cspConfig.StyleSrcDirective); case CspDirectives.ImgSrc: return(cspConfig.ImgSrcDirective); case CspDirectives.MediaSrc: return(cspConfig.MediaSrcDirective); case CspDirectives.FrameSrc: return(cspConfig.FrameSrcDirective); case CspDirectives.FontSrc: return(cspConfig.FontSrcDirective); case CspDirectives.ConnectSrc: return(cspConfig.ConnectSrcDirective); case CspDirectives.BaseUri: return(cspConfig.BaseUriDirective); case CspDirectives.ChildSrc: return(cspConfig.ChildSrcDirective); case CspDirectives.FormAction: return(cspConfig.FormActionDirective); case CspDirectives.FrameAncestors: return(cspConfig.FrameAncestorsDirective); case CspDirectives.ManifestSrc: return(cspConfig.ManifestSrcDirective); case CspDirectives.WorkerSrc: return(cspConfig.WorkerSrcDirective); default: throw new NotImplementedException("The mapping for " + directive + " was not implemented."); } }
public void MergeOverrides(CspOverrideConfiguration source, ICspConfiguration destination) { if (source.EnabledOverride) { destination.Enabled = source.Enabled; } MergeDirectives(source, destination); }
public CspMiddleware(AppFunc next, ICspConfiguration options, bool reportOnly) : base(next) { _config = options; _reportOnly = reportOnly; var headerGenerator = new HeaderGenerator(); _headerResult = headerGenerator.CreateCspResult(_config, reportOnly); }
public CspMiddleware(AppFunc next, ICspConfiguration options, bool reportOnly) { _next = next; _config = options; _reportOnly = reportOnly; var headerGenerator = new HeaderGenerator(); _headerResult = headerGenerator.CreateCspResult(_config, reportOnly); }
public ICspDirectiveConfiguration GetCspDirectiveConfig(ICspConfiguration cspConfig, CspDirectives directive) { if (cspConfig == null) { return null; } switch (directive) { case CspDirectives.DefaultSrc: return cspConfig.DefaultSrcDirective; case CspDirectives.ScriptSrc: return cspConfig.ScriptSrcDirective; case CspDirectives.ObjectSrc: return cspConfig.ObjectSrcDirective; case CspDirectives.StyleSrc: return cspConfig.StyleSrcDirective; case CspDirectives.ImgSrc: return cspConfig.ImgSrcDirective; case CspDirectives.MediaSrc: return cspConfig.MediaSrcDirective; case CspDirectives.FrameSrc: return cspConfig.FrameSrcDirective; case CspDirectives.FontSrc: return cspConfig.FontSrcDirective; case CspDirectives.ConnectSrc: return cspConfig.ConnectSrcDirective; case CspDirectives.BaseUri: return cspConfig.BaseUriDirective; case CspDirectives.ChildSrc: return cspConfig.ChildSrcDirective; case CspDirectives.FormAction: return cspConfig.FormActionDirective; case CspDirectives.FrameAncestors: return cspConfig.FrameAncestorsDirective; default: throw new NotImplementedException("The mapping for " + directive + " was not implemented."); } }
public ICspMixedContentDirectiveConfiguration GetCspMixedContentConfigCloned(ICspConfiguration cspConfig) { var oldDirective = cspConfig?.MixedContentDirective; if (oldDirective == null) { return(null); } return(new CspMixedContentDirectiveConfiguration { Enabled = oldDirective.Enabled }); }
public ICspPluginTypesDirectiveConfiguration GetCspPluginTypesConfigCloned(ICspConfiguration cspConfig) { var oldDirective = cspConfig?.PluginTypesDirective; if (oldDirective == null) { return(null); } return(new CspPluginTypesDirectiveConfiguration { Enabled = oldDirective.Enabled, MediaTypes = oldDirective.MediaTypes.ToArray() }); }
