From d4afb5b3f5a74d7fd210409b6ffbaa5fef93d007 Mon Sep 17 00:00:00 2001 From: Peter Ludikovsky Date: Tue, 6 Dec 2016 16:06:30 +0100 Subject: Initial commit --- cspreport.pl | 15 +++++++++ cspreport.pm | 96 +++++++++++++++++++++++++++++++++++++++++++++++++++++ uwsgi-cspreport.ini | 10 ++++++ 3 files changed, 121 insertions(+) create mode 100644 cspreport.pl create mode 100644 cspreport.pm create mode 100644 uwsgi-cspreport.ini diff --git a/cspreport.pl b/cspreport.pl new file mode 100644 index 0000000..31281d1 --- /dev/null +++ b/cspreport.pl @@ -0,0 +1,15 @@ +#!/usr/bin/perl -w + +use strict; +use warnings; +use utf8; +use lib qw/./; + +use CGI::PSGI; +use cspreport; + +my $handler = sub { + my $env = shift; + my $app = cspreport->new( { QUERY => CGI::PSGI->new($env) } ); + $app->run_as_psgi(); +}; diff --git a/cspreport.pm b/cspreport.pm new file mode 100644 index 0000000..99cee37 --- /dev/null +++ b/cspreport.pm @@ -0,0 +1,96 @@ +package cspreport; +use strict; +use warnings; +use base 'CGI::Application'; +use utf8; +use Data::Dumper; +use JSON; +use Net::SMTP; +use Email::MIME; +use MIME::Base64; +use Authen::SASL; + +sub setup { + my $self = shift; + $self->start_mode('mode1'); + $self->run_modes( 'mode1' => 'cspreport' ); +} + +sub cspreport { + my $self = shift; + my $q = $self->query(); + $self->header_add( -type => 'text/plain; charset=UTF-8' ); + + my $report = $q->param('POSTDATA'); + send_report($report); + + return "OK\n"; +} + +sub send_report { + my $report = shift; + my ( $smtp, @parts, $mime ); + + $smtp = Net::SMTP->new( 'localhost', SSL => 1 ); + $smtp->auth( + Authen::SASL->new( + mechanism => 'PLAIN', + callback => { + user => '', + pass => '') + } + ) + ); + $smtp->mail('CSP Report '); + $smtp->recipient('Webmaster '); + @parts = ( + Email::MIME->create( + body_str => parse_report($report), + attributes => { + content_type => 'text/plain', + charset => 'UTF-8', + encoding => '8bit', + } + ), + Email::MIME->create( + body_str => $report, + attributes => { + content_type => 'application/json', + charset => 'UTF-8', + encoding => '8bit', + name => 'csp.json', + disposition => 'attachment', + } + ) + ); + $mime = Email::MIME->create( + header_str => [ + From => 'CSP Report ', + To => 'Webmaster ', + Subject => 'New CSP Report' + ], + parts => \@parts, + attributes => { + charset => 'UTF-8', + encoding => '8bit', + } + ); + $smtp->data( $mime->as_string ); + $smtp->quit(); +} + +sub parse_report { + my $report = shift; + my $output = ''; + my $json = decode_json($report); + $output .= ' Quelle: ' . $json->{'csp-report'}->{'document-uri'} . "\n"; + $output .= ' Resource: ' . $json->{'csp-report'}->{'blocked-uri'} . "\n"; + $output .= ' Referrer: ' . $json->{'csp-report'}->{'referrer'} . "\n"; + $output .= + 'Direktive: ' . $json->{'csp-report'}->{'violated-directive'} . "\n"; + $output .= + ' Policy: ' . $json->{'csp-report'}->{'original-policy'} . "\n"; + return $output; +} + +1; diff --git a/uwsgi-cspreport.ini b/uwsgi-cspreport.ini new file mode 100644 index 0000000..b12bdcb --- /dev/null +++ b/uwsgi-cspreport.ini @@ -0,0 +1,10 @@ +[uwsgi] +plugins = psgi +socket = [::1]:9002 +uid = www-data +gid = www-data +procname-master = uwsgi cspreport +master = true +chdir = /srv/www/cspreport + +psgi = cspreport.pl -- cgit v1.2.3