csp_easy_rails 0.1.0

data/.document

@@ -0,0 +1,5 @@
+lib/**/*.rb
+bin/*
+- 
+features/**/*.feature
+LICENSE.txt

data/Gemfile

@@ -0,0 +1,13 @@
+source "http://rubygems.org"
+# Add dependencies required to use your gem here.
+# Example:
+#   gem "activesupport", ">= 2.3.5"
+
+# Add dependencies to develop your gem here.
+# Include everything needed to run rake, tests, features, etc.
+group :development do
+  gem "shoulda", ">= 0"
+  gem "bundler", "~> 1.0.0"
+  gem "jeweler", "~> 1.6.4"
+  gem "rcov", ">= 0"
+end

data/Gemfile.lock

@@ -0,0 +1,20 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    git (1.2.5)
+    jeweler (1.6.4)
+      bundler (~> 1.0)
+      git (>= 1.2.5)
+      rake
+    rake (0.9.2)
+    rcov (0.9.10)
+    shoulda (2.11.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.0.0)
+  jeweler (~> 1.6.4)
+  rcov
+  shoulda

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2011 Chinmay Garde
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,19 @@
+= CSP Easy Rails
+
+Rails Extensions for CSP Easy
+
+== Contributing to CSP Easy Rails
+ 
+* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
+* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
+* Fork the project
+* Start a feature/bugfix branch
+* Commit and push until you are happy with your contribution
+* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
+* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
+
+== Copyright
+
+Copyright (c) 2011 Chinmay Garde. See LICENSE.txt for
+further details.
+

data/Rakefile

@@ -0,0 +1,53 @@
+# encoding: utf-8
+
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name = "csp_easy_rails"
+  gem.homepage = "http://github.com/chinmaygarde/csp_easy_rails"
+  gem.license = "MIT"
+  gem.summary = %Q{Rails extensions for CSP Easy}
+  gem.description = %Q{Rails extensions for CSP Easy}
+  gem.email = "chinmaygarde@gmail.com"
+  gem.authors = ["Chinmay Garde"]
+  # dependencies defined in Gemfile
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+require 'rcov/rcovtask'
+Rcov::RcovTask.new do |test|
+  test.libs << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+  test.rcov_opts << '--exclude "gems/*"'
+end
+
+task :default => :test
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "csp_easy_rails #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.0

data/lib/csp_easy_rails.rb

@@ -0,0 +1,22 @@
+require 'yaml'
+
+class CSPEasyRails
+  def self.policy(file)
+    config = YAML::load(File.read(file))
+    config.each do |key, value|
+      config[key] = "'#{value}'" if value == "self" || value == "none"
+      config[key] = value.join(" ") if value.class == Array
+    end
+    
+    policy_string = ""
+    config.each do |key, value|
+      policy_string = policy_string + "#{key} #{value}; "
+    end
+    
+    policy_string.strip
+  end
+end
+
+if __FILE__ == $0
+  CSPEasyRails.policy("../config/csp_policy.yml")
+end

data/lib/generators/csp_easy/USAGE

@@ -0,0 +1,5 @@
+Description:
+    Generates the default CSP policy file
+
+Example:
+    rails generate csp_easy

data/lib/generators/csp_easy/csp_easy_generator.rb

@@ -0,0 +1,12 @@
+class CspEasyGenerator < Rails::Generators::Base
+  source_root File.expand_path('../templates', __FILE__)
+  argument :task, :type => :string, :default => "install"
+  
+  def generate_policy_file
+    copy_file "csp_policy.yml", "config/csp_policy.yml"
+    say "---------------------------------------"
+    say "        To enable CSP easy in your Rails application add the following to your application.rb:"
+    say '        config.middleware.use "CSPEasy", CSPEasyRails.policy("#{config.root}/config/csp_policy.yml")'
+    say "---------------------------------------"
+  end
+end

data/lib/generators/csp_easy/templates/csp_policy.yml

@@ -0,0 +1,45 @@
+### Content Security Policy Specification
+### -------------------------------------
+### See https://wiki.mozilla.org/Security/CSP/Specification for more details
+### Also see https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html
+### Uncomment and edit attributes of this YML to change CSP sitewide
+
+### The catch-all section that defines the security policy for all types of content which are not called out in any of the other directives.
+allow: 'self'
+
+### Options for modifying the underlying behavior of CSP
+# options: [inline-script, eval-script]
+
+### Indicates which sources are valid for images and favicons.
+# img-src: [cdn.myweb.com]
+
+# Indicates which sources are valid for audio and video elements.
+# media-src: [media.myweb.com]
+
+### Indicates which sources are valid for scripts.
+# script-src: [script.myweb.com]
+
+### Indicates which sources are valid for object, embed, and applet elements.
+# object-src: [obs.myweb.com]
+
+### Indicates which sources are valid for frame and iframe elements.
+# frame-src: [frames.myweb.com]
+
+### Indicates which sources are valid for @font-src CSS loads.
+# font-src: [fonts.myweb.com]
+
+### Indicates which sources are valid for XMLHttpRequest connections.
+# xhr-src: [xhr.myweb.com]
+
+### Indicates which sources are valid ancestors for embedding the protected resource via object, frame and iframe tags. An ancestor is any HTML document between the protected resource and the top of the window frame tree; for example, if A embeds B which embeds C, both A and B are ancestors of C. If A embeds both B and C, B is not an ancestor of C, but A still is.
+# frame-ancestors: [ancestors.myweb.com]
+
+### Indicates which sources are valid for externally linked stylesheets.
+### User Agents MUST always allow inline stylesheets and style attributes of HTML tags.
+# style-src: [styles.myweb.com]
+
+### Instructs the browser where to send a report when CSP is violated.
+# report-uri: myreport.myweb.com
+
+### Indicates the location of a file containing the security policies for the protected resource.
+# policy-uri: policy.myweb.com

data/test/helper.rb

@@ -0,0 +1,18 @@
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'test/unit'
+require 'shoulda'
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'csp_easy_rails'
+
+class Test::Unit::TestCase
+end

data/test/test_csp_easy_rails.rb

@@ -0,0 +1,7 @@
+require 'helper'
+
+class TestCspEasyRails < Test::Unit::TestCase
+  should "probably rename this file and start testing for real" do
+    flunk "hey buddy, you should probably rename this file and start testing for real"
+  end
+end

metadata

@@ -0,0 +1,115 @@
+--- !ruby/object:Gem::Specification 
+name: csp_easy_rails
+version: !ruby/object:Gem::Version 
+  prerelease: 
+  version: 0.1.0
+platform: ruby
+authors: 
+- Chinmay Garde
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-10-04 00:00:00 -07:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: shoulda
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: bundler
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 1.0.0
+  type: :development
+  prerelease: false
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: jeweler
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 1.6.4
+  type: :development
+  prerelease: false
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: rcov
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id004
+description: Rails extensions for CSP Easy
+email: chinmaygarde@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE.txt
+- README.md
+files: 
+- .document
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- VERSION
+- lib/csp_easy_rails.rb
+- lib/generators/csp_easy/USAGE
+- lib/generators/csp_easy/csp_easy_generator.rb
+- lib/generators/csp_easy/templates/csp_policy.yml
+- test/helper.rb
+- test/test_csp_easy_rails.rb
+has_rdoc: true
+homepage: http://github.com/chinmaygarde/csp_easy_rails
+licenses: 
+- MIT
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: -2660277490215701992
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.6.2
+signing_key: 
+specification_version: 3
+summary: Rails extensions for CSP Easy
+test_files: []
+