public void CspReport()
{
var homeController = new HomeControllerBuilder()
.Build();
var cspReportRequest = new CspReportRequest()
{
CspReport = new CspReport()
{
BlockedUri = "/CspReport",
DocumentUri = "self",
OriginalPolicy = "self",
EffectiveDirective = "self",
Referrer = "self",
ViolatedDirective = "script-src",
StatusCode = 200
}
};
var actionResult = homeController.CspReport(cspReportRequest);
actionResult.Should().NotBeNull("because the default response from HomeController is a valid result.");
actionResult.Should().BeAssignableTo <ActionResult <string> >("because the default response from HomeController is a valid IActionResult.");
var viewResult = (ActionResult <string>)actionResult;
viewResult.Value.Should().NotBeNull("because the controller returns empty string.");
viewResult.Value.Should().BeEmpty("because the controller returns empty string.");
}
public async Task CspReport()
{
var dataController = new DataControllerBuilder()
.Build();
var appSettings = new AppSettings()
{
Csp = this.BuildCsp()
};
var cspReportRequest = new CspReportRequest()
{
CspReport = new CspReport()
{
BlockedUri = "/CspReport",
DocumentUri = appSettings.Csp.Report,
OriginalPolicy = "self",
EffectiveDirective = "self",
Referrer = "self",
ViolatedDirective = "script-src",
StatusCode = 200
}
};
var actionResult = await dataController.CspReport(cspReportRequest);
actionResult.Should().NotBeNull("because the default response from HomeController is a valid result.");
actionResult.Should().BeAssignableTo <OkResult>("because the default response from HomeController is a valid OkResult.");
}
/// <summary>
/// Posts a <see cref="CspReportRequest"/> to the configred API.
/// </summary>
/// <param name="cancellation">The cancellation token.</param>
/// <returns>The <see cref="HttpResponseMessage"/> for examination.</returns>
public async Task <HttpResponseMessage> ReportAsync(CspReportRequest cspReport, CancellationToken cancellation = default)
{
using (var client = ClientFactory.CreateClient <CspClient>())
{
return(await client.PostAsync(CspPathFragment, new CspReportContent(cspReport), cancellation).ConfigureAwait(false));
}
}
public IActionResult CspReport([FromBody] CspReportRequest request)
{
var reqCspRep = request.CspReport;
// TODO: log request to a datastore somewhere
var cspViolation = new StringBuilder("CSP Violation:");
cspViolation.AppendFormat(" URIs- Document:{0}, Blocked:{1}", reqCspRep.DocumentUri, reqCspRep.BlockedUri);
cspViolation.AppendLine();
//if (!string.IsNullOrWhiteSpace(reqCspRep.OriginalPolicy))
//{
// cspViolation.AppendFormat(" Original Policy:{0}", reqCspRep.OriginalPolicy);
// cspViolation.AppendLine();
//}
cspViolation.AppendFormat(" Directives- Violated:{0}, Effective:{1} ", reqCspRep.ViolatedDirective, reqCspRep.EffectiveDirective);
cspViolation.AppendLine();
if (!string.IsNullOrWhiteSpace(reqCspRep.Referrer))
{
cspViolation.AppendFormat(" Referrer:{0}", reqCspRep.Referrer);
cspViolation.AppendLine();
}
cspViolation.AppendFormat(" Status Code:{0}", reqCspRep.StatusCode);
Console.WriteLine(cspViolation.ToString());
return(Ok());
}
public IActionResult CspReport([FromBody] CspReportRequest request)
{
// TODO: log request to a datastore somewhere
_logger.LogWarning($"CSP Violation: {request.CspReport.DocumentUri}, {request.CspReport.BlockedUri}");
return(Ok());
}
public IActionResult Report([FromBody] CspReportRequest request)
{
_logger.LogInformation($" Request Path: {HttpContext.Request.Path} and Query: {HttpContext.Request.Query}");
_logger.LogWarning("CSP Violation: {cspReport}", request);
return(Ok());
}
public IActionResult CspReport([FromBody] CspReportRequest model)
{
if (model.CspReport != null)
{
Log.ForContext("report", model.CspReport, true).Warning("csp-report");
}
return(new EmptyResult());
}
public async Task <IActionResult> CspReport([FromBody] CspReportRequest request)
{
await Task.Run(() =>
{
// Process report
});
return(Ok());
}
public IActionResult CspReport(CspReportRequest request)
{
//Also, as this is somewhat security sensitive, the response is always a success (ignoring timings).
try
{
//This is the only check made. If bad entries will be logged,
//they should be eliminated and purged from the repository
//accordingly.
if (request?.CspReport != null)
{
//TODO: Save the data.
}
}
catch { }
return(Ok());
}
public IActionResult Report([FromBody] CspReportRequest request)
{
_logger.LogWarning("CSP Violation: {cspReport}", request);
return(Ok());
}
/// <summary>
///
/// </summary>
/// <exception cref="Flipdish.Client.ApiException">Thrown when fails to make API call</exception>
/// <param name="request"></param>
/// <returns>Task of ApiResponse (Object)</returns>
public async System.Threading.Tasks.Task <ApiResponse <Object> > ContentSecurityPolicyReportAsyncWithHttpInfo(CspReportRequest request)
{
// verify the required parameter 'request' is set
if (request == null)
{
throw new ApiException(400, "Missing required parameter 'request' when calling ContentSecurityPolicyApi->ContentSecurityPolicyReport");
}
var localVarPath = "/api/v1.0/csp/report";
var localVarPathParams = new Dictionary <String, String>();
var localVarQueryParams = new List <KeyValuePair <String, String> >();
var localVarHeaderParams = new Dictionary <String, String>(this.Configuration.DefaultHeader);
var localVarFormParams = new Dictionary <String, String>();
var localVarFileParams = new Dictionary <String, FileParameter>();
Object localVarPostBody = null;
// to determine the Content-Type header
String[] localVarHttpContentTypes = new String[] {
"application/json",
"text/json",
"application/xml",
"text/xml",
"application/x-www-form-urlencoded"
};
String localVarHttpContentType = this.Configuration.ApiClient.SelectHeaderContentType(localVarHttpContentTypes);
// to determine the Accept header
String[] localVarHttpHeaderAccepts = new String[] {
"application/json",
"text/json",
"application/xml",
"text/xml"
};
String localVarHttpHeaderAccept = this.Configuration.ApiClient.SelectHeaderAccept(localVarHttpHeaderAccepts);
if (localVarHttpHeaderAccept != null)
{
localVarHeaderParams.Add("Accept", localVarHttpHeaderAccept);
}
if (request != null && request.GetType() != typeof(byte[]))
{
localVarPostBody = this.Configuration.ApiClient.Serialize(request); // http body (model) parameter
}
else
{
localVarPostBody = request; // byte array
}
// authentication (oauth2) required
// oauth required
if (!String.IsNullOrEmpty(this.Configuration.AccessToken))
{
localVarHeaderParams["Authorization"] = "Bearer " + this.Configuration.AccessToken;
}
// make the HTTP request
IRestResponse localVarResponse = (IRestResponse)await this.Configuration.ApiClient.CallApiAsync(localVarPath,
Method.POST, localVarQueryParams, localVarPostBody, localVarHeaderParams, localVarFormParams, localVarFileParams,
localVarPathParams, localVarHttpContentType);
int localVarStatusCode = (int)localVarResponse.StatusCode;
if (ExceptionFactory != null)
{
Exception exception = ExceptionFactory("ContentSecurityPolicyReport", localVarResponse);
if (exception != null)
{
throw exception;
}
}
return(new ApiResponse <Object>(localVarStatusCode,
localVarResponse.Headers.ToDictionary(x => x.Name, x => x.Value.ToString()),
(Object)this.Configuration.ApiClient.Deserialize(localVarResponse, typeof(Object))));
}
/// <summary>
///
/// </summary>
/// <exception cref="Flipdish.Client.ApiException">Thrown when fails to make API call</exception>
/// <param name="request"></param>
/// <returns>Task of Object</returns>
public async System.Threading.Tasks.Task <Object> ContentSecurityPolicyReportAsync(CspReportRequest request)
{
ApiResponse <Object> localVarResponse = await ContentSecurityPolicyReportAsyncWithHttpInfo(request);
return(localVarResponse.Data);
}
/// <summary>
///
/// </summary>
/// <exception cref="Flipdish.Client.ApiException">Thrown when fails to make API call</exception>
/// <param name="request"></param>
/// <returns>Object</returns>
public Object ContentSecurityPolicyReport(CspReportRequest request)
{
ApiResponse <Object> localVarResponse = ContentSecurityPolicyReportWithHttpInfo(request);
return(localVarResponse.Data);
}
public IActionResult CspReport([FromBody] CspReportRequest cspReport)
{
_logger.LogWarning("CSP-Violation - Violated Directive: {0}, Blocked URI: {1}", cspReport.CspReport.ViolatedDirective, cspReport.CspReport.BlockedUri);
return(new OkResult());
}
public ActionResult <string> CspReport([FromBody] CspReportRequest request)
{
Console.WriteLine($"Blocked URL -------------------> {request.CspReport.BlockedUri}");
return(string.Empty);
}
