package cspreport; use strict; use warnings; use base 'CGI::Application'; use utf8; use Data::Dumper; use JSON; use Net::SMTP; use Email::MIME; use MIME::Base64; use Authen::SASL; sub setup { my $self = shift; $self->start_mode('mode1'); $self->run_modes( 'mode1' => 'cspreport' ); } sub cspreport { my $self = shift; my $q = $self->query(); $self->header_add( -type => 'text/plain; charset=UTF-8' ); my $report = $q->param('POSTDATA'); send_report($report); return "OK\n"; } sub send_report { my $report = shift; my ( $smtp, @parts, $mime ); $smtp = Net::SMTP->new( 'localhost', SSL => 1 ); $smtp->auth( Authen::SASL->new( mechanism => 'PLAIN', callback => { user => '', pass => '') } ) ); $smtp->mail('CSP Report '); $smtp->recipient('Webmaster '); @parts = ( Email::MIME->create( body_str => parse_report($report), attributes => { content_type => 'text/plain', charset => 'UTF-8', encoding => '8bit', } ), Email::MIME->create( body_str => $report, attributes => { content_type => 'application/json', charset => 'UTF-8', encoding => '8bit', name => 'csp.json', disposition => 'attachment', } ) ); $mime = Email::MIME->create( header_str => [ From => 'CSP Report ', To => 'Webmaster ', Subject => 'New CSP Report' ], parts => \@parts, attributes => { charset => 'UTF-8', encoding => '8bit', } ); $smtp->data( $mime->as_string ); $smtp->quit(); } sub parse_report { my $report = shift; my $output = ''; my $json = decode_json($report); $output .= ' Quelle: ' . $json->{'csp-report'}->{'document-uri'} . "\n"; $output .= ' Resource: ' . $json->{'csp-report'}->{'blocked-uri'} . "\n"; $output .= ' Referrer: ' . $json->{'csp-report'}->{'referrer'} . "\n"; $output .= 'Direktive: ' . $json->{'csp-report'}->{'violated-directive'} . "\n"; $output .= ' Policy: ' . $json->{'csp-report'}->{'original-policy'} . "\n"; return $output; } 1;