csp_parser 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: cead6c85010ac7c384e7e49923be99ca0b975921dd6b427fabdc8639c632aaed
+  data.tar.gz: 15f2f45cc97f7c01751bf8b79afa9f4f624aeb37fb18d7acfa21b63d651b4d06
+SHA512:
+  metadata.gz: a0e8076a7ad8c8fe3f6b999eaf5f29cc70948ddd65f747055512506bd9f1b17d5dd9f7ba196bae3b0d8018a86b277fff460a60bc0491ad3cc583767a97b66c9e
+  data.tar.gz: f89e0fa7162eb4151531f48a71c2210758afdf25e6ae24aebdadfa31228e74dc9f21c00f48d73d5a1b32b92769561227e21c9de80e326a60c461c4d7a5b57291

data/.github/workflows/ruby.yml

@@ -0,0 +1,43 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: Ruby
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  test:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-version: ['2.5']
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+    # uses: ruby/setup-ruby@v1
+      uses: ruby/setup-ruby@473e4d8fe5dd94ee328fdfca9f8c9c7afc9dae5e
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+    - name: rubocop
+      run: bundle exec rubocop
+    - name: run tests
+      run: COVER=1 bundle exec rspec
+    - name: Upload coverage results
+      uses: actions/upload-artifact@master
+      if: always()
+      with:
+        name: coverage-report
+        path: coverage

data/.gitignore

@@ -0,0 +1,5 @@
+.idea/
+coverage/
+
+.rspec
+.DS_Store

data/.rubocop.yml

@@ -0,0 +1,6 @@
+inherit_gem:
+  rubocop-config-umbrellio: lib/rubocop.yml
+
+AllCops:
+  DisplayCopNames: true
+  TargetRubyVersion: 2.5

data/Gemfile

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
+
+gem "rspec", require: false, group: :test
+gem "rubocop", require: false, group: :test
+gem "rubocop-config-umbrellio", require: false, group: :test
+gem "simplecov", require: false, group: :test

data/Gemfile.lock

@@ -0,0 +1,91 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (6.1.3.2)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
+    ast (2.4.2)
+    concurrent-ruby (1.1.9)
+    diff-lcs (1.4.4)
+    docile (1.4.0)
+    i18n (1.8.10)
+      concurrent-ruby (~> 1.0)
+    minitest (5.14.4)
+    parallel (1.20.1)
+    parser (3.0.1.1)
+      ast (~> 2.4.1)
+    rack (2.2.3)
+    rainbow (3.0.0)
+    regexp_parser (2.1.1)
+    rexml (3.2.5)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-support (3.10.2)
+    rubocop (1.11.0)
+      parallel (~> 1.10)
+      parser (>= 3.0.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml
+      rubocop-ast (>= 1.2.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.7.0)
+      parser (>= 3.0.1.1)
+    rubocop-config-umbrellio (1.11.0.51)
+      rubocop (= 1.11.0)
+      rubocop-performance (= 1.10.0)
+      rubocop-rails (= 2.9.1)
+      rubocop-rake (= 0.5.1)
+      rubocop-rspec (= 2.2.0)
+      rubocop-sequel (= 0.2.0)
+    rubocop-performance (1.10.0)
+      rubocop (>= 0.90.0, < 2.0)
+      rubocop-ast (>= 0.4.0)
+    rubocop-rails (2.9.1)
+      activesupport (>= 4.2.0)
+      rack (>= 1.1)
+      rubocop (>= 0.90.0, < 2.0)
+    rubocop-rake (0.5.1)
+      rubocop
+    rubocop-rspec (2.2.0)
+      rubocop (~> 1.0)
+      rubocop-ast (>= 1.1.0)
+    rubocop-sequel (0.2.0)
+      rubocop (~> 1.0)
+    ruby-progressbar (1.11.0)
+    simplecov (0.21.2)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.3)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (2.0.0)
+    zeitwerk (2.4.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  rspec
+  rubocop
+  rubocop-config-umbrellio
+  simplecov
+
+BUNDLED WITH
+   1.17.2

