public void CspReport() { var homeController = new HomeControllerBuilder() .Build(); var cspReportRequest = new CspReportRequest() { CspReport = new CspReport() { BlockedUri = "/CspReport", DocumentUri = "self", OriginalPolicy = "self", EffectiveDirective = "self", Referrer = "self", ViolatedDirective = "script-src", StatusCode = 200 } }; var actionResult = homeController.CspReport(cspReportRequest); actionResult.Should().NotBeNull("because the default response from HomeController is a valid result."); actionResult.Should().BeAssignableTo <ActionResult <string> >("because the default response from HomeController is a valid IActionResult."); var viewResult = (ActionResult <string>)actionResult; viewResult.Value.Should().NotBeNull("because the controller returns empty string."); viewResult.Value.Should().BeEmpty("because the controller returns empty string."); }
public async Task CspReport() { var dataController = new DataControllerBuilder() .Build(); var appSettings = new AppSettings() { Csp = this.BuildCsp() }; var cspReportRequest = new CspReportRequest() { CspReport = new CspReport() { BlockedUri = "/CspReport", DocumentUri = appSettings.Csp.Report, OriginalPolicy = "self", EffectiveDirective = "self", Referrer = "self", ViolatedDirective = "script-src", StatusCode = 200 } }; var actionResult = await dataController.CspReport(cspReportRequest); actionResult.Should().NotBeNull("because the default response from HomeController is a valid result."); actionResult.Should().BeAssignableTo <OkResult>("because the default response from HomeController is a valid OkResult."); }
/// <summary> /// Posts a <see cref="CspReportRequest"/> to the configred API. /// </summary> /// <param name="cancellation">The cancellation token.</param> /// <returns>The <see cref="HttpResponseMessage"/> for examination.</returns> public async Task <HttpResponseMessage> ReportAsync(CspReportRequest cspReport, CancellationToken cancellation = default) { using (var client = ClientFactory.CreateClient <CspClient>()) { return(await client.PostAsync(CspPathFragment, new CspReportContent(cspReport), cancellation).ConfigureAwait(false)); } }
public IActionResult CspReport([FromBody] CspReportRequest request) { var reqCspRep = request.CspReport; // TODO: log request to a datastore somewhere var cspViolation = new StringBuilder("CSP Violation:"); cspViolation.AppendFormat(" URIs- Document:{0}, Blocked:{1}", reqCspRep.DocumentUri, reqCspRep.BlockedUri); cspViolation.AppendLine(); //if (!string.IsNullOrWhiteSpace(reqCspRep.OriginalPolicy)) //{ // cspViolation.AppendFormat(" Original Policy:{0}", reqCspRep.OriginalPolicy); // cspViolation.AppendLine(); //} cspViolation.AppendFormat(" Directives- Violated:{0}, Effective:{1} ", reqCspRep.ViolatedDirective, reqCspRep.EffectiveDirective); cspViolation.AppendLine(); if (!string.IsNullOrWhiteSpace(reqCspRep.Referrer)) { cspViolation.AppendFormat(" Referrer:{0}", reqCspRep.Referrer); cspViolation.AppendLine(); } cspViolation.AppendFormat(" Status Code:{0}", reqCspRep.StatusCode); Console.WriteLine(cspViolation.ToString()); return(Ok()); }
public IActionResult CspReport([FromBody] CspReportRequest request) { // TODO: log request to a datastore somewhere _logger.LogWarning($"CSP Violation: {request.CspReport.DocumentUri}, {request.CspReport.BlockedUri}"); return(Ok()); }
public IActionResult Report([FromBody] CspReportRequest request) { _logger.LogInformation($" Request Path: {HttpContext.Request.Path} and Query: {HttpContext.Request.Query}"); _logger.LogWarning("CSP Violation: {cspReport}", request); return(Ok()); }
public IActionResult CspReport([FromBody] CspReportRequest model) { if (model.CspReport != null) { Log.ForContext("report", model.CspReport, true).Warning("csp-report"); } return(new EmptyResult()); }
public async Task <IActionResult> CspReport([FromBody] CspReportRequest request) { await Task.Run(() => { // Process report }); return(Ok()); }
public IActionResult CspReport(CspReportRequest request) { //Also, as this is somewhat security sensitive, the response is always a success (ignoring timings). try { //This is the only check made. If bad entries will be logged, //they should be eliminated and purged from the repository //accordingly. if (request?.CspReport != null) { //TODO: Save the data. } } catch { } return(Ok()); }
