Skip to content
This repository has been archived by the owner on Sep 25, 2024. It is now read-only.

rossumai/go-csp-collector

 
 

Repository files navigation

This is a content security policy violation collector written in Golang.

It has been designed to listen on port 8080 and accept POST payloads containing the violation report. It captures the report and will write it to STDOUT via Go's logger.

A neat little feature of this tool is that it automatically ignores unactionable reports. Check out the default list if you're interested.

Installation

$ go get github.com/jacobbednarz/go-csp-collector

Alternatively, you can download the binaries from the release page.

Running

$ go build csp_collector.go
$ ./csp_collector

Building for Docker

You will either need to build within a docker container for the purpose, or use CGO_ENABLED=0 flag to make the build compatible with alpine linux in a docker container.

$ CGO_ENABLED=0 go build csp_collector.go

Command Line Options

Flag Description
version Shows the version string before exiting
debug Runs in debug mode producing more verbose output
port Port to run on, default 8080
filter-file Reads the blocked URI filter list from the specified file. Note one filter per line
health-check-path Sets path for health checkers to use, default /_healthcheck

See the sample.filterlist.txt file as an example of the filter list in a file

Request metadata

Additional information can be attached to each report by adding a metadata url parameter to each report. That value will be copied verbatim into the logged report.

For example a report sent to https://collector.example.com/?metadata=foobar will include field metadata with value foobar.

Output formats

The output format can be controlled by passing --output-format <type> to the executable. Available formats are:

  • Text: A key/value output that quotes all the values. Example: blocked_uri="about:blank" ...
  • JSON: Single line, compressed JSON object. Example: {"blocked_uri":"about:blank"}

The default formatter is text.

Writing to a file instead of just STDOUT

If you'd rather have these violations end up in a file, I suggest just redirecting the output into a file like so:

$ ./csp_collector 2>> /path/to/violations.log

Visualisation

This project purposely doesn't try to solve the problem of visualing the violation data because there are already a bunch of great solutions out there. Once you have your violations being collected, be sure to slurp them into your favourite log aggregation tool.

Deployments

Currently supported deployment mechanisms:

About

A CSP collector written in Golang

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Go 77.1%
  • Shell 9.4%
  • Mustache 9.3%
  • Dockerfile 4.2%