private void MergeDirectives([NotNull] ICspConfiguration source, [NotNull] ICspConfiguration destination) { //Use source directive if set, else keep existing if not null, initalize directive if both are null. destination.DefaultSrcDirective = source.DefaultSrcDirective ?? destination.DefaultSrcDirective ?? new CspDirectiveConfiguration(); destination.ScriptSrcDirective = source.ScriptSrcDirective ?? destination.ScriptSrcDirective ?? new CspDirectiveConfiguration(); destination.ObjectSrcDirective = source.ObjectSrcDirective ?? destination.ObjectSrcDirective ?? new CspDirectiveConfiguration(); destination.StyleSrcDirective = source.StyleSrcDirective ?? destination.StyleSrcDirective ?? new CspDirectiveConfiguration(); destination.ImgSrcDirective = source.ImgSrcDirective ?? destination.ImgSrcDirective ?? new CspDirectiveConfiguration(); destination.MediaSrcDirective = source.MediaSrcDirective ?? destination.MediaSrcDirective ?? new CspDirectiveConfiguration(); destination.FrameSrcDirective = source.FrameSrcDirective ?? destination.FrameSrcDirective ?? new CspDirectiveConfiguration(); destination.FontSrcDirective = source.FontSrcDirective ?? destination.FontSrcDirective ?? new CspDirectiveConfiguration(); destination.ConnectSrcDirective = source.ConnectSrcDirective ?? destination.ConnectSrcDirective ?? new CspDirectiveConfiguration(); destination.BaseUriDirective = source.BaseUriDirective ?? destination.BaseUriDirective ?? new CspDirectiveConfiguration(); destination.ChildSrcDirective = source.ChildSrcDirective ?? destination.ChildSrcDirective ?? new CspDirectiveConfiguration(); destination.FormActionDirective = source.FormActionDirective ?? destination.FormActionDirective ?? new CspDirectiveConfiguration(); destination.FrameAncestorsDirective = source.FrameAncestorsDirective ?? destination.FrameAncestorsDirective ?? new CspDirectiveConfiguration(); destination.PluginTypesDirective = source.PluginTypesDirective ?? destination.PluginTypesDirective ?? new CspPluginTypesDirectiveConfiguration(); destination.SandboxDirective = source.SandboxDirective ?? destination.SandboxDirective ?? new CspSandboxDirectiveConfiguration(); destination.ReportUriDirective = source.ReportUriDirective ?? destination.ReportUriDirective ?? new CspReportUriDirectiveConfiguration(); }
public ICspSandboxDirectiveConfiguration GetCspSandboxConfigCloned(ICspConfiguration cspConfig) { var oldDirective = cspConfig?.SandboxDirective; if (oldDirective == null) { return(null); } return(new CspSandboxDirectiveConfiguration { Enabled = oldDirective.Enabled, AllowForms = oldDirective.AllowForms, AllowPointerLock = oldDirective.AllowPointerLock, AllowPopups = oldDirective.AllowPopups, AllowSameOrigin = oldDirective.AllowSameOrigin, AllowScripts = oldDirective.AllowScripts, AllowTopNavigation = oldDirective.AllowTopNavigation }); }
public ICspDirectiveConfiguration GetCspDirectiveConfigCloned(ICspConfiguration cspConfig, CspDirectives directive) { var oldDirective = GetCspDirectiveConfig(cspConfig, directive); if (oldDirective == null) { return(null); } var newConfig = new CspDirectiveConfiguration { Enabled = oldDirective.Enabled, NoneSrc = oldDirective.NoneSrc, SelfSrc = oldDirective.SelfSrc, UnsafeEvalSrc = oldDirective.UnsafeEvalSrc, UnsafeInlineSrc = oldDirective.UnsafeInlineSrc, Nonce = oldDirective.Nonce, CustomSources = oldDirective.CustomSources == null ? new List <string>(0) : oldDirective.CustomSources.ToList() }; return(newConfig); }
