Documentation
¶
Overview ¶
Package specification provides implementations for the Reporting API and related specifications that define how to interpret, receive and serialize security reports.
Index ¶
Constants ¶
const ( // DeprecatedReportToDefaultMaxAge is used as default cache duration for report groups. DeprecatedReportToDefaultMaxAge = 5 * 24 * 60 * 60 // DeprecatedReportToHeaderKey is the HTTP header key for the Reporting API. DeprecatedReportToHeaderKey = "Report-To" )
const CSPReportType = "csp-violation"
const ReportingEndpointsHeaderKey = "Reporting-Endpoints"
ReportingEndpointsHeaderKey is the HTTP Header key for Reporting Endpoints.
Variables ¶
This section is empty.
Functions ¶
func DeprecatedMarshalGroups ¶
func DeprecatedMarshalGroups(groups ...DeprecatedGroup) string
DeprecatedMarshalGroups returns the wire representation of a list of groups.
func MarshalEndpoints ¶
MarshalEndpoints marshals the given map as a string to use in a Reporting Endpoints header.
Keys will be used as endpoints names, and values as endpoints URLs. Note that URLs MUST be potentially trustworthy. Non-secure endpoints will be ignored by clients.
Types ¶
type CSPReport ¶
type CSPReport struct {
}
CSPReport will be an implementation for the serialization of reports.
The specification is currently too unclear to implement this bit, so this doesn't currently work.
type CSPReportDeprecated ¶
type CSPReportDeprecated struct {
DocumentURI string `json:"document-uri"`
Referrer string `json:"referrer"`
BlockedURI string `json:"blocked-uri"`
EffectiveDirective string `json:"effective-directive"`
ViolatedDirective string `json:"violated-directive"`
OriginalPolicy string `json:"original-policy"`
Disposition string `json:"disposition"`
StatusCode uint `json:"status-code"`
ScriptSample string `json:"script-sample"`
}
CSPReport is an implementation for the deprecated serialization for reports.
type DeprecatedEndpoint ¶
type DeprecatedEndpoint struct {
// URL defines the location of the endpoint.
URL string `json:"url"`
// Priority forms failover classes.
// Failover classes allow the developer to provide backup collectors (those with higher priority values)
// that will only receive reports if all of the primary collectors (those with lower priority values) fail.
Priority uint `json:"priority,omitempty"`
// Weight determines how report traffic is balanced across the failover class.
Weight uint `json:"weight,omitempty"`
}
DeprecatedEndpoint is the Go representation of [endpoints] in the deprecated draft for Report-To headers format.
type DeprecatedGroup ¶
type DeprecatedGroup struct {
// Name associates a name with the endpoint group.
// If no member named "group" is present in the object,
// the endpoint group will be given the name "default".
Name string `json:"group,omitempty"`
// IncludeSubdomains enables this endpoint group for all subdomains of the current origin’s host.
// If no member named "include_subdomains" is present in the object, or its value is not "true",
// the endpoint group will not be enabled for subdomains
IncludeSubdomains bool `json:"include_subdomains,omitempty"`
// MaxAgeSeconds defines the endpoint group’s lifetime, as a non-negative integer number of seconds.
// A value of 0 will cause the endpoint group to be removed from the user agent’s reporting cache.
MaxAgeSeconds uint `json:"max_age"`
// Endpoints is the list of endpoints that belong to this endpoint group.
Endpoints []DeprecatedEndpoint `json:"endpoints"`
}
DeprecatedGroup is the Go representation of groups in the deprecated draft Report-To headers format.
func NewDeprecatedGroup ¶
func NewDeprecatedGroup(name string, url string, otherUrls ...string) DeprecatedGroup
NewDeprecatedGroup creates a new Group with MaxAge set to DeprecatedReportToDefaultMaxAge and all optional values with increasing priority.
type Report ¶
type Report struct {
// AgeMilliseconds is the number of milliseconds between the report’s [timestamp] and the current time according to the user agent.
//
// [timestamp]: https://www.w3.org/TR/reporting/#report-timestamp
AgeMilliseconds int `json:"age"`
// Type is a [report type].
//
// [report type]: https://www.w3.org/TR/reporting/#report-type
Type string `json:"type"`
// URL is typically the address of the Document or Worker from which the report was generated ([specification]).
//
// [specification]: https://www.w3.org/TR/reporting/#report-url
URL string `json:"url"`
// UserAgent is the value of the [User-Agent header] of the request from which the report was generated.
//
// [User-Agent header]: https://www.w3.org/TR/reporting/#report-user-agent
UserAgent string `json:"user_agent"`
// Body is the result of deserializing the report body object ([doc]).
//
// [doc]: https://www.w3.org/TR/reporting/#report-body
Body any `json:"body"`
}
Report represents a report sent by a client.
type ReportsList ¶
type ReportsList []Report
Source Files