UNPKG

csp_evaluator

Version:

Evaluate Content Security Policies for a wide range of bypasses and weaknesses

csp-evaluator.withgoogle.com

google/csp-evaluator

75 lines 3.69 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.Type = exports.Severity = exports.Finding = void 0; class Finding { constructor(type, description, severity, directive, value) { this.type = type; this.description = description; this.severity = severity; this.directive = directive; this.value = value; } static getHighestSeverity(findings) { if (findings.length === 0) { return Severity.NONE; } const severities = findings.map((finding) => finding.severity); const min = (prev, cur) => prev < cur ? prev : cur; return severities.reduce(min, Severity.NONE); } equals(obj) { if (!(obj instanceof Finding)) { return false; } return obj.type === this.type && obj.description === this.description && obj.severity === this.severity && obj.directive === this.directive && obj.value === this.value; } } exports.Finding = Finding; var Severity; (function (Severity) { Severity[Severity["HIGH"] = 10] = "HIGH"; Severity[Severity["SYNTAX"] = 20] = "SYNTAX"; Severity[Severity["MEDIUM"] = 30] = "MEDIUM"; Severity[Severity["HIGH_MAYBE"] = 40] = "HIGH_MAYBE"; Severity[Severity["STRICT_CSP"] = 45] = "STRICT_CSP"; Severity[Severity["MEDIUM_MAYBE"] = 50] = "MEDIUM_MAYBE"; Severity[Severity["INFO"] = 60] = "INFO"; Severity[Severity["NONE"] = 100] = "NONE"; })(Severity = exports.Severity || (exports.Severity = {})); var Type; (function (Type) { Type[Type["MISSING_SEMICOLON"] = 100] = "MISSING_SEMICOLON"; Type[Type["UNKNOWN_DIRECTIVE"] = 101] = "UNKNOWN_DIRECTIVE"; Type[Type["INVALID_KEYWORD"] = 102] = "INVALID_KEYWORD"; Type[Type["NONCE_CHARSET"] = 106] = "NONCE_CHARSET"; Type[Type["MISSING_DIRECTIVES"] = 300] = "MISSING_DIRECTIVES"; Type[Type["SCRIPT_UNSAFE_INLINE"] = 301] = "SCRIPT_UNSAFE_INLINE"; Type[Type["SCRIPT_UNSAFE_EVAL"] = 302] = "SCRIPT_UNSAFE_EVAL"; Type[Type["PLAIN_URL_SCHEMES"] = 303] = "PLAIN_URL_SCHEMES"; Type[Type["PLAIN_WILDCARD"] = 304] = "PLAIN_WILDCARD"; Type[Type["SCRIPT_ALLOWLIST_BYPASS"] = 305] = "SCRIPT_ALLOWLIST_BYPASS"; Type[Type["OBJECT_ALLOWLIST_BYPASS"] = 306] = "OBJECT_ALLOWLIST_BYPASS"; Type[Type["NONCE_LENGTH"] = 307] = "NONCE_LENGTH"; Type[Type["IP_SOURCE"] = 308] = "IP_SOURCE"; Type[Type["DEPRECATED_DIRECTIVE"] = 309] = "DEPRECATED_DIRECTIVE"; Type[Type["SRC_HTTP"] = 310] = "SRC_HTTP"; Type[Type["SRC_NO_PROTOCOL"] = 311] = "SRC_NO_PROTOCOL"; Type[Type["EXPERIMENTAL"] = 312] = "EXPERIMENTAL"; Type[Type["WILDCARD_URL"] = 313] = "WILDCARD_URL"; Type[Type["X_FRAME_OPTIONS_OBSOLETED"] = 314] = "X_FRAME_OPTIONS_OBSOLETED"; Type[Type["STYLE_UNSAFE_INLINE"] = 315] = "STYLE_UNSAFE_INLINE"; Type[Type["STATIC_NONCE"] = 316] = "STATIC_NONCE"; Type[Type["SCRIPT_UNSAFE_HASHES"] = 317] = "SCRIPT_UNSAFE_HASHES"; Type[Type["STRICT_DYNAMIC"] = 400] = "STRICT_DYNAMIC"; Type[Type["STRICT_DYNAMIC_NOT_STANDALONE"] = 401] = "STRICT_DYNAMIC_NOT_STANDALONE"; Type[Type["NONCE_HASH"] = 402] = "NONCE_HASH"; Type[Type["UNSAFE_INLINE_FALLBACK"] = 403] = "UNSAFE_INLINE_FALLBACK"; Type[Type["ALLOWLIST_FALLBACK"] = 404] = "ALLOWLIST_FALLBACK"; Type[Type["IGNORED"] = 405] = "IGNORED"; Type[Type["REQUIRE_TRUSTED_TYPES_FOR_SCRIPTS"] = 500] = "REQUIRE_TRUSTED_TYPES_FOR_SCRIPTS"; Type[Type["REPORTING_DESTINATION_MISSING"] = 600] = "REPORTING_DESTINATION_MISSING"; Type[Type["REPORT_TO_ONLY"] = 601] = "REPORT_TO_ONLY"; })(Type = exports.Type || (exports.Type = {})); //# sourceMappingURL=finding.js.map