public IActionResult Report([FromBody] CspReportRequest request) { _logger.LogWarning("CSP Violation: {cspReport}", request); return(Ok()); }
/// <summary> /// /// </summary> /// <exception cref="Flipdish.Client.ApiException">Thrown when fails to make API call</exception> /// <param name="request"></param> /// <returns>Task of ApiResponse (Object)</returns> public async System.Threading.Tasks.Task <ApiResponse <Object> > ContentSecurityPolicyReportAsyncWithHttpInfo(CspReportRequest request) { // verify the required parameter 'request' is set if (request == null) { throw new ApiException(400, "Missing required parameter 'request' when calling ContentSecurityPolicyApi->ContentSecurityPolicyReport"); } var localVarPath = "/api/v1.0/csp/report"; var localVarPathParams = new Dictionary <String, String>(); var localVarQueryParams = new List <KeyValuePair <String, String> >(); var localVarHeaderParams = new Dictionary <String, String>(this.Configuration.DefaultHeader); var localVarFormParams = new Dictionary <String, String>(); var localVarFileParams = new Dictionary <String, FileParameter>(); Object localVarPostBody = null; // to determine the Content-Type header String[] localVarHttpContentTypes = new String[] { "application/json", "text/json", "application/xml", "text/xml", "application/x-www-form-urlencoded" }; String localVarHttpContentType = this.Configuration.ApiClient.SelectHeaderContentType(localVarHttpContentTypes); // to determine the Accept header String[] localVarHttpHeaderAccepts = new String[] { "application/json", "text/json", "application/xml", "text/xml" }; String localVarHttpHeaderAccept = this.Configuration.ApiClient.SelectHeaderAccept(localVarHttpHeaderAccepts); if (localVarHttpHeaderAccept != null) { localVarHeaderParams.Add("Accept", localVarHttpHeaderAccept); } if (request != null && request.GetType() != typeof(byte[])) { localVarPostBody = this.Configuration.ApiClient.Serialize(request); // http body (model) parameter } else { localVarPostBody = request; // byte array } // authentication (oauth2) required // oauth required if (!String.IsNullOrEmpty(this.Configuration.AccessToken)) { localVarHeaderParams["Authorization"] = "Bearer " + this.Configuration.AccessToken; } // make the HTTP request IRestResponse localVarResponse = (IRestResponse)await this.Configuration.ApiClient.CallApiAsync(localVarPath, Method.POST, localVarQueryParams, localVarPostBody, localVarHeaderParams, localVarFormParams, localVarFileParams, localVarPathParams, localVarHttpContentType); int localVarStatusCode = (int)localVarResponse.StatusCode; if (ExceptionFactory != null) { Exception exception = ExceptionFactory("ContentSecurityPolicyReport", localVarResponse); if (exception != null) { throw exception; } } return(new ApiResponse <Object>(localVarStatusCode, localVarResponse.Headers.ToDictionary(x => x.Name, x => x.Value.ToString()), (Object)this.Configuration.ApiClient.Deserialize(localVarResponse, typeof(Object)))); }
/// <summary> /// /// </summary> /// <exception cref="Flipdish.Client.ApiException">Thrown when fails to make API call</exception> /// <param name="request"></param> /// <returns>Task of Object</returns> public async System.Threading.Tasks.Task <Object> ContentSecurityPolicyReportAsync(CspReportRequest request) { ApiResponse <Object> localVarResponse = await ContentSecurityPolicyReportAsyncWithHttpInfo(request); return(localVarResponse.Data); }
/// <summary> /// /// </summary> /// <exception cref="Flipdish.Client.ApiException">Thrown when fails to make API call</exception> /// <param name="request"></param> /// <returns>Object</returns> public Object ContentSecurityPolicyReport(CspReportRequest request) { ApiResponse <Object> localVarResponse = ContentSecurityPolicyReportWithHttpInfo(request); return(localVarResponse.Data); }
public IActionResult CspReport([FromBody] CspReportRequest cspReport) { _logger.LogWarning("CSP-Violation - Violated Directive: {0}, Blocked URI: {1}", cspReport.CspReport.ViolatedDirective, cspReport.CspReport.BlockedUri); return(new OkResult()); }
public ActionResult <string> CspReport([FromBody] CspReportRequest request) { Console.WriteLine($"Blocked URL -------------------> {request.CspReport.BlockedUri}"); return(string.Empty); }