How to use @doyensec/csp-evaluator - 4 common examples

To help you get started, we’ve selected a few @doyensec/csp-evaluator examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github doyensec / electronegativity / src / finder / checks / GlobalChecks / CSPGlobalCheck.js View on Github external
var otherIssues = issues.filter(e => e.id !== 'CSP_JS_CHECK' && e.id !== 'CSP_HTML_CHECK');
    if (cspIssues.length === 0) {
      // No CSP detected
      issues.push({ file: "N/A", location: {line: 0, column: 0}, id: this.id, description: this.description.NO_CSP, shortenedURL: this.shortenedURL, severity: attributes.severity.MEDIUM, confidence: attributes.confidence.CERTAIN, manualReview: false });
      return issues;
    } else {
      // There is a CSP set
      var confidence = 0; 
      for (var cspIssue of cspIssues) {
        var parser = new csp.CspParser(cspIssue.properties.CSPstring);
        var evaluator = new csp.CspEvaluator(parser.csp, csp.Version.CSP3);
        var findings = evaluator.evaluate();
        for (var finding of findings)
          if (finding.severity === csp.severities.HIGH || finding.severity === csp.severities.MEDIUM)
            confidence = 2;
          else if (finding.severity === csp.severities.HIGH_MAYBE || finding.severity === csp.severities.MEDIUM_MAYBE)
            if (confidence < 2) confidence = 1;
      }

      if (confidence === 2) 
        otherIssues.push({ file: cspIssues[0].file, location: cspIssues[0].location, id: this.id, description: this.description.WEAK_CSP, shortenedURL: this.shortenedURL, severity: attributes.severity.LOW, confidence: attributes.confidence.CERTAIN, sample: cspIssue.properties.CSPstring, manualReview: false });
      if (confidence === 1)
        otherIssues.push({ file: cspIssues[0].file, location: cspIssues[0].location, id: this.id, description: this.description.MAYBE_WEAK_CSP, shortenedURL: this.shortenedURL, severity: attributes.severity.LOW, confidence: attributes.confidence.FIRM, sample: cspIssue.properties.CSPstring, manualReview: true });


      return otherIssues;
    }
  }
}
github doyensec / electronegativity / src / finder / checks / GlobalChecks / CSPGlobalCheck.js View on Github external
async perform(issues) {
    var cspIssues = issues.filter(e => e.id === 'CSP_JS_CHECK' || e.id === 'CSP_HTML_CHECK');
    var otherIssues = issues.filter(e => e.id !== 'CSP_JS_CHECK' && e.id !== 'CSP_HTML_CHECK');
    if (cspIssues.length === 0) {
      // No CSP detected
      issues.push({ file: "N/A", location: {line: 0, column: 0}, id: this.id, description: this.description.NO_CSP, shortenedURL: this.shortenedURL, severity: attributes.severity.MEDIUM, confidence: attributes.confidence.CERTAIN, manualReview: false });
      return issues;
    } else {
      // There is a CSP set
      var confidence = 0; 
      for (var cspIssue of cspIssues) {
        var parser = new csp.CspParser(cspIssue.properties.CSPstring);
        var evaluator = new csp.CspEvaluator(parser.csp, csp.Version.CSP3);
        var findings = evaluator.evaluate();
        for (var finding of findings)
          if (finding.severity === csp.severities.HIGH || finding.severity === csp.severities.MEDIUM)
            confidence = 2;
          else if (finding.severity === csp.severities.HIGH_MAYBE || finding.severity === csp.severities.MEDIUM_MAYBE)
            if (confidence < 2) confidence = 1;
      }

      if (confidence === 2) 
        otherIssues.push({ file: cspIssues[0].file, location: cspIssues[0].location, id: this.id, description: this.description.WEAK_CSP, shortenedURL: this.shortenedURL, severity: attributes.severity.LOW, confidence: attributes.confidence.CERTAIN, sample: cspIssue.properties.CSPstring, manualReview: false });
      if (confidence === 1)
        otherIssues.push({ file: cspIssues[0].file, location: cspIssues[0].location, id: this.id, description: this.description.MAYBE_WEAK_CSP, shortenedURL: this.shortenedURL, severity: attributes.severity.LOW, confidence: attributes.confidence.FIRM, sample: cspIssue.properties.CSPstring, manualReview: true });


      return otherIssues;
    }
  }
}
github doyensec / electronegativity / src / finder / checks / GlobalChecks / CSPGlobalCheck.js View on Github external
async perform(issues) {
    var cspIssues = issues.filter(e => e.id === 'CSP_JS_CHECK' || e.id === 'CSP_HTML_CHECK');
    var otherIssues = issues.filter(e => e.id !== 'CSP_JS_CHECK' && e.id !== 'CSP_HTML_CHECK');
    if (cspIssues.length === 0) {
      // No CSP detected
      issues.push({ file: "N/A", location: {line: 0, column: 0}, id: this.id, description: this.description.NO_CSP, shortenedURL: this.shortenedURL, severity: attributes.severity.MEDIUM, confidence: attributes.confidence.CERTAIN, manualReview: false });
      return issues;
    } else {
      // There is a CSP set
      var confidence = 0; 
      for (var cspIssue of cspIssues) {
        var parser = new csp.CspParser(cspIssue.properties.CSPstring);
        var evaluator = new csp.CspEvaluator(parser.csp, csp.Version.CSP3);
        var findings = evaluator.evaluate();
        for (var finding of findings)
          if (finding.severity === csp.severities.HIGH || finding.severity === csp.severities.MEDIUM)
            confidence = 2;
          else if (finding.severity === csp.severities.HIGH_MAYBE || finding.severity === csp.severities.MEDIUM_MAYBE)
            if (confidence < 2) confidence = 1;
      }

      if (confidence === 2) 
        otherIssues.push({ file: cspIssues[0].file, location: cspIssues[0].location, id: this.id, description: this.description.WEAK_CSP, shortenedURL: this.shortenedURL, severity: attributes.severity.LOW, confidence: attributes.confidence.CERTAIN, sample: cspIssue.properties.CSPstring, manualReview: false });
      if (confidence === 1)
        otherIssues.push({ file: cspIssues[0].file, location: cspIssues[0].location, id: this.id, description: this.description.MAYBE_WEAK_CSP, shortenedURL: this.shortenedURL, severity: attributes.severity.LOW, confidence: attributes.confidence.FIRM, sample: cspIssue.properties.CSPstring, manualReview: true });


      return otherIssues;
    }
github doyensec / electronegativity / src / finder / checks / GlobalChecks / CSPGlobalCheck.js View on Github external
async perform(issues) {
    var cspIssues = issues.filter(e => e.id === 'CSP_JS_CHECK' || e.id === 'CSP_HTML_CHECK');
    var otherIssues = issues.filter(e => e.id !== 'CSP_JS_CHECK' && e.id !== 'CSP_HTML_CHECK');
    if (cspIssues.length === 0) {
      // No CSP detected
      issues.push({ file: "N/A", location: {line: 0, column: 0}, id: this.id, description: this.description.NO_CSP, shortenedURL: this.shortenedURL, severity: attributes.severity.MEDIUM, confidence: attributes.confidence.CERTAIN, manualReview: false });
      return issues;
    } else {
      // There is a CSP set
      var confidence = 0; 
      for (var cspIssue of cspIssues) {
        var parser = new csp.CspParser(cspIssue.properties.CSPstring);
        var evaluator = new csp.CspEvaluator(parser.csp, csp.Version.CSP3);
        var findings = evaluator.evaluate();
        for (var finding of findings)
          if (finding.severity === csp.severities.HIGH || finding.severity === csp.severities.MEDIUM)
            confidence = 2;
          else if (finding.severity === csp.severities.HIGH_MAYBE || finding.severity === csp.severities.MEDIUM_MAYBE)
            if (confidence < 2) confidence = 1;
      }

      if (confidence === 2) 
        otherIssues.push({ file: cspIssues[0].file, location: cspIssues[0].location, id: this.id, description: this.description.WEAK_CSP, shortenedURL: this.shortenedURL, severity: attributes.severity.LOW, confidence: attributes.confidence.CERTAIN, sample: cspIssue.properties.CSPstring, manualReview: false });
      if (confidence === 1)
        otherIssues.push({ file: cspIssues[0].file, location: cspIssues[0].location, id: this.id, description: this.description.MAYBE_WEAK_CSP, shortenedURL: this.shortenedURL, severity: attributes.severity.LOW, confidence: attributes.confidence.FIRM, sample: cspIssue.properties.CSPstring, manualReview: true });


      return otherIssues;

@doyensec/csp-evaluator

npm porting of the Google CSP evaluator library

Apache-2.0
Latest version published 6 years ago

Package Health Score

62 / 100
Full package analysis