jekyll-content-security-policy-generator 1.6.7 → 1.6.13
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CODE_OF_CONDUCT.md +128 -0
- data/Cover.png +0 -0
- data/README.md +40 -5
- data/jekyll-content-security-policy-generator.gemspec +7 -2
- data/lib/jekyll-content-security-policy-generator/hook.rb +38 -12
- data/lib/jekyll-content-security-policy-generator/version.rb +1 -1
- metadata +12 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f0a3a76363fcb40772f3a2bd9632a275de81cf89f4af10d52ea86952d39ead61
|
4
|
+
data.tar.gz: b7d82859c4268f2f3f71852a102fcd1c0504f3b38732dc9f848bafb81b4c1217
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a6d505e6157d9f7987f3c3115fd4c4046f415296dded854207c85b612691a77b774eaf981b1b44de7eafc26e94d8cff679007a900ee9b05a9ddc70e102af859f
|
7
|
+
data.tar.gz: 5679993e3bccefc51997c4a8dd0f5639c8d0dee9d536d4ea7069b186cf837d04fc3a23bc8abede5bcce669dac5dd2b3b48196f3c4d998a0810540b83562c6a77
|
data/CODE_OF_CONDUCT.md
ADDED
@@ -0,0 +1,128 @@
|
|
1
|
+
# Contributor Covenant Code of Conduct
|
2
|
+
|
3
|
+
## Our Pledge
|
4
|
+
|
5
|
+
We as members, contributors, and leaders pledge to make participation in our
|
6
|
+
community a harassment-free experience for everyone, regardless of age, body
|
7
|
+
size, visible or invisible disability, ethnicity, sex characteristics, gender
|
8
|
+
identity and expression, level of experience, education, socio-economic status,
|
9
|
+
nationality, personal appearance, race, religion, or sexual identity
|
10
|
+
and orientation.
|
11
|
+
|
12
|
+
We pledge to act and interact in ways that contribute to an open, welcoming,
|
13
|
+
diverse, inclusive, and healthy community.
|
14
|
+
|
15
|
+
## Our Standards
|
16
|
+
|
17
|
+
Examples of behavior that contributes to a positive environment for our
|
18
|
+
community include:
|
19
|
+
|
20
|
+
* Demonstrating empathy and kindness toward other people
|
21
|
+
* Being respectful of differing opinions, viewpoints, and experiences
|
22
|
+
* Giving and gracefully accepting constructive feedback
|
23
|
+
* Accepting responsibility and apologizing to those affected by our mistakes,
|
24
|
+
and learning from the experience
|
25
|
+
* Focusing on what is best not just for us as individuals, but for the
|
26
|
+
overall community
|
27
|
+
|
28
|
+
Examples of unacceptable behavior include:
|
29
|
+
|
30
|
+
* The use of sexualized language or imagery, and sexual attention or
|
31
|
+
advances of any kind
|
32
|
+
* Trolling, insulting or derogatory comments, and personal or political attacks
|
33
|
+
* Public or private harassment
|
34
|
+
* Publishing others' private information, such as a physical or email
|
35
|
+
address, without their explicit permission
|
36
|
+
* Other conduct which could reasonably be considered inappropriate in a
|
37
|
+
professional setting
|
38
|
+
|
39
|
+
## Enforcement Responsibilities
|
40
|
+
|
41
|
+
Community leaders are responsible for clarifying and enforcing our standards of
|
42
|
+
acceptable behavior and will take appropriate and fair corrective action in
|
43
|
+
response to any behavior that they deem inappropriate, threatening, offensive,
|
44
|
+
or harmful.
|
45
|
+
|
46
|
+
Community leaders have the right and responsibility to remove, edit, or reject
|
47
|
+
comments, commits, code, wiki edits, issues, and other contributions that are
|
48
|
+
not aligned to this Code of Conduct, and will communicate reasons for moderation
|
49
|
+
decisions when appropriate.
|
50
|
+
|
51
|
+
## Scope
|
52
|
+
|
53
|
+
This Code of Conduct applies within all community spaces, and also applies when
|
54
|
+
an individual is officially representing the community in public spaces.
|
55
|
+
Examples of representing our community include using an official e-mail address,
|
56
|
+
posting via an official social media account, or acting as an appointed
|
57
|
+
representative at an online or offline event.
