UNPKG

csp-builder

Version:

A builder tool to help generate Content Security Policies in a type-safe way

github.com/pgilad/csp-builder

pgilad/csp-builder

417 lines (316 loc) • 8.07 kB

JavaScript

'use strict'; Object.defineProperty(exports, '__esModule', { value: true }); (function (PredefinedSource) { PredefinedSource["None"] = "'none'"; PredefinedSource["ReportSample"] = "'report-sample'"; PredefinedSource["Self"] = "'self'"; PredefinedSource["StrictDynamic"] = "'strict-dynamic'"; PredefinedSource["UnsafeEval"] = "'unsafe-eval'"; PredefinedSource["UnsafeInline"] = "'unsafe-inline'"; })(exports.PredefinedSource || (exports.PredefinedSource = {})); (function (SchemaSource) { SchemaSource["Blob"] = "blob:"; SchemaSource["Data"] = "data:"; SchemaSource["Filesystem"] = "filesystem:"; SchemaSource["Http"] = "http:"; SchemaSource["Https"] = "https:"; SchemaSource["MediaStream"] = "mediastream:"; })(exports.SchemaSource || (exports.SchemaSource = {})); (function (DirectiveType) { DirectiveType["Fetch"] = "fetch"; DirectiveType["Document"] = "document"; DirectiveType["Navigation"] = "navigation"; DirectiveType["Reporting"] = "reporting"; DirectiveType["Other"] = "other"; })(exports.DirectiveType || (exports.DirectiveType = {})); class AbstractMultiValueDirective { constructor() { this.state = new Set(); } addValue(value) { const values = Array.isArray(value) ? value : [value]; this.state = new Set([...this.state, ...values]); return this; } serialize() { const sources = Array.from(this.state).join(' '); return `${this.getDirectiveName()} ${sources};`; } getMinimumCspVersion() { return 1; } } class ConnectSource extends AbstractMultiValueDirective { getDirectiveName() { return 'connect-src'; } getDirectiveType() { return exports.DirectiveType.Fetch; } } class DefaultSource extends AbstractMultiValueDirective { getDirectiveName() { return 'default-src'; } getDirectiveType() { return exports.DirectiveType.Fetch; } } class FontSource extends AbstractMultiValueDirective { getDirectiveName() { return 'font-src'; } getDirectiveType() { return exports.DirectiveType.Fetch; } } class FrameSource extends AbstractMultiValueDirective { getDirectiveName() { return 'frame-src'; } getDirectiveType() { return exports.DirectiveType.Fetch; } } class ImageSource extends AbstractMultiValueDirective { getDirectiveName() { return 'img-src'; } getDirectiveType() { return exports.DirectiveType.Fetch; } } class ManifestSource extends AbstractMultiValueDirective { getDirectiveName() { return 'manifest-src'; } getDirectiveType() { return exports.DirectiveType.Fetch; } getMinimumCspVersion() { return 3; } } class MediaSource extends AbstractMultiValueDirective { getDirectiveName() { return 'media-src'; } getDirectiveType() { return exports.DirectiveType.Fetch; } } class ObjectSource extends AbstractMultiValueDirective { getDirectiveName() { return 'object-src'; } getDirectiveType() { return exports.DirectiveType.Fetch; } } class PrefetchSource extends AbstractMultiValueDirective { getDirectiveName() { return 'prefetch-src'; } getDirectiveType() { return exports.DirectiveType.Fetch; } getMinimumCspVersion() { return 3; } } class ScriptSource extends AbstractMultiValueDirective { getDirectiveName() { return 'script-src'; } getDirectiveType() { return exports.DirectiveType.Fetch; } } class StyleSource extends AbstractMultiValueDirective { getDirectiveName() { return 'style-src'; } getDirectiveType() { return exports.DirectiveType.Fetch; } } class WorkerSource extends AbstractMultiValueDirective { getDirectiveName() { return 'worker-src'; } getDirectiveType() { return exports.DirectiveType.Fetch; } getMinimumCspVersion() { return 3; } } class BaseUri extends AbstractMultiValueDirective { getDirectiveName() { return 'base-uri'; } getDirectiveType() { return exports.DirectiveType.Document; } } class PluginTypes extends AbstractMultiValueDirective { getDirectiveName() { return 'plugin-types'; } getDirectiveType() { return exports.DirectiveType.Document; } getMinimumCspVersion() { return 2; } } class Sandbox extends AbstractMultiValueDirective { getDirectiveName() { return 'sandbox'; } getDirectiveType() { return exports.DirectiveType.Document; } } class FormAction extends AbstractMultiValueDirective { getDirectiveName() { return 'form-action'; } getDirectiveType() { return exports.DirectiveType.Navigation; } getMinimumCspVersion() { return 2; } } class FrameAncestors extends AbstractMultiValueDirective { getDirectiveName() { return 'frame-ancestors'; } getDirectiveType() { return exports.DirectiveType.Navigation; } getMinimumCspVersion() { return 2; } } class AbstractSingleValueDirective { constructor() { this.state = null; } setValue(value) { this.state = value; return this; } getMinimumCspVersion() { return 1; } serialize() { if (!this.state) { return ''; } return `${this.getDirectiveName()} ${this.state};`; } } class ReportTo extends AbstractSingleValueDirective { getDirectiveName() { return 'report-to'; } getDirectiveType() { return exports.DirectiveType.Reporting; } } class ReportUri extends AbstractSingleValueDirective { getDirectiveName() { return 'report-uri'; } getDirectiveType() { return exports.DirectiveType.Reporting; } } class AbstractToggleDirective { constructor() { this.state = false; } toggle(value) { this.state = value; return this; } getMinimumCspVersion() { return 1; } serialize() { if (!this.state) { return ''; } return `${this.getDirectiveName()};`; } } class BlockAllMixedContent extends AbstractToggleDirective { getDirectiveName() { return 'block-all-mixed-content'; } getDirectiveType() { return exports.DirectiveType.Other; } } class RequireSriFor extends AbstractSingleValueDirective { getDirectiveName() { return 'require-sri-for'; } getDirectiveType() { return exports.DirectiveType.Other; } } class UpgradeInsecureRequests extends AbstractToggleDirective { getDirectiveName() { return 'upgrade-insecure-requests'; } getDirectiveType() { return exports.DirectiveType.Other; } } class Builder { constructor(level = 3) { this.directives = new Map(); this.level = level; } addDirective(directive) { const directiveName = directive.getDirectiveName(); if (directive.getMinimumCspVersion() > this.level) { throw new Error(`Directive ${directiveName} is not supported by CSP level of ${this.level}`); } this.directives.set(directiveName, directive); return this; } stringify() { return Array.from(this.directives.values()).map(directive => directive.serialize()).join(' ').trim(); } } exports.AbstractMultiValueDirective = AbstractMultiValueDirective; exports.AbstractSingleValueDirective = AbstractSingleValueDirective; exports.AbstractToggleDirective = AbstractToggleDirective; exports.BaseUri = BaseUri; exports.BlockAllMixedContent = BlockAllMixedContent; exports.Builder = Builder; exports.ConnectSource = ConnectSource; exports.DefaultSource = DefaultSource; exports.FontSource = FontSource; exports.FormAction = FormAction; exports.FrameAncestors = FrameAncestors; exports.FrameSource = FrameSource; exports.ImageSource = ImageSource; exports.ManifestSource = ManifestSource; exports.MediaSource = MediaSource; exports.ObjectSource = ObjectSource; exports.PluginTypes = PluginTypes; exports.PrefetchSource = PrefetchSource; exports.ReportTo = ReportTo; exports.ReportUri = ReportUri; exports.RequireSriFor = RequireSriFor; exports.Sandbox = Sandbox; exports.ScriptSource = ScriptSource; exports.StyleSource = StyleSource; exports.UpgradeInsecureRequests = UpgradeInsecureRequests; exports.WorkerSource = WorkerSource; //# sourceMappingURL=index.js.map