def post(self, request, project, auth, helper, **kwargs):
data = helper.safely_load_json_string(request.body)
# Do origin check based on the `document-uri` key as explained
# in `_dispatch`.
try:
report = data['csp-report']
except KeyError:
raise APIError('Missing csp-report')
origin = report.get('document-uri')
# No idea, but this is garbage
if origin == 'about:blank':
raise APIForbidden('Invalid document-uri')
if not is_valid_origin(origin, project):
raise APIForbidden('Invalid document-uri')
# An invalid CSP report must go against quota
if not is_valid_csp_report(report, project):
app.tsdb.incr_multi([
(app.tsdb.models.project_total_received, project.id),
(app.tsdb.models.project_total_blacklisted, project.id),
(app.tsdb.models.organization_total_received, project.organization_id),
(app.tsdb.models.organization_total_blacklisted, project.organization_id),
])
metrics.incr('events.blacklisted')
raise APIForbidden('Rejected CSP report')
# Attach on collected meta data. This data obviously isn't a part
# of the spec, but we need to append to the report sentry specific things.
report['_meta'] = {
'release': request.GET.get('sentry_release'),
}
response_or_event_id = self.process(
request,
project=project,
auth=auth,
helper=helper,
data=report,
**kwargs
)
if isinstance(response_or_event_id, HttpResponse):
return response_or_event_id
return HttpResponse(status=201)
def post(self, request, project, auth, helper, **kwargs):
data = helper.safely_load_json_string(request.body)
# Do origin check based on the `document-uri` key as explained
# in `_dispatch`.
try:
report = data['csp-report']
except KeyError:
raise APIError('Missing csp-report')
origin = report.get('document-uri')
# No idea, but this is garbage
if origin == 'about:blank':
raise APIForbidden('Invalid document-uri')
if not is_valid_origin(origin, project):
raise APIForbidden('Invalid document-uri')
# An invalid CSP report must go against quota
if not is_valid_csp_report(report, project):
app.tsdb.incr_multi([
(app.tsdb.models.project_total_received, project.id),
(app.tsdb.models.project_total_blacklisted, project.id),
(app.tsdb.models.organization_total_received,
project.organization_id),
(app.tsdb.models.organization_total_blacklisted,
project.organization_id),
])
metrics.incr('events.blacklisted')
raise APIForbidden('Rejected CSP report')
# Attach on collected meta data. This data obviously isn't a part
# of the spec, but we need to append to the report sentry specific things.
report['_meta'] = {
'release': request.GET.get('sentry_release'),
}
response_or_event_id = self.process(request,
project=project,
auth=auth,
helper=helper,
data=report,
**kwargs)
if isinstance(response_or_event_id, HttpResponse):
return response_or_event_id
return HttpResponse(status=201)
def should_filter(self, project, data, ip_address=None):
if not is_valid_csp_report(data['sentry.interfaces.Csp'], project):
return (True, FilterStatKeys.INVALID_CSP)
return super(CspApiHelper, self).should_filter(project, data,
ip_address)
def should_filter(self, project, data, ip_address=None):
if not is_valid_csp_report(data['sentry.interfaces.Csp'], project):
return True
return super(CspApiHelper, self).should_filter(project, data, ip_address)
def test_valid_csp_report(report):
assert is_valid_csp_report(report) is True
def test_blocked_csp_report(report):
assert is_valid_csp_report(report) is False
def test_valid_csp_report(report):
assert is_valid_csp_report(report) is True
def test_blocked_csp_report(report):
assert is_valid_csp_report(report) is False
def should_filter(self, project, data, ip_address=None):
if not is_valid_csp_report(data, project):
return True
return super(CspApiHelper, self).should_filter(project, data,
ip_address)
