C# (CSharp) FiddlerCSP CSPReport.Parse 예제들

예제 #1

파일: FiddlerExtension.cs 프로젝트: stevengpa/CSP-Fiddler-Extension

        private void ProcessCSPReport(Session session)
        {
            string requestBody = session.GetRequestBodyAsString();

            if (requestBody.Length > 0)
            {
                try
                {
                    CSPReport cspReport = CSPReport.Parse(requestBody);
                    if (cspReport.cspReport != null && cspReport.cspReport.documentUri != null)
                    {
                        logger.Log("Got report for " + cspReport.cspReport.documentUri + " via " + session.fullUrl);
                    }

                    logger.Log("Adding " + cspReport.ToString());
                    collector.Add(cspReport, session.PathAndQuery == "/unsafe-eval" ?
                                  CSPRuleCollector.InterpretBlank.UnsafeEval : CSPRuleCollector.InterpretBlank.UnsafeInline);
                    logger.Log("Total " + collector.ToString());
                }
                catch (Exception exception)
                {
                    logger.Log("Invalid CSP - " + exception);
                }
            }
        }

예제 #2

파일: FiddlerExtension.cs 프로젝트: ericlaw1979/CSP-Fiddler-Extension

        public void AutoTamperRequestBefore(Session session)
        {
            if (!Settings.enabled)
            {
                return;
            }

            if (!session.HostnameIs(reportHost) || session.isFTP)
            {
                return;
            }

            // TODO: We should offer an option to hide the reports from Fiddler; change "ui-strikeout" to "ui-hide" in the next line
            session["ui-strikeout"] = "CSPReportGenerator";

            if (session.HTTPMethodIs("CONNECT"))
            {
                session["x-replywithtunnel"] = "CSPReportGenerator";
                return;
            }

            session.utilCreateResponseAndBypassServer();
            session.oResponse.headers.Add("Content-Type", "text/html");
            session.ResponseBody = Encoding.UTF8.GetBytes("<!doctype html><HTML><BODY><H1>Report received. Thanks. You're the best.</H1></BODY></HTML>");

            string requestBody = session.GetRequestBodyAsString();

            if (requestBody.Length > 0)
            {
                try
                {
                    CSPReport cspReport = CSPReport.Parse(requestBody);
                    if (cspReport.cspReport != null && cspReport.cspReport.documentUri != null)
                    {
                        logger.Log("Got report for " + cspReport.cspReport.documentUri + " via " + session.fullUrl);
                    }

                    logger.Log("Adding " + cspReport.ToString());
                    collector.Add(cspReport, session.PathAndQuery == "/unsafe-eval" ?
                                  CSPRuleCollector.InterpretBlank.UnsafeEval : CSPRuleCollector.InterpretBlank.UnsafeInline);
                    logger.Log("Total " + collector.ToString());
                }
                catch (Exception exception)
                {
                    logger.Log("Invalid CSP - " + exception);
                }
            }
        }

예제 #3

        private void ValidateCSPReportSet(
            string documentUri,
            string expectedCsp,
            string[] cspReportsUnsafeInline,
            string[] cspReportsUnsafeEval)
        {
            CSPRuleCollector collector = new CSPRuleCollector(logger);

            foreach (var cspReport in cspReportsUnsafeInline.Select(cspReportAsString => CSPReport.Parse(cspReportAsString)))
            {
                collector.Add(cspReport, CSPRuleCollector.InterpretBlank.UnsafeInline);
            }
            foreach (var cspReport in cspReportsUnsafeEval.Select(cspReportAsString => CSPReport.Parse(cspReportAsString)))
            {
                collector.Add(cspReport, CSPRuleCollector.InterpretBlank.UnsafeEval);
            }

            Assert.AreEqual(collector.Get(documentUri), expectedCsp);
        }