|
58
|
+
|
59
|
+
## Enforcement
|
60
|
+
|
61
|
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
62
|
+
reported to the community leaders responsible for enforcement at
|
63
|
+
.
|
64
|
+
All complaints will be reviewed and investigated promptly and fairly.
|
65
|
+
|
66
|
+
All community leaders are obligated to respect the privacy and security of the
|
67
|
+
reporter of any incident.
|
68
|
+
|
69
|
+
## Enforcement Guidelines
|
70
|
+
|
71
|
+
Community leaders will follow these Community Impact Guidelines in determining
|
72
|
+
the consequences for any action they deem in violation of this Code of Conduct:
|
73
|
+
|
74
|
+
### 1. Correction
|
75
|
+
|
76
|
+
**Community Impact**: Use of inappropriate language or other behavior deemed
|
77
|
+
unprofessional or unwelcome in the community.
|
78
|
+
|
79
|
+
**Consequence**: A private, written warning from community leaders, providing
|
80
|
+
clarity around the nature of the violation and an explanation of why the
|
81
|
+
behavior was inappropriate. A public apology may be requested.
|
82
|
+
|
83
|
+
### 2. Warning
|
84
|
+
|
85
|
+
**Community Impact**: A violation through a single incident or series
|
86
|
+
of actions.
|
87
|
+
|
88
|
+
**Consequence**: A warning with consequences for continued behavior. No
|
89
|
+
interaction with the people involved, including unsolicited interaction with
|
90
|
+
those enforcing the Code of Conduct, for a specified period of time. This
|
91
|
+
includes avoiding interactions in community spaces as well as external channels
|
92
|
+
like social media. Violating these terms may lead to a temporary or
|
93
|
+
permanent ban.
|
94
|
+
|
95
|
+
### 3. Temporary Ban
|
96
|
+
|
97
|
+
**Community Impact**: A serious violation of community standards, including
|
98
|
+
sustained inappropriate behavior.
|
99
|
+
|
100
|
+
**Consequence**: A temporary ban from any sort of interaction or public
|
101
|
+
communication with the community for a specified period of time. No public or
|
102
|
+
private interaction with the people involved, including unsolicited interaction
|
103
|
+
with those enforcing the Code of Conduct, is allowed during this period.
|
104
|
+
Violating these terms may lead to a permanent ban.
|
105
|
+
|
106
|
+
### 4. Permanent Ban
|
107
|
+
|
108
|
+
**Community Impact**: Demonstrating a pattern of violation of community
|
109
|
+
standards, including sustained inappropriate behavior, harassment of an
|
110
|
+
individual, or aggression toward or disparagement of classes of individuals.
|
111
|
+
|
112
|
+
**Consequence**: A permanent ban from any sort of public interaction within
|
113
|
+
the community.
|
114
|
+
|
115
|
+
## Attribution
|
116
|
+
|
117
|
+
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
|
118
|
+
version 2.0, available at
|
119
|
+
https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
|
120
|
+
|
121
|
+
Community Impact Guidelines were inspired by [Mozilla's code of conduct
|
122
|
+
enforcement ladder](https://github.com/mozilla/diversity).
|
123
|
+
|
124
|
+
[homepage]: https://www.contributor-covenant.org
|
125
|
+
|
126
|
+
For answers to common questions about this code of conduct, see the FAQ at
|
127
|
+
https://www.contributor-covenant.org/faq. Translations are available at
|
128
|
+
https://www.contributor-covenant.org/translations.
|
data/Cover.png
ADDED
Binary file
|
data/README.md
CHANGED
@@ -1,5 +1,7 @@
|
|
1
1
|
# jekyll-content-security-policy-generator Plugin
|
2
2
|
|
3
|
+
![Jekyll Image Cover](Cover.png)
|
4
|
+
|
3
5
|
This Jekyll plugin automatically builds an HTML content-security-policy for a Jekyll site. The plugin
|
4
6
|
will scan ```.html``` files generated by Jekyll and attempt to locate images, styles, scripts, frames etc and build a
|
5
7
|
content security policy HTML meta tag. The script will also generate SHA256 hashes for inline scripts and styles. If
|
@@ -18,18 +20,51 @@ To speed up development of Jekyll based sites whilst also helping to generate se
|
|
18
20
|
* Creates or reuses an HTTP meta tag for the content security policy.