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 Igor Kirianov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,152 @@
+# CSP::Parser    ![Build Status](https://github.com/KirIgor/csp-parser/actions/workflows/ruby.yml/badge.svg)
+
+CSP::Parser is a gem for parsing Content Security Policy.
+
+## Installation
+
+Add `gem "csp_parser"` to your Gemfile.
+
+## Usage
+
+To parse Content Security Policy:
+```ruby
+require "csp_parser"
+
+# Content-Security-Policy: 
+policy_str = "default-src 'self';" + 
+         "img-src *;" + 
+         "media-src https://*.media2.com:*/path ftp://media3.com;" + 
+         "script-src 'sha256-RFWPLDbv2BY+rCkDzsE+0fr8ylGr2R2faWMhq4lfEQc=';" +
+         "font-src 'nonce-RFWPLDbv2BY+rCkDzsE+0fr8ylGr2R2faWMhq4lfEQc=';" +
+         "frame-src https:;" +
+         "object-src 'none'"
+
+policy = CSP::Parser.parse(policy_str)
+# => #<SerializedPolicy:0x00000001231da870 @directives=[
+#      #<Directive:0x00000001231da4d8 @value_str="default-src 'self'", 
+#        @name="default-src", 
+#        @value=#<DirectiveValue::SerializedSourceList:0x00000001231da280 @value_str="'self'", 
+#          @sources=[#<DirectiveValue::Source::Keyword:0x00000001231d99c0 @value_str="'self'">]
+#        >
+#      >, 
+#      #<Directive:0x00000001231d9768 @value_str="img-src *", 
+#        @name="img-src", 
+#        @value=#<DirectiveValue::SerializedSourceList:0x00000001231d9510 @value_str="*", 
+#          @sources=[#<DirectiveValue::Source::HttpHost:0x00000001231d8390 @value_str="*">]
+#        >
+#      >, 
+#      #<Directive:0x00000001231d8110 @value_str="media-src *.media2.com:* ftp://media3.com", 
+#        @name="media-src", 
+#        @value=#<DirectiveValue::SerializedSourceList:0x00000001231e3e70 
+#          @value_str="media-src https://*.media2.com:*/path ftp://media3.com", 
+#          @sources=[
+#            #<DirectiveValue::Source::HttpHost:0x00000001231e1ff8 @value_str="https://*.media2.com:*/path">, 
+#            #<DirectiveValue::Source::Host:0x00000001231e0c70 @value_str="ftp://media3.com">
+#          ]
+#        >
+#      >, 
+#      #<Directive:0x00000001231e09c8 @value_str="script-src 'sha256-RFWPLDbv2BY+rCkDzsE+0fr8ylGr2R2faWMhq4lfEQc='", 
+#        @name="script-src", 
+#        @value=#<DirectiveValue::SerializedSourceList:0x00000001231e0798 
+#          @value_str="'sha256-RFWPLDbv2BY+rCkDzsE+0fr8ylGr2R2faWMhq4lfEQc='", 
+#          @sources=[
+#            #<DirectiveValue::Source::Hash:0x00000001231ebc88 
+#              @value_str="'sha256-RFWPLDbv2BY+rCkDzsE+0fr8ylGr2R2faWMhq4lfEQc='"
+#            >
+#          ]
+#        >
+#      >, 
+#      #<Directive:0x00000001231eba30 @value_str="font-src 'nonce-RFWPLDbv2BY+rCkDzsE+0fr8ylGr2R2faWMhq4lfEQc='", 
+#        @name="font-src", 
+#        @value=#<DirectiveValue::SerializedSourceList:0x00000001231eb800 
+#          @value_str="'nonce-RFWPLDbv2BY+rCkDzsE+0fr8ylGr2R2faWMhq4lfEQc='", 
+#          @sources=[
+#            #<DirectiveValue::Source::Nonce:0x00000001231eaab8 
+#              @value_str="'nonce-RFWPLDbv2BY+rCkDzsE+0fr8ylGr2R2faWMhq4lfEQc='", 
+#            >
+#          ]
+#        >
+#      >, 