public ICspDirectiveConfiguration GetCspDirectiveConfigCloned(ICspConfiguration cspConfig, CspDirectives directive) { var oldDirective = GetCspDirectiveConfig(cspConfig, directive); if (oldDirective == null) { return null; } var newConfig = new CspDirectiveConfiguration { Enabled = oldDirective.Enabled, NoneSrc = oldDirective.NoneSrc, SelfSrc = oldDirective.SelfSrc, UnsafeEvalSrc = oldDirective.UnsafeEvalSrc, UnsafeInlineSrc = oldDirective.UnsafeInlineSrc, Nonce = oldDirective.Nonce, CustomSources = oldDirective.CustomSources == null ? new List<string>(0) : oldDirective.CustomSources.ToList() }; return newConfig; }
public HeaderResult CreateCspResult(ICspConfiguration cspConfig, bool reportOnly, string builtinReportHandlerUri = null, ICspConfiguration oldCspConfig = null) { var headerValue = cspConfig.Enabled ? CreateCspHeaderValue(cspConfig, builtinReportHandlerUri) : null; if (oldCspConfig != null && oldCspConfig.Enabled) { if (!cspConfig.Enabled || headerValue == null) { return(new HeaderResult(HeaderResult.ResponseAction.Remove, (reportOnly ? HeaderConstants.ContentSecurityPolicyReportOnlyHeader : HeaderConstants.ContentSecurityPolicyHeader))); } } if (!cspConfig.Enabled || headerValue == null) { return(null); } return(new HeaderResult(HeaderResult.ResponseAction.Set, (reportOnly ? HeaderConstants.ContentSecurityPolicyReportOnlyHeader : HeaderConstants.ContentSecurityPolicyHeader), headerValue)); }
public HeaderResult CreateCspResult(ICspConfiguration cspConfig, bool reportOnly, string builtinReportHandlerUri = null, ICspConfiguration oldCspConfig = null) { var headerValue = cspConfig.Enabled ? CreateCspHeaderValue(cspConfig, builtinReportHandlerUri) : null; if (oldCspConfig != null && oldCspConfig.Enabled) { if (!cspConfig.Enabled || headerValue == null) { return new HeaderResult(HeaderResult.ResponseAction.Remove, (reportOnly ? HeaderConstants.ContentSecurityPolicyReportOnlyHeader : HeaderConstants.ContentSecurityPolicyHeader)); } } if (!cspConfig.Enabled || headerValue == null) { return null; } return new HeaderResult(HeaderResult.ResponseAction.Set, (reportOnly ? HeaderConstants.ContentSecurityPolicyReportOnlyHeader : HeaderConstants.ContentSecurityPolicyHeader), headerValue); }
private void MergeDirectives(/*[NotNull]*/ ICspConfiguration source, /*[NotNull]*/ ICspConfiguration destination) { //Use source directive if set, else keep existing if not null, initalize directive if both are null. destination.DefaultSrcDirective = source.DefaultSrcDirective ?? destination.DefaultSrcDirective ?? new CspDirectiveConfiguration(); destination.ScriptSrcDirective = source.ScriptSrcDirective ?? destination.ScriptSrcDirective ?? new CspDirectiveConfiguration(); destination.ObjectSrcDirective = source.ObjectSrcDirective ?? destination.ObjectSrcDirective ?? new CspDirectiveConfiguration(); destination.StyleSrcDirective = source.StyleSrcDirective ?? destination.StyleSrcDirective ?? new CspDirectiveConfiguration(); destination.ImgSrcDirective = source.ImgSrcDirective ?? destination.ImgSrcDirective ?? new CspDirectiveConfiguration(); destination.MediaSrcDirective = source.MediaSrcDirective ?? destination.MediaSrcDirective ?? new CspDirectiveConfiguration(); destination.FrameSrcDirective = source.FrameSrcDirective ?? destination.FrameSrcDirective ?? new CspDirectiveConfiguration(); destination.FontSrcDirective = source.FontSrcDirective ?? destination.FontSrcDirective ?? new CspDirectiveConfiguration(); destination.ConnectSrcDirective = source.ConnectSrcDirective ?? destination.ConnectSrcDirective ?? new CspDirectiveConfiguration(); destination.BaseUriDirective = source.BaseUriDirective ?? destination.BaseUriDirective ?? new CspDirectiveConfiguration(); destination.ChildSrcDirective = source.ChildSrcDirective ?? destination.ChildSrcDirective ?? new CspDirectiveConfiguration(); destination.FormActionDirective = source.FormActionDirective ?? destination.FormActionDirective ?? new CspDirectiveConfiguration(); destination.FrameAncestorsDirective = source.FrameAncestorsDirective ?? destination.FrameAncestorsDirective ?? new CspDirectiveConfiguration(); destination.ManifestSrcDirective = source.ManifestSrcDirective ?? destination.ManifestSrcDirective ?? new CspDirectiveConfiguration(); destination.WorkerSrcDirective = source.WorkerSrcDirective ?? destination.WorkerSrcDirective ?? new CspDirectiveConfiguration(); destination.PluginTypesDirective = source.PluginTypesDirective ?? destination.PluginTypesDirective ?? new CspPluginTypesDirectiveConfiguration(); destination.SandboxDirective = source.SandboxDirective ?? destination.SandboxDirective ?? new CspSandboxDirectiveConfiguration(); destination.UpgradeInsecureRequestsDirective = source.UpgradeInsecureRequestsDirective ?? destination.UpgradeInsecureRequestsDirective ?? new CspUpgradeDirectiveConfiguration(); destination.MixedContentDirective = source.MixedContentDirective ?? destination.MixedContentDirective ?? new CspMixedContentDirectiveConfiguration(); destination.ReportUriDirective = source.ReportUriDirective ?? destination.ReportUriDirective ?? new CspReportUriDirectiveConfiguration(); }
public ICspPluginTypesDirectiveConfiguration GetCspPluginTypesConfigCloned(ICspConfiguration cspConfig) { var oldDirective = cspConfig.PluginTypesDirective; if (oldDirective == null) { return null; } return new CspPluginTypesDirectiveConfiguration() { Enabled = oldDirective.Enabled, MediaTypes = oldDirective.MediaTypes.ToArray() }; }
private string CreateCspHeaderValue(ICspConfiguration config, string builtinReportHandlerUri = null) { var sb = new StringBuilder(); AppendDirective(sb, "default-src", GetDirectiveList(config.DefaultSrcDirective)); AppendDirective(sb, "script-src", GetDirectiveList(config.ScriptSrcDirective)); AppendDirective(sb, "object-src", GetDirectiveList(config.ObjectSrcDirective)); AppendDirective(sb, "style-src", GetDirectiveList(config.StyleSrcDirective)); AppendDirective(sb, "img-src", GetDirectiveList(config.ImgSrcDirective)); AppendDirective(sb, "media-src", GetDirectiveList(config.MediaSrcDirective)); AppendDirective(sb, "frame-src", GetDirectiveList(config.FrameSrcDirective)); AppendDirective(sb, "font-src", GetDirectiveList(config.FontSrcDirective)); AppendDirective(sb, "connect-src", GetDirectiveList(config.ConnectSrcDirective)); AppendDirective(sb, "base-uri", GetDirectiveList(config.BaseUriDirective)); AppendDirective(sb, "child-src", GetDirectiveList(config.ChildSrcDirective)); AppendDirective(sb, "form-action", GetDirectiveList(config.FormActionDirective)); AppendDirective(sb, "frame-ancestors", GetDirectiveList(config.FrameAncestorsDirective)); AppendDirective(sb, "plugin-types", GetPluginTypesDirectiveList(config.PluginTypesDirective)); AppendDirective(sb, "sandbox", GetSandboxDirectiveList(config.SandboxDirective)); if (sb.Length == 0) return null; AppendDirective(sb, "report-uri", GetReportUriList(config.ReportUriDirective, builtinReportHandlerUri)); //Get rid of trailing ; sb.Length--; return sb.ToString(); }
