Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
csp_evaluator
Advanced tools
csp_evaluator - npm Package Compare versions
Comparing version 1.0.2 to 1.0.3
@@ -157,2 +157,1 @@ /** | ||
| // TODO(lwe): Add check for NON_ASCII_CHAR |
@@ -82,3 +82,2 @@ /** | ||
| */ | ||
| // LINT.IfChange | ||
| export enum Type { | ||
@@ -119,2 +118,1 @@ // Parser checks | ||
| } | ||
| // LINT.ThenChange(//depot/google3/security/csp/evaluator/proto/csp_quality.proto) |
| { | ||
| "name": "csp_evaluator", | ||
| "version": "1.0.2", | ||
| "version": "1.0.3", | ||
| "description": "Evaluate Content Security Policies for a wide range of bypasses and weaknesses", | ||
@@ -5,0 +5,0 @@ "main": "dist/evaluator.js", |
@@ -25,3 +25,2 @@ /** | ||
| * A class to hold a parser for CSP in string format. | ||
| * TODO: Extend parser to detect common syntax and semantic errors in CSPs. | ||
| * @unrestricted | ||
@@ -65,3 +64,2 @@ */ | ||
| if (directiveName in this.csp.directives) { | ||
| // TODO(lwe): propagate the duplicate directive warning to the UI. | ||
| continue; | ||
@@ -71,3 +69,2 @@ } | ||
| if (!csp.isDirective(directiveName)) { | ||
| // TODO(lwe): propagate the invalid directive warning to the UI. | ||
| } | ||
@@ -74,0 +71,0 @@ |
@@ -62,26 +62,1 @@ # CSP Evaluator Core Library | ||
| <!-- copybara:strip_begin(internal documentation) --> | ||
| # Internal Docs | ||
| This library is synced to github.com/google/csp-evaluator by go/copybara and is published to NPM by http://go/npm-publish. Lighthouse uses the published NPM library. | ||
| ## Architecture | ||
| All code is written in Typescript. In this main directory is the core of the library for parsing and evaluating CSPs. `checks/` contains the various checks that are run against the policies. `lighthouse/` contains the checks that are used by Lighthouse for their integration. | ||
| There is also a [Chrome Extension](https://chrome.google.com/webstore/detail/fjohamlofnakbnbfjkohkbdigoodcejf) and a [demo service](https://csp-evaluator.withgoogle.com/) using this library. Since these are not open sourced, they live in `google3/javascript/security/csp/csp_evaluator/`. When working on the library, ensure you run tests in that directory too. | ||
| ## Contributing Process | ||
| 1. Make a change to the code | ||
| 2. Open a CL and review the change to ensure that it is okay to be released publicly on Github. Currently we have Copybara configured to strip TODOs and IFTTT comment blocks. Ensure that your change doesn't add any confidential Google information (e.g. go/ links). | ||
| 3. Request a review on the CL from lwe@ or ddworken@. Requesting a review will trigger Copybara to create a PR against the Github repo. Look in the analysis tab to find the link to the PR. | ||
| 4. Submit the CL and then merge the PR. If you need approval on the PR, get it from lwe@ or ddworken@. | ||
| 5. If the change needs to be published to NPM, follow the directions at go/npm-publish. Note that you'll need to bump the version in `package.json`. If possible, please confirm that the OSS version works by running tests on Github (see above for info on how to do this) before publishing. | ||
| ## HELP! | ||
| Ping lwe@ or ddworken@ for any questions. | ||
| <!-- copybara:strip_end --> | ||
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by51.32%
276910
- Number of package files
- increased by141.46%
99
- Lines of code
- increased by7.26%
3928
Worsened metrics
- Number of lines in readme file
- decreased by-28.74%
62
No dependency changes