+#      #<Directive:0x00000001231ea888 @value_str="frame-src https:", 
+#        @name="frame-src", 
+#        @value=#<DirectiveValue::SerializedSourceList:0x00000001231ea630 @value_str="https:", 
+#          @sources=[
+#            #<DirectiveValue::Source::Scheme:0x00000001231e96e0 @value_str="https:">
+#          ]
+#        >
+#      >, 
+#      #<Directive:0x00000001231e9488 @value_str="object-src 'none'", 
+#        @name="object-src", 
+#        @value=#<DirectiveValue::SerializedSourceList:0x00000001231e9230 @value_str="'none'", 
+#          @sources=[#<DirectiveValue::Source::None:0x00000001231e8b78 @value_str="'none'">]
+#        >
+#      >
+#    ]>
+
+policy.directives.map(&:name)
+# => ["default-src", "img-src", "media-src", "script-src", "font-src", "frame-src", "object-src"]
+
+default_src = policy.directives.find { |d| d.name == "default-src" } # DirectiveValue::SerializedSourceList
+keyword = default_src.value.sources.first # DirectiveValue::Source::Keyword
+keyword.to_s # => "'self'"
+
+media_src = policy.directives.find { |d| d.name == "media-src" } # DirectiveValue::SerializedSourceList
+http_host = media_src.value.sources.first # DirectiveValue::Source::HttpHost
+http_host.scheme_part # => "https"
+http_host.host_part # => "*.media2.com"
+http_host.port_part # => "*"
+http_host.path_part # => "/path"
+http_host.to_s # => "https://*.media2.com:*/path"
+
+script_src = policy.directives.find { |d| d.name == "script-src" } # DirectiveValue::SerializedSourceList
+hash = script_src.value.sources.first # DirectiveValue::Source::Hash
+hash.algorithm # => "sha256"
+hash.value # => "RFWPLDbv2BY+rCkDzsE+0fr8ylGr2R2faWMhq4lfEQc="
+
+font_src = policy.directives.find { |d| d.name == "font-src" } # DirectiveValue::SerializedSourceList
+nonce = font_src.value.sources.first # DirectiveValue::Source::Nonce
+nonce.value # => "RFWPLDbv2BY+rCkDzsE+0fr8ylGr2R2faWMhq4lfEQc="
+
+frame_src = policy.directives.find { |d| d.name == "frame-src" } # DirectiveValue::SerializedSourceList
+scheme = frame_src.value.sources.first # DirectiveValue::Source::Scheme
+scheme.to_s # => "https:"
+
+object_src = policy.directives.find { |d| d.name == "object-src" } # DirectiveValue::SerializedSourceList
+none = object_src.value.sources.first # DirectiveValue::Source::None
+none.to_s # => "'none'"
+```
+
+You can also parse individual source:
+```ruby
+http_host = CSP::DirectiveValue::Source::HttpHost.new("https://*.example.com:*/path")
+http_host.scheme_part # => "https"
+http_host.host_part # => "*.example.com"
+http_host.port_part # => "*"
+http_host.path_part # => "/path"
+http_host.to_s # => "https://*.example.com:*/path"
+```
+
+Or just check if http host is valid:
+```ruby
+CSP::Parser.valid_http_host_source?("https://*.example.com:*/path")
+# => true
+CSP::Parser.valid_http_host_source?("custom-scheme://*.example.com:*/path")
+# => false
+```
+
+## Contributing
+
+Feel free to contribute at https://github.com/KirIgor/csp-parser.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Author
+
+Created by Igor Kirianov.
+
+## Reference
+
+1. MDN Web Docs: https://developer.mozilla.org/ru/docs/Web/HTTP/CSP
+2. Document: https://www.w3.org/TR/CSP3/

data/csp_parser.gemspec

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+Gem::Specification.new do |s|
+  s.required_ruby_version = ">= 2.5.0"
+  s.name        = "csp_parser"
+  s.version     = "0.1.1"
+  s.summary     = "Content Security Policy Parser"
+  s.description = "Gem for parsing Content Security Policy."
+  s.authors     = ["Igor Kirianov"]
+  s.email       = "ig6966.ivanov@gmail.com"
+  s.homepage =
+    "https://rubygems.org/gems/csp_parser"
+  s.license = "MIT"
+
+  s.files = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  s.require_paths = ["lib"]
+end

data/lib/csp.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+module CSP
+end

data/lib/csp_parser.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require_relative "./csp"
+require_relative "./serialized_policy"
+require_relative "./directive_value/source/http_host"
+
+class CSP::Parser
+  class << self
+    def parse(csp_policy_str)
+      CSP::SerializedPolicy.new(csp_policy_str)
+    end
+
+    def valid_http_host_source?(http_host_str)
+      !!CSP::DirectiveValue::Source::HttpHost.new(http_host_str)
+    rescue
+      false
+    end
+  end
+end

data/lib/directive.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+require_relative "./directive_value/serialized_source_list"
+require_relative "./directive_value/token"
+require_relative "./directive_value/sandbox"
+require_relative "./directive_value/default"
+require_relative "./grammar"
+require_relative "./csp"
+
+class CSP::Directive
+  ParseError = Class.new(StandardError)
+
+  DIRECTIVE_VALUES = {
+    "child-src" => CSP::DirectiveValue::SerializedSourceList,
+    "connect-src" => CSP::DirectiveValue::SerializedSourceList,
+    "default-src" => CSP::DirectiveValue::SerializedSourceList,
+    "font-src" => CSP::DirectiveValue::SerializedSourceList,
+    "frame-src" => CSP::DirectiveValue::SerializedSourceList,
+    "img-src" => CSP::DirectiveValue::SerializedSourceList,
+    "manifest-src" => CSP::DirectiveValue::SerializedSourceList,
+    "media-src" => CSP::DirectiveValue::SerializedSourceList,
+    "object-src" => CSP::DirectiveValue::SerializedSourceList,
+    "prefetch-src" => CSP::DirectiveValue::SerializedSourceList,
+    "script-src" => CSP::DirectiveValue::SerializedSourceList,
+    "script-src-elem" => CSP::DirectiveValue::SerializedSourceList,
+    "script-src-attrs" => CSP::DirectiveValue::SerializedSourceList,
+    "style-src" => CSP::DirectiveValue::SerializedSourceList,
+    "style-src-elem" => CSP::DirectiveValue::SerializedSourceList,
+    "style-src-attr" => CSP::DirectiveValue::SerializedSourceList,
+    "worker-src" => CSP::DirectiveValue::SerializedSourceList,
+    "base-uri" => CSP::DirectiveValue::SerializedSourceList,
+    "sandbox" => CSP::DirectiveValue::Sandbox,
+    "form-action" => CSP::DirectiveValue::SerializedSourceList,
+    "frame-ancestors" => CSP::DirectiveValue::SerializedSourceList,
+    "navigate-to" => CSP::DirectiveValue::SerializedSourceList,
+    "report-to" => CSP::DirectiveValue::Token,
+  }.freeze
+
+  def initialize(value_str)
+    @value_str = value_str
+    @match = value_str.match(/\A#{CSP::Grammar::SERIALIZED_DIRECTIVE}\z/o)
+
+    raise ParseError, @value_str if @match.nil?
+
+    @name = @match["name"]
+    value_class = DIRECTIVE_VALUES[@name] || CSP::DirectiveValue::Default
+    @value = value_class.new(@match["value"])
+  end
+
+  attr_reader :name, :value
+
+  def to_s
+    @value_str
+  end
+end

data/lib/directive_value/base.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require_relative "../csp"
+
+class CSP::DirectiveValue::Base
+  def initialize(value_str)
+    @value_str = value_str
+    @match = @value_str.match(regexp)
+
+    raise CSP::DirectiveValue::ParseError, @value_str if @match.nil?
+  end
+
+  def to_s
+    @value_str
+  end
+
+  # @!method regexp
+end

data/lib/directive_value/default.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require_relative "./directive_value"
+require_relative "./base"
+require_relative "../grammar"
+require_relative "../csp"
+
+class CSP::DirectiveValue::Default < CSP::DirectiveValue::Base
+  private
+
+  def regexp
+    /\A#{CSP::Grammar::DIRECTIVE_VALUE}\z/o
+  end
+end

data/lib/directive_value/directive_value.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require_relative "../csp"
+
+module CSP::DirectiveValue
+  ParseError = Class.new(StandardError)
+  InvalidSource = Class.new(StandardError)
+end

data/lib/directive_value/sandbox.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require_relative "./directive_value"
+require_relative "./base"
+require_relative "../grammar"
+require_relative "../csp"
+
+class CSP::DirectiveValue::Sandbox < CSP::DirectiveValue::Base
+  private
+
+  def regexp
+    /\A#{CSP::Grammar::SANDBOX}\z/o
+  end
+end

data/lib/directive_value/serialized_source_list.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+require_relative "./directive_value"
+require_relative "./base"
+require_relative "../csp"
+# rubocop:disable Lint/NonDeterministicRequireOrder, Style/StringConcatenation
+Dir[File.dirname(__FILE__) + "/source/*.rb"].each { |file| require file }
+# rubocop:enable Lint/NonDeterministicRequireOrder, Style/StringConcatenation
+
+class CSP::DirectiveValue::SerializedSourceList < CSP::DirectiveValue::Base
+  SOURCE_LIST = [
+    CSP::DirectiveValue::Source::None,
+    CSP::DirectiveValue::Source::Keyword,
+    CSP::DirectiveValue::Source::Hash,
+    CSP::DirectiveValue::Source::Nonce,
+    CSP::DirectiveValue::Source::Scheme,
+    CSP::DirectiveValue::Source::HttpHost,
+    CSP::DirectiveValue::Source::Host,
+  ].freeze
+
+  attr_reader :sources
+
+  def initialize(value_str)
+    super
+
+    @sources = @value_str.split.map do |source_str|
+      source = SOURCE_LIST.lazy.map do |s|
+        s.new(source_str)
+      rescue
+        nil
+      end.find(&:itself)
+
+      source
+    end
+  end
+
+  private
+
+  def regexp
+    /\A#{CSP::Grammar::SERIALIZED_SOURCE_LIST}\z/o
+  end
+end

data/lib/directive_value/source/base.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require_relative "../../csp"
+
+class CSP::DirectiveValue::Source::Base
+  def initialize(value_str)
+    @value_str = value_str
+    @match = @value_str.match(regexp)
+
+    raise CSP::DirectiveValue::InvalidSource, @value_str if @match.nil?
+  end
+
+  def to_s
+    @value_str
+  end
+
+  # @!method regexp
+end

data/lib/directive_value/source/hash.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require_relative "../directive_value"
+require_relative "./source"
+require_relative "./base"
+require_relative "../../grammar"
+require_relative "../../csp"
+
+class CSP::DirectiveValue::Source::Hash < CSP::DirectiveValue::Source::Base
+  def algorithm
+    @match[:algorithm]
+  end
+
+  def value
+    @match[:value]
+  end
+
+  private
+
+  def regexp
+    /\A#{CSP::Grammar::HASH_SOURCE}\z/o
+  end
+end

data/lib/directive_value/source/host.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require_relative "../directive_value"
+require_relative "./source"
+require_relative "./base"
+require_relative "../../grammar"
+require_relative "../../csp"
+
+class CSP::DirectiveValue::Source::Host < CSP::DirectiveValue::Source::Base
+  def scheme_part
+    @match[:scheme_part]
+  end
+
+  def host_part
+    @match[:host_part]
+  end
+
+  def port_part
+    @match[:port_part]
+  end
+
+  def path_part
+    @match[:path_part]
+  end
+
+  private
+
+  def regexp
+    /\A#{CSP::Grammar::HOST_SOURCE}\z/o
+  end
+end

data/lib/directive_value/source/http_host.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require_relative "../directive_value"
+require_relative "./source"
+require_relative "../../grammar"
+require_relative "./host"
+require_relative "../../csp"
+
+class CSP::DirectiveValue::Source::HttpHost < CSP::DirectiveValue::Source::Host
+  private
+
+  def regexp
+    /\A#{CSP::Grammar::HTTP_HOST_SOURCE}\z/o
+  end
+end

data/lib/directive_value/source/keyword.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require_relative "../directive_value"
+require_relative "./source"
+require_relative "./base"
+require_relative "../../grammar"
+require_relative "../../csp"
+
+class CSP::DirectiveValue::Source::Keyword < CSP::DirectiveValue::Source::Base
+  private
+
+  def regexp
+    /\A#{CSP::Grammar::KEYWORD_SOURCE}\z/o
+  end
+end