public ICspSandboxDirectiveConfiguration GetCspSandboxConfigCloned(ICspConfiguration cspConfig) { var oldDirective = cspConfig.SandboxDirective; if ( oldDirective == null) { return null; } return new CspSandboxDirectiveConfiguration { Enabled = oldDirective.Enabled, AllowForms = oldDirective.AllowForms, AllowPointerLock = oldDirective.AllowPointerLock, AllowPopups = oldDirective.AllowPopups, AllowSameOrigin = oldDirective.AllowSameOrigin, AllowScripts = oldDirective.AllowScripts, AllowTopNavigation = oldDirective.AllowTopNavigation }; }
public void MergeConfiguration(ICspConfiguration source, ICspConfiguration destination) { destination.Enabled = source.Enabled; MergeDirectives(source, destination); }
public void SetCspDirectiveConfig(ICspConfiguration cspConfig, CspDirectives directive, ICspDirectiveConfiguration directiveConfig) { switch (directive) { case CspDirectives.DefaultSrc: cspConfig.DefaultSrcDirective = directiveConfig; return; case CspDirectives.ScriptSrc: cspConfig.ScriptSrcDirective = directiveConfig; return; case CspDirectives.ObjectSrc: cspConfig.ObjectSrcDirective = directiveConfig; return; case CspDirectives.StyleSrc: cspConfig.StyleSrcDirective = directiveConfig; return; case CspDirectives.ImgSrc: cspConfig.ImgSrcDirective = directiveConfig; return; case CspDirectives.MediaSrc: cspConfig.MediaSrcDirective = directiveConfig; return; case CspDirectives.FrameSrc: cspConfig.FrameSrcDirective = directiveConfig; return; case CspDirectives.FontSrc: cspConfig.FontSrcDirective = directiveConfig; return; case CspDirectives.ConnectSrc: cspConfig.ConnectSrcDirective = directiveConfig; return; case CspDirectives.BaseUri: cspConfig.BaseUriDirective = directiveConfig; return; case CspDirectives.ChildSrc: cspConfig.ChildSrcDirective = directiveConfig; return; case CspDirectives.FormAction: cspConfig.FormActionDirective = directiveConfig; return; case CspDirectives.FrameAncestors: cspConfig.FrameAncestorsDirective = directiveConfig; return; case CspDirectives.ManifestSrc: cspConfig.ManifestSrcDirective = directiveConfig; return; case CspDirectives.WorkerSrc: cspConfig.WorkerSrcDirective = directiveConfig; return; default: throw new NotImplementedException("The mapping for " + directive + " was not implemented."); } }
public void SetCspDirectiveConfig(ICspConfiguration cspConfig, CspDirectives directive, ICspDirectiveConfiguration directiveConfig) { switch (directive) { case CspDirectives.DefaultSrc: cspConfig.DefaultSrcDirective = directiveConfig; return; case CspDirectives.ScriptSrc: cspConfig.ScriptSrcDirective = directiveConfig; return; case CspDirectives.ObjectSrc: cspConfig.ObjectSrcDirective = directiveConfig; return; case CspDirectives.StyleSrc: cspConfig.StyleSrcDirective = directiveConfig; return; case CspDirectives.ImgSrc: cspConfig.ImgSrcDirective = directiveConfig; return; case CspDirectives.MediaSrc: cspConfig.MediaSrcDirective = directiveConfig; return; case CspDirectives.FrameSrc: cspConfig.FrameSrcDirective = directiveConfig; return; case CspDirectives.FontSrc: cspConfig.FontSrcDirective = directiveConfig; return; case CspDirectives.ConnectSrc: cspConfig.ConnectSrcDirective = directiveConfig; return; case CspDirectives.BaseUri: cspConfig.BaseUriDirective = directiveConfig; return; case CspDirectives.ChildSrc: cspConfig.ChildSrcDirective = directiveConfig; return; case CspDirectives.FormAction: cspConfig.FormActionDirective = directiveConfig; return; case CspDirectives.FrameAncestors: cspConfig.FrameAncestorsDirective = directiveConfig; return; default: throw new NotImplementedException("The mapping for " + directive + " was not implemented."); } }
//For unit testing only internal CspUpgradeInsecureRequestHelper(ICspConfiguration cspConfig) { _mockConfig = cspConfig; }