Skip to content

finalduty/csp-report-collector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits

.github/workflows

.github/workflows

 
 

src

src

 
 

tests

tests

 
 

.flake8

.flake8

 
 

.flaskenv

.flaskenv

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

Pipfile

Pipfile

 
 

Pipfile.lock

Pipfile.lock

 
 

README.md

README.md

 
 

pyproject.toml

pyproject.toml

 
 

settings.conf.example

settings.conf.example

 
 

setup.cfg

setup.cfg

 
 

Repository files navigation

csp-report-collector

Content Security Policy Report Collector

Python Flask App to receive and store CSP violation reports from browsers.

Configuration

The CSP Report Collector is configurable via file and environment variables. Loading environment variables from .env files are also supported.

The configuration file must be called settings.conf.

Environment variables take precedence over options specified in the config file.

ENVVAR Config File Example Description
CSPRC_DB_URI db_uri mariadb://localhost:3306/csp_reports Full database connection string. e.g. sqlite://db.sqlite
CSPRC_DB_TYPE db_type sqlite, mariadb, mssql, postgresql The Type of database to use
CSPRC_DB_HOST db_host localhost, 127.0.0.1 The hostname or IP address of the database server
CSPRC_DB_PORT db_port 1433, 3306, 5432 The port of the database server. May be left blank to use the default for the db_type.
CSPRC_DB_USERNAME db_username user The username to authenticate to the db server with
CSPRC_DB_PASSWORD db_password correcthorsebatterystaple The password to authenticate to the db server with
CSPRC_DB_NAME db_name csp_reports

You may specify the db connection string as a single db_uri entry, or through a combination of db_uri and other options.

Examples

Using DB_URI Only:

export CSPRC_DB_URI="mariadb://username:password@localhost:3306/csp_reports

Using a combination of DB_URI and individual options:

export CSPRC_DB_URI="mariadb://localhost:3306"
export CSPRC_DB_USERNAME="username"
export CSPRC_DB_PASSWORD="password"
export CSPRC_DB_NAME="csp_reports"

How to use

It is recommended to use the finalduty/csp-report-collector container from Dockerhub, but you may also build a container from the Dockerfile, or install the app locally using pipenv.

The app does not currently support TLS, and so it is recommended to run it behind a TLS Proxy such as Nginx or Traefik.

## Start container
docker run -d --rm -p 8000:8000 -e CSPRC_DB_URI="sqlite:///db.sqlite" --name csp_report_collector finalduty/csp_report_collector

## Check the status endpoint, this should return a 200
curl http://localhost:8000/status

## Submit a test CSP Report, this should return a 204
curl -X POST http://localhost:8000/ -H 'Content-Type: application/csp-report' --data-binary '{"csp-report":{"document-uri":"https://domain.evil/","referrer":"","violated-directive":"frame-ancestors","effective-directive":"frame-ancestors","original-policy":"frame-ancestors *.domain.net;","disposition":"enforce","blocked-uri":"https://domain.evil/","status-code":0,"script-sample":""}}'

## Stop container
docker stop csp_report_collector

License

MIT License

About

Content Security Policy Reporting Endpoint

Topics

mysql python flask csp sqlite mariadb python3 content-security-policy collector mssql endpoint content-security-policy-report

Resources

Readme

License

MIT license
Activity

Stars

14 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases 2

v0.4.1 Latest
Apr 17, 2024
+ 1 release

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages