2022-05-27 14:59:13 +00:00
|
|
|
package coderd
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/json"
|
|
|
|
"net/http"
|
|
|
|
|
|
|
|
"github.com/coder/coder/coderd/httpapi"
|
2022-07-13 00:15:02 +00:00
|
|
|
"github.com/coder/coder/codersdk"
|
2022-05-27 14:59:13 +00:00
|
|
|
|
|
|
|
"cdr.dev/slog"
|
|
|
|
)
|
|
|
|
|
|
|
|
type cspViolation struct {
|
|
|
|
Report map[string]interface{} `json:"csp-report"`
|
|
|
|
}
|
|
|
|
|
|
|
|
// logReportCSPViolations will log all reported csp violations.
|
2022-12-22 14:53:14 +00:00
|
|
|
//
|
|
|
|
// @Summary Report CSP violations
|
|
|
|
// @ID report-csp-violations
|
|
|
|
// @Security CoderSessionToken
|
|
|
|
// @Accept json
|
|
|
|
// @Tags General
|
|
|
|
// @Param request body cspViolation true "Violation report"
|
|
|
|
// @Success 200
|
|
|
|
// @Router /csp/reports [post]
|
2022-05-27 14:59:13 +00:00
|
|
|
func (api *API) logReportCSPViolations(rw http.ResponseWriter, r *http.Request) {
|
|
|
|
ctx := r.Context()
|
|
|
|
var v cspViolation
|
|
|
|
|
|
|
|
dec := json.NewDecoder(r.Body)
|
|
|
|
err := dec.Decode(&v)
|
|
|
|
if err != nil {
|
|
|
|
api.Logger.Warn(ctx, "csp violation", slog.Error(err))
|
2022-09-21 22:07:00 +00:00
|
|
|
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
|
2022-06-07 14:33:06 +00:00
|
|
|
Message: "Failed to read body, invalid json.",
|
2022-06-03 21:48:09 +00:00
|
|
|
Detail: err.Error(),
|
2022-05-27 14:59:13 +00:00
|
|
|
})
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
fields := make([]slog.Field, 0, len(v.Report))
|
|
|
|
for k, v := range v.Report {
|
|
|
|
fields = append(fields, slog.F(k, v))
|
|
|
|
}
|
2022-10-07 13:05:56 +00:00
|
|
|
api.Logger.Debug(ctx, "csp violation", fields...)
|
2022-05-27 14:59:13 +00:00
|
|
|
|
2022-09-21 22:07:00 +00:00
|
|
|
httpapi.Write(ctx, rw, http.StatusOK, "ok")
|
2022-05-27 14:59:13 +00:00
|
|
|
}
|