data/lib/directive_value/source/nonce.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require_relative "../directive_value"
+require_relative "./source"
+require_relative "./base"
+require_relative "../../grammar"
+require_relative "../../csp"
+
+class CSP::DirectiveValue::Source::Nonce < CSP::DirectiveValue::Source::Base
+  def value
+    @match[:value]
+  end
+
+  private
+
+  def regexp
+    /\A#{CSP::Grammar::NONCE_SOURCE}\z/o
+  end
+end

data/lib/directive_value/source/none.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require_relative "../directive_value"
+require_relative "./source"
+require_relative "./base"
+require_relative "../../grammar"
+require_relative "../../csp"
+
+class CSP::DirectiveValue::Source::None < CSP::DirectiveValue::Source::Base
+  private
+
+  def regexp
+    /\A#{CSP::Grammar::NONE_SOURCE}\z/o
+  end
+end

data/lib/directive_value/source/scheme.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require_relative "../directive_value"
+require_relative "./source"
+require_relative "./base"
+require_relative "../../grammar"
+require_relative "../../csp"
+
+class CSP::DirectiveValue::Source::Scheme < CSP::DirectiveValue::Source::Base
+  private
+
+  def regexp
+    /\A#{CSP::Grammar::SCHEME_SOURCE}\z/o
+  end
+end

data/lib/directive_value/source/source.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+require_relative "../../csp"
+
+module CSP::DirectiveValue::Source
+end

data/lib/directive_value/token.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require_relative "./directive_value"
+require_relative "./base"
+require_relative "../grammar"
+require_relative "../csp"
+
+class CSP::DirectiveValue::Token < CSP::DirectiveValue::Base
+  private
+
+  def regexp
+    /\A#{CSP::Grammar::TOKEN}\z/o
+  end
+end

data/lib/grammar.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require_relative "./csp"
+
+class CSP::Grammar
+  ASCII_WHITESPACE = "(\x09|\x0a|\x0c|\x0d|\x20)"
+  OPTIONAL_ASCII_WHITESPACE = "#{ASCII_WHITESPACE}*"
+  REQUIRED_ASCII_WHITESPACE = "#{ASCII_WHITESPACE}+"
+  ALPHA = "[a-zA-Z]"
+  DIGIT = "[0-9]"
+  SCHEME_PART = "#{ALPHA}([a-zA-Z0-9+\\-.])*"
+  HTTP_SCHEME_PART = "https?"
+  SCHEME_SOURCE = "#{SCHEME_PART}:"
+  HOST_CHAR = '[a-zA-Z0-9\-]'
+  HOST_PART = "(\\*|(?:\\*\\.)?#{HOST_CHAR}+(\\.#{HOST_CHAR}+)*)"
+  PORT_PART = "(#{DIGIT}+|\\*)"
+  PATH_CHAR = '[a-zA-Z0-9\-._!&\'()*+=]'
+  PATH_PART = "/(#{PATH_CHAR}+(?:/#{PATH_CHAR}*)*)?"
+  HOST_SOURCE = "(?:(?<scheme_part>#{SCHEME_PART})://)?"\
+    "(?<host_part>#{HOST_PART})"\
+    "(?::(?<port_part>#{PORT_PART}))?"\
+    "(?<path_part>#{PATH_PART})?"
+  HTTP_HOST_SOURCE = "(?:(?<scheme_part>#{HTTP_SCHEME_PART})://)?"\
+    "(?<host_part>#{HOST_PART})"\
+    "(?::(?<port_part>#{PORT_PART}))?"\
+    "(?<path_part>#{PATH_PART})?"
+  KEYWORD_SOURCE = "('self'|'unsafe-inline'|'unsafe-eval'|'strict-dynamic'|"\
+    "'unsafe-hashes'|'report-sample'|'unsafe-allow-redirects')"
+  BASE64_VALUE = '[a-zA-Z0-9+/\-_]+={0,2}'
+  NONCE_SOURCE = "'nonce-(?<value>#{BASE64_VALUE})'"
+  HASH_ALGORITHM = "(sha256|sha384|sha512)"
+  HASH_SOURCE = "'(?<algorithm>#{HASH_ALGORITHM})-(?<value>#{BASE64_VALUE})'"
+  NONE_SOURCE = "'none'"
+  SOURCE_EXPRESSION = "(#{SCHEME_SOURCE}|#{HOST_SOURCE}|#{KEYWORD_SOURCE}"\
+    "|#{NONCE_SOURCE}|#{HASH_SOURCE}|#{NONE_SOURCE})"
+  SERIALIZED_SOURCE_LIST = "(#{SOURCE_EXPRESSION}"\
+    "(?:#{REQUIRED_ASCII_WHITESPACE}#{SOURCE_EXPRESSION})*)"
+  TOKEN_CHAR = '[!#$%&\'*+\-.^_`|~0-9a-zA-Z]'
+  TOKEN = "#{TOKEN_CHAR}+"
+  SANDBOX = "(|#{TOKEN}(?:#{REQUIRED_ASCII_WHITESPACE}#{TOKEN})*)"
+  ANCESTOR_SOURCE = "(#{SCHEME_SOURCE}|#{HOST_SOURCE}|'self')"
+  ANCESTOR_SOURCE_LIST = "(#{ANCESTOR_SOURCE}"\
+    "(?:#{REQUIRED_ASCII_WHITESPACE}#{ANCESTOR_SOURCE})*|'none')"
+  DIRECTIVE_NAME = '[a-zA-Z0-9\-]+'
+  DIRECTIVE_VALUE = "[ \x21-\x2B\\\x2D-\x3A\x3C-\x7E]*"
+  SERIALIZED_DIRECTIVE = "(?<name>#{DIRECTIVE_NAME})"\
+    "(?:#{REQUIRED_ASCII_WHITESPACE}(?<value>#{DIRECTIVE_VALUE}))?"
+  SERIALIZED_POLICY = "#{SERIALIZED_DIRECTIVE}(?:#{OPTIONAL_ASCII_WHITESPACE};"\
+    "(?:#{OPTIONAL_ASCII_WHITESPACE}#{SERIALIZED_DIRECTIVE})?)*"
+end

