diff options
Diffstat (limited to 'cspreport.pm')
-rw-r--r-- | cspreport.pm | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/cspreport.pm b/cspreport.pm new file mode 100644 index 0000000..99cee37 --- /dev/null +++ b/cspreport.pm @@ -0,0 +1,96 @@ +package cspreport; +use strict; +use warnings; +use base 'CGI::Application'; +use utf8; +use Data::Dumper; +use JSON; +use Net::SMTP; +use Email::MIME; +use MIME::Base64; +use Authen::SASL; + +sub setup { + my $self = shift; + $self->start_mode('mode1'); + $self->run_modes( 'mode1' => 'cspreport' ); +} + +sub cspreport { + my $self = shift; + my $q = $self->query(); + $self->header_add( -type => 'text/plain; charset=UTF-8' ); + + my $report = $q->param('POSTDATA'); + send_report($report); + + return "OK\n"; +} + +sub send_report { + my $report = shift; + my ( $smtp, @parts, $mime ); + + $smtp = Net::SMTP->new( 'localhost', SSL => 1 ); + $smtp->auth( + Authen::SASL->new( + mechanism => 'PLAIN', + callback => { + user => '', + pass => '') + } + ) + ); + $smtp->mail('CSP Report <cspreport@domain>'); + $smtp->recipient('Webmaster <webmaster@domain>'); + @parts = ( + Email::MIME->create( + body_str => parse_report($report), + attributes => { + content_type => 'text/plain', + charset => 'UTF-8', + encoding => '8bit', + } + ), + Email::MIME->create( + body_str => $report, + attributes => { + content_type => 'application/json', + charset => 'UTF-8', + encoding => '8bit', + name => 'csp.json', + disposition => 'attachment', + } + ) + ); + $mime = Email::MIME->create( + header_str => [ + From => 'CSP Report <cspreport@domain>', + To => 'Webmaster <webmaster@domain>', + Subject => 'New CSP Report' + ], + parts => \@parts, + attributes => { + charset => 'UTF-8', + encoding => '8bit', + } + ); + $smtp->data( $mime->as_string ); + $smtp->quit(); +} + +sub parse_report { + my $report = shift; + my $output = ''; + my $json = decode_json($report); + $output .= ' Quelle: ' . $json->{'csp-report'}->{'document-uri'} . "\n"; + $output .= ' Resource: ' . $json->{'csp-report'}->{'blocked-uri'} . "\n"; + $output .= ' Referrer: ' . $json->{'csp-report'}->{'referrer'} . "\n"; + $output .= + 'Direktive: ' . $json->{'csp-report'}->{'violated-directive'} . "\n"; + $output .= + ' Policy: ' . $json->{'csp-report'}->{'original-policy'} . "\n"; + return $output; +} + +1; |