|
19
21
|
* Finds all images, styles, scripts and frames with external URLs and builds CSP.
|
20
22
|
* Converts style attributes into ```<style>``` elements.
|
23
|
+
* If a page already has a content-security-policy tag, (such as your index.html file), the script will reuse it.
|
24
|
+
* Image URLs such as https://strongscot.com/images/logo.svg will have a rule such as https://strongscot.com/images/
|
25
|
+
|
26
|
+
## Upcoming Features
|
27
|
+
|
28
|
+
* Ability to specify how lax the domain rules can be. For example, ```https://strongscot.com/images/logo.svg``` would be converted to
|
29
|
+
```https://strongscot.com/images/``` under strict and ```https://strongscot.com``` under relaxed.
|
30
|
+
* Ability in site.yaml file to specify what files it should parse, at the moment its only ```.html```.
|
21
31
|
|
22
32
|
## Installation
|
23
33
|
|
24
|
-
|
34
|
+
Add the plugin your Gemfile within the jekyll_plugins group:
|
35
|
+
|
36
|
+
```
|
37
|
+
group :jekyll_plugins do
|
38
|
+
gem 'jekyll-content-security-policy-generator'
|
39
|
+
... other gem files
|
40
|
+
end
|
41
|
+
```
|
42
|
+
|
43
|
+
Then install
|
44
|
+
|
45
|
+
```
|
46
|
+
bundle install
|
47
|
+
```
|
48
|
+
|
49
|
+
## Nokogiri Error on Mac?
|
50
|
+
|
51
|
+
For some reason, Nokogiri will install with both the ARM (M1) and x86 variants which will confuse bundler. Best way I found to fix this was to open the Gemfile.lock and remove the:
|
52
|
+
|
53
|
+
```
|
54
|
+
nokogiri (1.11.3-arm64-darwin)
|
55
|
+
racc (~> 1.4)
|
56
|
+
```
|
25
57
|
|
26
|
-
|
58
|
+
Or the x86 if you have an M1 mac.
|
27
59
|
|
28
|
-
|
60
|
+
Alternatively, you can add ```nokogiri``` to your Gemfile, like so:
|
29
61
|
|
30
62
|
```
|
31
|
-
|
32
|
-
|
63
|
+
group :jekyll_plugins do
|
64
|
+
gem 'nokogiri'
|
65
|
+
gem 'jekyll-content-security-policy-generator'
|
66
|
+
... other gem files
|
67
|
+
end
|
33
68
|
```
|
34
69
|
|
35
70
|
## Support
|
@@ -1,10 +1,15 @@
|
|
1
1
|
lib = File.expand_path("../lib", __FILE__)
|
2
|
+
|
2
3
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
3
4
|
require "jekyll-content-security-policy-generator/version"
|
5
|
+
|
4
6
|
Gem::Specification.new do |spec|
|
5
7
|
spec.name = "jekyll-content-security-policy-generator"
|
6
8
|
spec.summary = "Helps generate a content security policy."
|
7
|
-
spec.description = "
|
9
|
+
spec.description = "Will generate a content-security-policy based on images, scripts, stylesheets, frames and"\
|
10
|
+
"others on each generated page. This script assumes that all your linked resources as 'safe'."\
|
11
|
+
"Style attributes will also be converted into <style> elements and SHA256 hashes will be"\
|
12
|
+
"generated for inline styles/scripts."
|
8
13
|
spec.version = JekyllContentSecurityPolicyGenerator::VERSION
|
9
14
|
spec.authors = ["strongscot"]
|
10
15
|
spec.email = ["mail@strongscot.com"]
|
@@ -14,7 +19,7 @@ Gem::Specification.new do |spec|
|
|
14
19
|
spec.require_paths = ["lib"]
|
15
20
|
spec.add_dependency 'jekyll'
|
16
21
|
spec.add_dependency 'digest'
|
17
|
-
spec.add_dependency 'nokogiri'
|
22
|
+
spec.add_dependency 'nokogiri'
|
18
23
|
spec.add_development_dependency 'rake'
|
19
24
|
spec.add_development_dependency 'rspec'
|
20
25
|
spec.add_development_dependency 'rubocop'
|
@@ -2,6 +2,7 @@ require 'jekyll'
|
|
2
2
|
require 'nokogiri'
|
3
3
|
require 'digest'
|
4
4
|
require 'open-uri'
|
5
|
+
require 'uri'