data/lib/serialized_policy.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require_relative "./csp"
+require_relative "./grammar"
+require_relative "./directive"
+
+class CSP::SerializedPolicy
+  ParseError = Class.new(StandardError)
+
+  def initialize(value_str)
+    @value_str = value_str
+    @match = @value_str.match(regexp)
+
+    raise ParseError, @value_str if @match.nil?
+
+    @directives = @value_str.split(";").map do |directive_str|
+      CSP::Directive.new(directive_str.strip)
+    end
+  end
+
+  def to_s
+    @value_str
+  end
+
+  attr_reader :directives
+
+  private
+
+  def regexp
+    /\A#{CSP::Grammar::SERIALIZED_POLICY}\z/o
+  end
+end

metadata

@@ -0,0 +1,70 @@
+--- !ruby/object:Gem::Specification
+name: csp_parser
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Igor Kirianov
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2021-06-21 00:00:00.000000000 Z
+dependencies: []
+description: Gem for parsing Content Security Policy.
+email: ig6966.ivanov@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/workflows/ruby.yml"
+- ".gitignore"
+- ".rubocop.yml"
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- csp_parser.gemspec
+- lib/csp.rb
+- lib/csp_parser.rb
+- lib/directive.rb
+- lib/directive_value/base.rb
+- lib/directive_value/default.rb
+- lib/directive_value/directive_value.rb
+- lib/directive_value/sandbox.rb
+- lib/directive_value/serialized_source_list.rb
+- lib/directive_value/source/base.rb
+- lib/directive_value/source/hash.rb
+- lib/directive_value/source/host.rb
+- lib/directive_value/source/http_host.rb
+- lib/directive_value/source/keyword.rb
+- lib/directive_value/source/nonce.rb
+- lib/directive_value/source/none.rb
+- lib/directive_value/source/scheme.rb
+- lib/directive_value/source/source.rb
+- lib/directive_value/token.rb
+- lib/grammar.rb
+- lib/serialized_policy.rb
+homepage: https://rubygems.org/gems/csp_parser
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.5.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: Content Security Policy Parser
+test_files: []