def post(self, request, project, auth, helper, **kwargs): data = helper.safely_load_json_string(request.body) # Do origin check based on the `document-uri` key as explained # in `_dispatch`. try: report = data['csp-report'] except KeyError: raise APIError('Missing csp-report') origin = report.get('document-uri') # No idea, but this is garbage if origin == 'about:blank': raise APIForbidden('Invalid document-uri') if not is_valid_origin(origin, project): raise APIForbidden('Invalid document-uri') # An invalid CSP report must go against quota if not is_valid_csp_report(report, project): app.tsdb.incr_multi([ (app.tsdb.models.project_total_received, project.id), (app.tsdb.models.project_total_blacklisted, project.id), (app.tsdb.models.organization_total_received, project.organization_id), (app.tsdb.models.organization_total_blacklisted, project.organization_id), ]) metrics.incr('events.blacklisted') raise APIForbidden('Rejected CSP report') # Attach on collected meta data. This data obviously isn't a part # of the spec, but we need to append to the report sentry specific things. report['_meta'] = { 'release': request.GET.get('sentry_release'), } response_or_event_id = self.process( request, project=project, auth=auth, helper=helper, data=report, **kwargs ) if isinstance(response_or_event_id, HttpResponse): return response_or_event_id return HttpResponse(status=201)
def post(self, request, project, auth, helper, **kwargs): data = helper.safely_load_json_string(request.body) # Do origin check based on the `document-uri` key as explained # in `_dispatch`. try: report = data['csp-report'] except KeyError: raise APIError('Missing csp-report') origin = report.get('document-uri') # No idea, but this is garbage if origin == 'about:blank': raise APIForbidden('Invalid document-uri') if not is_valid_origin(origin, project): raise APIForbidden('Invalid document-uri') # An invalid CSP report must go against quota if not is_valid_csp_report(report, project): app.tsdb.incr_multi([ (app.tsdb.models.project_total_received, project.id), (app.tsdb.models.project_total_blacklisted, project.id), (app.tsdb.models.organization_total_received, project.organization_id), (app.tsdb.models.organization_total_blacklisted, project.organization_id), ]) metrics.incr('events.blacklisted') raise APIForbidden('Rejected CSP report') # Attach on collected meta data. This data obviously isn't a part # of the spec, but we need to append to the report sentry specific things. report['_meta'] = { 'release': request.GET.get('sentry_release'), } response_or_event_id = self.process(request, project=project, auth=auth, helper=helper, data=report, **kwargs) if isinstance(response_or_event_id, HttpResponse): return response_or_event_id return HttpResponse(status=201)
def should_filter(self, project, data, ip_address=None): if not is_valid_csp_report(data['sentry.interfaces.Csp'], project): return (True, FilterStatKeys.INVALID_CSP) return super(CspApiHelper, self).should_filter(project, data, ip_address)
def should_filter(self, project, data, ip_address=None): if not is_valid_csp_report(data['sentry.interfaces.Csp'], project): return True return super(CspApiHelper, self).should_filter(project, data, ip_address)
def test_valid_csp_report(report): assert is_valid_csp_report(report) is True
def test_blocked_csp_report(report): assert is_valid_csp_report(report) is False
def should_filter(self, project, data, ip_address=None): if not is_valid_csp_report(data, project): return True return super(CspApiHelper, self).should_filter(project, data, ip_address)