|
5
6
|
|
6
7
|
##
|
7
8
|
# Provides the ability to generate a content security policy for inline scripts and styles.
|
@@ -30,7 +31,14 @@ module Jekyll
|
|
30
31
|
def generate_convert_security_policy_meta_tag
|
31
32
|
meta_content = ""
|
32
33
|
|
34
|
+
@csp_script_src = @csp_script_src.uniq
|
35
|
+
@csp_image_src = @csp_image_src.uniq
|
36
|
+
@csp_style_src = @csp_style_src.uniq
|
37
|
+
@csp_script_src = @csp_script_src.uniq
|
38
|
+
@csp_unknown = @csp_unknown.uniq
|
39
|
+
|
33
40
|
if @csp_frame_src.length > 0
|
41
|
+
@csp_script_src.uniq
|
34
42
|
meta_content += "frame-src " + @csp_frame_src.join(' ') + '; '
|
35
43
|
end
|
36
44
|
|
@@ -84,16 +92,12 @@ module Jekyll
|
|
84
92
|
|
85
93
|
if policy_parts[0] == 'script-src'
|
86
94
|
@csp_script_src.concat(policy_parts.drop(1))
|
87
|
-
@csp_script_src = @csp_script_src.uniq
|
88
95
|
elsif policy_parts[0] == 'style-src'
|
89
96
|
@csp_style_src.concat(policy_parts.drop(1))
|
90
|
-
|
91
|
-
elsif policy_parts[0] == 'image-src'
|
97
|
+
elsif policy_parts[0] == 'img-src'
|
92
98
|
@csp_image_src.concat(policy_parts.drop(1))
|
93
|
-
@csp_image_src = @csp_image_src.uniq
|
94
99
|
elsif policy_parts[0] == 'frame-src'
|
95
100
|
@csp_frame_src.concat(policy_parts.drop(1))
|
96
|
-
@csp_frame_src = @csp_frame_src.uniq
|
97
101
|
else
|
98
102
|
@csp_unknown.concat([policy_parts])
|
99
103
|
end
|
@@ -102,6 +106,10 @@ module Jekyll
|
|
102
106
|
Jekyll.logger.warn "Incorrect existing content security policy meta tag found, skipping."
|
103
107
|
end
|
104
108
|
end
|
109
|
+
|
110
|
+
@nokogiri.search('meta[http-equiv="Content-Security-Policy"]').each do |el|
|
111
|
+
el.remove
|
112
|
+
end
|
105
113
|
end
|
106
114
|
end
|
107
115
|
|
@@ -115,7 +123,8 @@ module Jekyll
|
|
115
123
|
if find.attr('id')
|
116
124
|
element_id = find.attr('id')
|
117
125
|
else
|
118
|
-
|
126
|
+
hash = Digest::MD5.hexdigest find_src + "#{Random.rand(11)}"
|
127
|
+
element_id = "csp-gen-" + hash
|
119
128
|
find["id"] = element_id
|
120
129
|
end
|
121
130
|
|
@@ -143,10 +152,23 @@ module Jekyll
|
|
143
152
|
@nokogiri.css('img').each do |find|
|
144
153
|
find_src = find.attr('src')
|
145
154
|
|
146
|
-
if find_src.start_with?('http', 'https')
|
155
|
+
if find_src and find_src.start_with?('http', 'https')
|
147
156
|
@csp_image_src.push find_src.match(/(.*\/)+(.*$)/)[1]
|
148
157
|
end
|
149
158
|
end
|
159
|
+
|
160
|
+
@nokogiri.css('style').each do |find|
|
161
|
+
finds = find.content.scan(/url\(([^\)]+)\)/)
|
162
|
+
|
163
|
+
finds.each do |innerFind|
|
164
|
+
innerFind = innerFind[0]
|
165
|
+
innerFind = innerFind.tr('\'"', '')
|
166
|
+
if innerFind.start_with?('http', 'https')
|
167
|
+
@csp_image_src.push self.get_domain(innerFind)
|
168
|
+
end
|
169
|
+
end
|
170
|
+
end
|
171
|
+
|
150
172
|
end
|
151
173
|
|
152
174
|
##
|
@@ -156,7 +178,7 @@ module Jekyll
|
|
156
178
|
if find.attr('src')
|
157
179
|
find_src = find.attr('src')
|
158
180
|
|
159
|
-
if find_src.start_with?('http', 'https')
|
181
|
+
if find_src and find_src.start_with?('http', 'https')
|
160
182
|
@csp_script_src.push find_src.match(/(.*\/)+(.*$)/)[1]
|
161
183
|
end
|
162
184
|
|
@@ -173,7 +195,7 @@ module Jekyll
|
|
173
195
|
if find.attr('src')
|
174
196
|
find_src = find.attr('src')
|
175
197
|
|
176
|
-
if find_src.start_with?('http', 'https')
|
198
|
+
if find_src and find_src.start_with?('http', 'https')
|
177
199
|
@csp_style_src.push find_src.match(/(.*\/)+(.*$)/)[1]
|
178
200
|
end
|
179
201
|
|
@@ -189,12 +211,17 @@ module Jekyll
|
|
189
211
|
@nokogiri.css('iframe').each do |find|
|
190
212
|
find_src = find.attr('src')
|
191
213
|
|
192
|
-
if find_src.start_with?('http', 'https')
|
214
|
+
if find_src and find_src.start_with?('http', 'https')
|
193
215
|
@csp_frame_src.push find_src.match(/(.*\/)+(.*$)/)[1]
|
194
216
|
end
|
195
217
|
end
|
196
218
|
end
|
197
219
|
|
220
|
+
def get_domain(url)
|
221
|
+
uri = URI.parse(url)
|
222
|
+
"#{uri.scheme}://#{uri.host}"
|
223
|
+
end
|
224
|
+
|
198
225
|
##
|
199
226
|
# Generate a content hash
|
200
227
|
def generate_sha256_content_hash(content)
|
@@ -237,9 +264,8 @@ module Jekyll
|
|
237
264
|
if File.extname(dest_path) == ".html"
|
238
265
|
content_security_policy_generator = ContentSecurityPolicyGenerator.new output
|
239
266
|
output = content_security_policy_generator.run
|
267
|
+
write_file_contents(dest_path, output)
|
240
268
|
end
|
241
|
-
|
242
|
-
write_file_contents(dest_path, output)
|
243
269
|
end
|
244
270
|
|
245
271
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: jekyll-content-security-policy-generator
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.6.
|
4
|
+
version: 1.6.13
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- strongscot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-04-
|
11
|
+
date: 2021-04-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jekyll
|
@@ -42,16 +42,16 @@ dependencies:
|
|
42
42
|
name: nokogiri
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
|
-
- - "
|
45
|
+
- - ">="
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: '
|
47
|
+
version: '0'
|
48
48
|
type: :runtime
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
|
-
- - "
|
52
|
+
- - ">="
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: '
|
54
|
+
version: '0'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: rake
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -94,8 +94,10 @@ dependencies:
|
|
94
94
|
- - ">="
|
95
95
|
- !ruby/object:Gem::Version
|
96
96
|
version: '0'
|
97
|
-
description:
|
98
|
-
frames
|
97
|
+
description: Will generate a content-security-policy based on images, scripts, stylesheets,
|
98
|
+
frames andothers on each generated page. This script assumes that all your linked
|
99
|
+
resources as 'safe'.Style attributes will also be converted into <style> elements
|
100
|
+
and SHA256 hashes will begenerated for inline styles/scripts.
|
99
101
|
email:
|
100
102
|
- mail@strongscot.com
|
101
103
|
executables: []
|
@@ -103,6 +105,8 @@ extensions: []
|
|
103
105
|
extra_rdoc_files: []
|
104
106
|
files:
|
105
107
|
- ".gitignore"
|
108
|
+
- CODE_OF_CONDUCT.md
|
109
|
+
- Cover.png
|
106
110
|
- LICENSE
|
107
111
|
- Makefile
|
108
112
|
- README.md
|