Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
strass
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
hub
strass
Commits
1fd4b302
Commit
1fd4b302
authored
10 months ago
by
Bryan BRANCOTTE
Browse files
Options
Downloads
Patches
Plain Diff
rework import, remove dependency to strass_app
parent
2c0a370a
No related branches found
No related tags found
1 merge request
!220
Enable CSP
Pipeline
#138713
failed
10 months ago
Stage: build
Stage: test
Stage: deploy
Changes
3
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
src/strass/cspmailreports/tests.py
+15
-15
15 additions, 15 deletions
src/strass/cspmailreports/tests.py
src/strass/cspmailreports/urls.py
+2
-2
2 additions, 2 deletions
src/strass/cspmailreports/urls.py
src/strass/cspmailreports/views.py
+6
-6
6 additions, 6 deletions
src/strass/cspmailreports/views.py
with
23 additions
and
23 deletions
src/strass/cspmailreports/tests.py
+
15
−
15
View file @
1fd4b302
import
json
import
logging
from
typing
import
Dict
from
django.core
import
mail
from
django.test
import
override_settings
from
django.urls
import
reverse
,
reverse_lazy
from
django.core
import
mail
from
django.test
import
TestCase
,
override_settings
from
django.urls
import
reverse
from
django.urls
import
reverse_lazy
from
cspmailreports
import
apps
from
cspmailreports.conf
import
app_settings
from
strass_app.tests.test_base_test_case
import
TooledTestCase
import
cspmailreports.apps
import
cspmailreports.conf
logger
=
logging
.
getLogger
(
__name__
)
class
CSPTooledTestCase
(
Tooled
TestCase
):
class
CSPTooledTestCase
(
TestCase
):
url
=
reverse_lazy
(
'
cspmailreports:csp-report
'
)
def
setUp
(
self
):
super
().
setUp
()
app_settings
.
_reset_cache
()
cspmailreports
.
conf
.
app_settings
.
_reset_cache
()
@staticmethod
def
fake_report
(
referrer
=
"
http://127.0.0.1:8080
"
)
->
Dict
:
...
...
@@ -77,7 +77,7 @@ class TestDOS(CSPTooledTestCase):
mail_count
=
len
(
mail
.
outbox
)
self
.
client
.
defaults
[
'
REMOTE_ADDR
'
]
=
'
1.2.3.4
'
# trigger dos
for
i
in
range
(
app_settings
.
max_report_before_cooldown
):
for
i
in
range
(
cspmailreports
.
conf
.
app_settings
.
max_report_before_cooldown
):
self
.
assertIn
(
self
.
report
().
status_code
,
[
200
])
mail_count
+=
1
self
.
assertEqual
(
mail_count
,
len
(
mail
.
outbox
))
...
...
@@ -118,8 +118,8 @@ class TestMailNoAdmin(CSPTooledTestCase):
)
class
TestCheck1
(
CSPTooledTestCase
):
def
test_it
(
self
):
app_settings
.
_reset_cache
()
self
.
assertEqual
(
len
(
apps
.
check_settings
(
None
)),
1
)
cspmailreports
.
conf
.
app_settings
.
_reset_cache
()
self
.
assertEqual
(
len
(
cspmailreports
.
apps
.
check_settings
(
None
)),
1
)
@override_settings
(
...
...
@@ -127,8 +127,8 @@ class TestCheck1(CSPTooledTestCase):
)
class
TestCheck2
(
CSPTooledTestCase
):
def
test_it
(
self
):
app_settings
.
_reset_cache
()
self
.
assertEqual
(
len
(
apps
.
check_settings
(
None
)),
1
)
cspmailreports
.
conf
.
app_settings
.
_reset_cache
()
self
.
assertEqual
(
len
(
cspmailreports
.
apps
.
check_settings
(
None
)),
1
)
@override_settings
(
...
...
@@ -137,5 +137,5 @@ class TestCheck2(CSPTooledTestCase):
)
class
TestCheckAll
(
CSPTooledTestCase
):
def
test_it
(
self
):
app_settings
.
_reset_cache
()
self
.
assertEqual
(
len
(
apps
.
check_settings
(
None
)),
2
)
cspmailreports
.
conf
.
app_settings
.
_reset_cache
()
self
.
assertEqual
(
len
(
cspmailreports
.
apps
.
check_settings
(
None
)),
2
)
This diff is collapsed.
Click to expand it.
src/strass/cspmailreports/urls.py
+
2
−
2
View file @
1fd4b302
from
django.urls
import
re_path
from
views
import
report_csp
import
cspmailreports.views
app_name
=
'
cspmailreports
'
urlpatterns
=
[
re_path
(
r
'
^report/$
'
,
report_csp
,
name
=
'
csp-report
'
),
re_path
(
r
'
^report/$
'
,
cspmailreports
.
views
.
report_csp
,
name
=
'
csp-report
'
),
]
This diff is collapsed.
Click to expand it.
src/strass/cspmailreports/views.py
+
6
−
6
View file @
1fd4b302
...
...
@@ -5,8 +5,8 @@ from django.http import HttpResponse
from
django.views.decorators.csrf
import
csrf_exempt
from
django.views.decorators.http
import
require_POST
from
cspmailreports
import
utils
from
cspmailreports.
conf
import
app_setting
s
import
cspmailreports
.conf
import
cspmailreports.
util
s
logger
=
logging
.
getLogger
(
__name__
)
...
...
@@ -16,10 +16,10 @@ logger = logging.getLogger(__name__)
def
report_csp
(
request
):
if
request
.
content_type
!=
'
application/csp-report
'
:
return
HttpResponse
(
status
=
415
)
if
utils
.
is_flagged_as_dos
(
request
):
return
HttpResponse
(
status
=
429
,
headers
=
[(
"
Retry-After
"
,
app_settings
.
dos_cooldown
)])
report
=
utils
.
create_report
(
request
)
if
app_settings
.
print_in_log
:
if
cspmailreports
.
utils
.
is_flagged_as_dos
(
request
):
return
HttpResponse
(
status
=
429
,
headers
=
[(
"
Retry-After
"
,
cspmailreports
.
conf
.
app_settings
.
dos_cooldown
)])
report
=
cspmailreports
.
utils
.
create_report
(
request
)
if
cspmailreports
.
conf
.
app_settings
.
print_in_log
:
logger
.
warning
(
f
'
CSP violation report:
\n
{
report
}
'
)
mail_admins
(
"
CSP violation report
"
,
report
)
return
HttpResponse
()
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment