Class: CspBuilder

Inherits:
Object
  • Object
show all
Defined in:
lib/csp_builder.rb,
lib/csp_builder/version.rb,
lib/csp_builder/constants.rb

Overview

Content Security Policy builder class. This class provides a lot of methods for making it easier to compose Content Security Policies for your web applications.

Examples:

Creating a CSP string

csp = CspBuilder.new.
  script_src("https://*.cloudfront.net", :self).
  style_src("https://*.cloudfront.net").
  img_src('*').
  frame_ancestors(:self).
  upgrade_insecure_requests

# Get the compiled CSP string:
# "script-src https://*.cloudfront.net 'self'; style-src https://*.cloudfront.net; img-src *; frame-ancestors 'self'; upgrade-insecure-requests"
csp.compile!

Constant Summary collapse

VERSION =
'0.2.0'.freeze
FETCH_DIRECTIVES =

Fetch directive define the locations where various resource types can be loaded from. These directive all end in with “-src”

%i[
  child connect default font frame img
  manifest media object script style worker
].freeze
VALUE_DIRECTIVES =

Value directives are either document, navigation, reporting or other type of directives that require a value

%i[
  base-uri form-action frame-ancestors
  plugin-types report-uri require-sri-for
].freeze
META_DIRECTIVES =

Meta directives do not require a value and can be used in a <meta> tag in the document's <head>

%i[
  block-all-mixed-content upgrade-insecure-requests
].freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeCspBuilder

Returns a new instance of CspBuilder


24
25
26
27
# File 'lib/csp_builder.rb', line 24

def initialize
  @directives = {}
  @result     = nil
end

Instance Attribute Details

#resultObject (readonly)

Final result string. This is set by compile!


21
22
23
# File 'lib/csp_builder.rb', line 21

def result
  @result
end

Instance Method Details

#base_uri(*values) ⇒ CspBuilder

Generated method

Parameters:

  • values (Array<String, Symbol>)

    one or more value; Symbols are wrapped in single quotes

Returns:


94
95
96
97
98
99
100
101
102
# File 'lib/csp_builder.rb', line 94

VALUE_DIRECTIVES.each do |type|
  class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
    def #{type.to_s.gsub('-', '_')}(*values)
      values.each { |value| set_directive! :'#{type}', value }

      self
    end
  RUBY_EVAL
end

#block_all_mixed_content(*values) ⇒ CspBuilder

Generated method

Parameters:

  • values (Array<String, Symbol>)

    one or more value; Symbols are wrapped in single quotes

Returns:


108
109
110
111
112
113
114
115
116
# File 'lib/csp_builder.rb', line 108

META_DIRECTIVES.each do |type|
  class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
    def #{type.to_s.gsub('-', '_')}
      @directives[:'#{type}'] = true

      self
    end
  RUBY_EVAL
end

#child_src(*values) ⇒ CspBuilder

Generated method

Parameters:

  • values (Array<String, Symbol>)

    one or more value; Symbols are wrapped in single quotes

Returns:


72
73
74
75
76
77
78
79
80
# File 'lib/csp_builder.rb', line 72

FETCH_DIRECTIVES.each do |type|
  class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
    def #{type}_src(*values)
      values.each { |value| set_directive! :'#{type}-src', value }

      self
    end
  RUBY_EVAL
end

#compile!String

Compile Content Security Policy with all of the defined directives

Returns:

  • (String)

    compiled CSP string


37
38
39
40
41
# File 'lib/csp_builder.rb', line 37

def compile!
  @directives.freeze unless @directives.frozen?

  @result ||= compile.freeze
end

#compiled?Boolean

Returns whether the result has been compiled or not

Returns:

  • (Boolean)

31
32
33
# File 'lib/csp_builder.rb', line 31

def compiled?
  !@result.nil?
end

#connect_src(*values) ⇒ CspBuilder

Generated method

Parameters:

  • values (Array<String, Symbol>)

    one or more value; Symbols are wrapped in single quotes

Returns:


72
73
74
75
76
77
78
79
80
# File 'lib/csp_builder.rb', line 72

FETCH_DIRECTIVES.each do |type|
  class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
    def #{type}_src(*values)
      values.each { |value| set_directive! :'#{type}-src', value }

      self
    end
  RUBY_EVAL
end

#default_src(*values) ⇒ CspBuilder

Generated method

Parameters:

  • values (Array<String, Symbol>)

    one or more value; Symbols are wrapped in single quotes

Returns:


72
73
74
75
76
77
78
79
80
# File 'lib/csp_builder.rb', line 72

FETCH_DIRECTIVES.each do |type|
  class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
    def #{type}_src(*values)
      values.each { |value| set_directive! :'#{type}-src', value }

      self
    end
  RUBY_EVAL
end

#font_src(*values) ⇒ CspBuilder

Generated method

Parameters:

  • values (Array<String, Symbol>)

    one or more value; Symbols are wrapped in single quotes

Returns:


72
73
74
75
76
77
78
79
80
# File 'lib/csp_builder.rb', line 72

FETCH_DIRECTIVES.each do |type|
  class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
    def #{type}_src(*values)
      values.each { |value| set_directive! :'#{type}-src', value }

      self
    end
  RUBY_EVAL
end

#form_action(*values) ⇒ CspBuilder

Generated method

Parameters:

  • values (Array<String, Symbol>)

    one or more value; Symbols are wrapped in single quotes

Returns:


94
95
96
97
98
99
100
101
102
# File 'lib/csp_builder.rb', line 94

VALUE_DIRECTIVES.each do |type|
  class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
    def #{type.to_s.gsub('-', '_')}(*values)
      values.each { |value| set_directive! :'#{type}', value }

      self
    end
  RUBY_EVAL
end

#frame_ancestors(*values) ⇒ CspBuilder

Generated method

Parameters:

  • values (Array<String, Symbol>)

    one or more value; Symbols are wrapped in single quotes

Returns:


94
95
96
97
98
99
100
101
102
# File 'lib/csp_builder.rb', line 94

VALUE_DIRECTIVES.each do |type|
  class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
    def #{type.to_s.gsub('-', '_')}(*values)
      values.each { |value| set_directive! :'#{type}', value }

      self
    end
  RUBY_EVAL
end

#frame_src(*values) ⇒ CspBuilder

Generated method

Parameters:

  • values (Array<String, Symbol>)

    one or more value; Symbols are wrapped in single quotes

Returns:


72
73
74
75
76
77
78
79
80
# File 'lib/csp_builder.rb', line 72

FETCH_DIRECTIVES.each do |type|
  class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
    def #{type}_src(*values)
      values.each { |value| set_directive! :'#{type}-src', value }

      self
    end
  RUBY_EVAL
end

#img_src(*values) ⇒ CspBuilder

Generated method

Parameters:

  • values (Array<String, Symbol>)

    one or more value; Symbols are wrapped in single quotes

Returns:


72
73
74
75
76
77
78
79
80
# File 'lib/csp_builder.rb', line 72

FETCH_DIRECTIVES.each do |type|
  class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
    def #{type}_src(*values)
      values.each { |value| set_directive! :'#{type}-src', value }

      self
    end
  RUBY_EVAL
end

#manifest_src(*values) ⇒ CspBuilder

Generated method

Parameters:

  • values (Array<String, Symbol>)

    one or more value; Symbols are wrapped in single quotes

Returns:


72
73
74
75
76
77
78
79
80
# File 'lib/csp_builder.rb', line 72

FETCH_DIRECTIVES.each do |type|
  class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
    def #{type}_src(*values)
      values.each { |value| set_directive! :'#{type}-src', value }

      self
    end
  RUBY_EVAL
end

#media_src(*values) ⇒ CspBuilder

Generated method

Parameters:

  • values (Array<String, Symbol>)

    one or more value; Symbols are wrapped in single quotes

Returns:


72
73
74
75
76
77
78
79
80
# File 'lib/csp_builder.rb', line 72

FETCH_DIRECTIVES.each do |type|
  class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
    def #{type}_src(*values)
      values.each { |value| set_directive! :'#{type}-src', value }

      self
    end
  RUBY_EVAL
end

#object_src(*values) ⇒ CspBuilder

Generated method

Parameters:

  • values (Array<String, Symbol>)

    one or more value; Symbols are wrapped in single quotes

Returns:


72
73
74
75
76
77
78
79
80
# File 'lib/csp_builder.rb', line 72

FETCH_DIRECTIVES.each do |type|
  class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
    def #{type}_src(*values)
      values.each { |value| set_directive! :'#{type}-src', value }

      self
    end
  RUBY_EVAL
end

#plugin_types(*values) ⇒ CspBuilder

Generated method

Parameters:

  • values (Array<String, Symbol>)

    one or more value; Symbols are wrapped in single quotes

Returns:


94
95
96
97
98
99
100
101
102
# File 'lib/csp_builder.rb', line 94

VALUE_DIRECTIVES.each do |type|
  class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
    def #{type.to_s.gsub('-', '_')}(*values)
      values.each { |value| set_directive! :'#{type}', value }

      self
    end
  RUBY_EVAL
end

#report_uri(*values) ⇒ CspBuilder

Generated method

Parameters:

  • values (Array<String, Symbol>)

    one or more value; Symbols are wrapped in single quotes

Returns:


94
95
96
97
98
99
100
101
102
# File 'lib/csp_builder.rb', line 94

VALUE_DIRECTIVES.each do |type|
  class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
    def #{type.to_s.gsub('-', '_')}(*values)
      values.each { |value| set_directive! :'#{type}', value }

      self
    end
  RUBY_EVAL
end

#require_sri_for(*values) ⇒ CspBuilder

Generated method

Parameters:

  • values (Array<String, Symbol>)

    one or more value; Symbols are wrapped in single quotes

Returns:


94
95
96
97
98
99
100
101
102
# File 'lib/csp_builder.rb', line 94

VALUE_DIRECTIVES.each do |type|
  class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
    def #{type.to_s.gsub('-', '_')}(*values)
      values.each { |value| set_directive! :'#{type}', value }

      self
    end
  RUBY_EVAL
end

#script_src(*values) ⇒ CspBuilder

Generated method

Parameters:

  • values (Array<String, Symbol>)

    one or more value; Symbols are wrapped in single quotes

Returns:


72
73
74
75
76
77
78
79
80
# File 'lib/csp_builder.rb', line 72

FETCH_DIRECTIVES.each do |type|
  class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
    def #{type}_src(*values)
      values.each { |value| set_directive! :'#{type}-src', value }

      self
    end
  RUBY_EVAL
end

#style_src(*values) ⇒ CspBuilder

Generated method

Parameters:

  • values (Array<String, Symbol>)

    one or more value; Symbols are wrapped in single quotes

Returns:


72
73
74
75
76
77
78
79
80
# File 'lib/csp_builder.rb', line 72

FETCH_DIRECTIVES.each do |type|
  class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
    def #{type}_src(*values)
      values.each { |value| set_directive! :'#{type}-src', value }

      self
    end
  RUBY_EVAL
end

#upgrade_insecure_requests(*values) ⇒ CspBuilder

Generated method

Parameters:

  • values (Array<String, Symbol>)

    one or more value; Symbols are wrapped in single quotes

Returns:


108
109
110
111
112
113
114
115
116
# File 'lib/csp_builder.rb', line 108

META_DIRECTIVES.each do |type|
  class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
    def #{type.to_s.gsub('-', '_')}
      @directives[:'#{type}'] = true

      self
    end
  RUBY_EVAL
end

#worker_src(*values) ⇒ CspBuilder

Generated method

Parameters:

  • values (Array<String, Symbol>)

    one or more value; Symbols are wrapped in single quotes

Returns:


72
73
74
75
76
77
78
79
80
# File 'lib/csp_builder.rb', line 72

FETCH_DIRECTIVES.each do |type|
  class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
    def #{type}_src(*values)
      values.each { |value| set_directive! :'#{type}-src', value }

      self
    end
  RUBY_EVAL
end