zulip/zerver/views/report.py

# System documented in https://zulip.readthedocs.io/en/latest/subsystems/logging.html
import logging

from django.http import HttpRequest, HttpResponse
from django.views.decorators.csrf import csrf_exempt
from django.views.decorators.http import require_POST

from zerver.lib.request import REQ, has_request_variables
from zerver.lib.response import json_success
from zerver.lib.validator import (
    WildValue,
    check_string,
    to_wild_value,
)


@csrf_exempt
@require_POST
@has_request_variables
def report_csp_violations(
    request: HttpRequest,
    csp_report: WildValue = REQ(argument_type="body", converter=to_wild_value),
) -> HttpResponse:
    def get_attr(csp_report_attr: str) -> str:
        return csp_report.get(csp_report_attr, "").tame(check_string)

    logging.warning(
        "CSP violation in document('%s'). "
        "blocked URI('%s'), original policy('%s'), "
        "violated directive('%s'), effective directive('%s'), "
        "disposition('%s'), referrer('%s'), "
        "status code('%s'), script sample('%s')",
        get_attr("document-uri"),
        get_attr("blocked-uri"),
        get_attr("original-policy"),
        get_attr("violated-directive"),
        get_attr("effective-directive"),
        get_attr("disposition"),
        get_attr("referrer"),
        get_attr("status-code"),
        get_attr("script-sample"),
    )

    return json_success(request)
docs: Update links from codebase to point to ReadTheDocs. 2017-11-16 19:51:44 +01:00			`# System documented in https://zulip.readthedocs.io/en/latest/subsystems/logging.html`
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-11 00:54:34 +02:00			`import logging`
Move reporting views to their own file. 2015-11-23 17:29:37 +01:00
Annotate zerver/views/report.py. 2016-06-04 21:47:59 +02:00			`from django.http import HttpRequest, HttpResponse`
csp_reports: Add endpoint to handle logging of reports sent by clients. 2018-04-11 05:50:08 +02:00			`from django.views.decorators.csrf import csrf_exempt`
			`from django.views.decorators.http import require_POST`
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-11 00:54:34 +02:00
zerver: Remove now-unused report/ endpoints. 2023-05-03 17:35:09 +02:00			`from zerver.lib.request import REQ, has_request_variables`
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-11 00:54:34 +02:00			`from zerver.lib.response import json_success`
report: Strengthen report_csp_violations type using WildValue. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2022-01-11 09:37:41 +01:00			`from zerver.lib.validator import (`
			`WildValue,`
			`check_string,`
			`to_wild_value,`
			`)`
Move reporting views to their own file. 2015-11-23 17:29:37 +01:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00
csp_reports: Add endpoint to handle logging of reports sent by clients. 2018-04-11 05:50:08 +02:00			`@csrf_exempt`
			`@require_POST`
			`@has_request_variables`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`def report_csp_violations(`
report: Strengthen report_csp_violations type using WildValue. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2022-01-11 09:37:41 +01:00			`request: HttpRequest,`
			`csp_report: WildValue = REQ(argument_type="body", converter=to_wild_value),`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`) -> HttpResponse:`
csp_reports: Add endpoint to handle logging of reports sent by clients. 2018-04-11 05:50:08 +02:00			`def get_attr(csp_report_attr: str) -> str:`
report: Strengthen report_csp_violations type using WildValue. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2022-01-11 09:37:41 +01:00			`return csp_report.get(csp_report_attr, "").tame(check_string)`
csp_reports: Add endpoint to handle logging of reports sent by clients. 2018-04-11 05:50:08 +02:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`logging.warning(`
docs: Fix capitalization mistakes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-05-10 07:02:14 +02:00			`"CSP violation in document('%s'). "`
			`"blocked URI('%s'), original policy('%s'), "`
			`"violated directive('%s'), effective directive('%s'), "`
			`"disposition('%s'), referrer('%s'), "`
			`"status code('%s'), script sample('%s')",`
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`get_attr("document-uri"),`
			`get_attr("blocked-uri"),`
			`get_attr("original-policy"),`
			`get_attr("violated-directive"),`
			`get_attr("effective-directive"),`
			`get_attr("disposition"),`
			`get_attr("referrer"),`
			`get_attr("status-code"),`
			`get_attr("script-sample"),`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`)`
csp_reports: Add endpoint to handle logging of reports sent by clients. 2018-04-11 05:50:08 +02:00
backend: Add request as parameter to json_success. Adds request as a parameter to json_success as a refactor towards making `ignored_parameters_unsupported` functionality available for all API endpoints. Also, removes any data parameters that are an empty dict or a dict with the generic success response values. 2022-01-31 13:44:02 +01:00			`return json_success(request)`