@forge/csp 0.0.0-experimental-ed3737f → 0.0.0-experimental-64caa5a

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (28) hide show
  1. package/CHANGELOG.md +163 -1
  2. package/out/{csp-injection-service.d.ts → csp/csp-injection-service.d.ts} +2 -1
  3. package/out/csp/csp-injection-service.d.ts.map +1 -0
  4. package/out/{csp-injection-service.js → csp/csp-injection-service.js} +21 -3
  5. package/out/{csp-processing-service.d.ts → csp/csp-processing-service.d.ts} +1 -1
  6. package/out/csp/csp-processing-service.d.ts.map +1 -0
  7. package/out/{csp-processing-service.js → csp/csp-processing-service.js} +7 -4
  8. package/out/csp/index.d.ts +3 -0
  9. package/out/csp/index.d.ts.map +1 -0
  10. package/out/csp/index.js +5 -0
  11. package/out/egress/egress-filtering-service.d.ts +11 -0
  12. package/out/egress/egress-filtering-service.d.ts.map +1 -0
  13. package/out/egress/egress-filtering-service.js +46 -0
  14. package/out/egress/index.d.ts +3 -0
  15. package/out/egress/index.d.ts.map +1 -0
  16. package/out/egress/index.js +5 -0
  17. package/out/egress/utils.d.ts +3 -0
  18. package/out/egress/utils.d.ts.map +1 -0
  19. package/out/egress/utils.js +31 -0
  20. package/out/index.d.ts +2 -2
  21. package/out/index.d.ts.map +1 -1
  22. package/out/index.js +2 -2
  23. package/out/types.d.ts +5 -5
  24. package/out/types.d.ts.map +1 -1
  25. package/out/types.js +3 -0
  26. package/package.json +6 -5
  27. package/out/csp-injection-service.d.ts.map +0 -1
  28. package/out/csp-processing-service.d.ts.map +0 -1
package/CHANGELOG.md CHANGED
@@ -1,6 +1,168 @@
1
1
  # @forge/csp
2
2
 
3
- ## 0.0.0-experimental-ed3737f
3
+ ## 0.0.0-experimental-64caa5a
4
+
5
+ ### Patch Changes
6
+
7
+ - 04e4152: Enabling new frame ancestors '_.atl-paas.net' and '_.atlassian.com'
8
+
9
+ ## 1.8.1-next.0
10
+
11
+ ### Patch Changes
12
+
13
+ - 04e4152: Enabling new frame ancestors '_.atl-paas.net' and '_.atlassian.com'
14
+
15
+ ## 1.8.0
16
+
17
+ ### Minor Changes
18
+
19
+ - d5f3fac: Remove deprecated method for handling CSP user config
20
+ - f002362: Revert change for deprecated CSP
21
+
22
+ ## 1.8.0-next.1
23
+
24
+ ### Minor Changes
25
+
26
+ - f002362: Revert change for deprecated CSP
27
+
28
+ ## 1.8.0-next.0
29
+
30
+ ### Minor Changes
31
+
32
+ - d5f3fac: Remove deprecated method for handling CSP user config
33
+
34
+ ## 1.7.1
35
+
36
+ ### Patch Changes
37
+
38
+ - 4b41a80: Added egress messaging to install prompts
39
+
40
+ ## 1.7.1-next.0
41
+
42
+ ### Patch Changes
43
+
44
+ - 4b41a80: Added egress messaging to install prompts
45
+
46
+ ## 1.7.0
47
+
48
+ ### Minor Changes
49
+
50
+ - ef00257: Add \*.jira.com to allowed host site list
51
+
52
+ ### Patch Changes
53
+
54
+ - d7a1fe3: Update dependencies to remove any transitive dependencies on request
55
+
56
+ ## 1.7.0-next.1
57
+
58
+ ### Patch Changes
59
+
60
+ - d7a1fe3: Update dependencies to remove any transitive dependencies on request
61
+
62
+ ## 1.7.0-next.0
63
+
64
+ ### Minor Changes
65
+
66
+ - ef00257: Add \*.jira.com to allowed host site list
67
+
68
+ ## 1.6.0
69
+
70
+ ### Minor Changes
71
+
72
+ - 8714f5a: Add support for fonts and frames as part of Egress Permissions for Custom UI apps
73
+
74
+ ### Patch Changes
75
+
76
+ - f8ae8a2: Add support for Bitbucket origin in Custom UI
77
+
78
+ ## 1.6.0-next.1
79
+
80
+ ### Patch Changes
81
+
82
+ - f8ae8a2: Add support for Bitbucket origin in Custom UI
83
+
84
+ ## 1.6.0-next.0
85
+
86
+ ### Minor Changes
87
+
88
+ - 8714f5a: Add support for fonts and frames as part of Egress Permissions for Custom UI apps
89
+
90
+ ## 1.5.0
91
+
92
+ ### Minor Changes
93
+
94
+ - 638194f: Fix logic to detect missing fetch egress permission
95
+
96
+ ## 1.5.0-next.0
97
+
98
+ ### Minor Changes
99
+
100
+ - 638194f: Fix logic to detect missing fetch egress permission
101
+
102
+ ## 1.4.0
103
+
104
+ ### Minor Changes
105
+
106
+ - 05f608f: Added external fetch linting
107
+
108
+ ### Patch Changes
109
+
110
+ - bd9194a: Added error protection to egress filtering for URLs with no protocol
111
+
112
+ ## 1.4.0-next.1
113
+
114
+ ### Patch Changes
115
+
116
+ - bd9194a: Added error protection to egress filtering for URLs with no protocol
117
+
118
+ ## 1.4.0-next.0
119
+
120
+ ### Minor Changes
121
+
122
+ - 05f608f: Added external fetch linting
123
+
124
+ ## 1.3.0
125
+
126
+ ### Minor Changes
127
+
128
+ - 9ec2911: Allow style-src as part of Egress Permissions for Custom UI apps
129
+
130
+ ### Patch Changes
131
+
132
+ - 2ddcdb2: Update frame-ancestors for dev
133
+ - 2b3c55d: Fix to restrict frame ancestors of Custom UI apps
134
+
135
+ ## 1.3.0-next.2
136
+
137
+ ### Patch Changes
138
+
139
+ - 2ddcdb2: Update frame-ancestors for dev
140
+
141
+ ## 1.3.0-next.1
142
+
143
+ ### Minor Changes
144
+
145
+ - 9ec2911: Allow style-src as part of Egress Permissions for Custom UI apps
146
+
147
+ ## 1.2.1-next.0
148
+
149
+ ### Patch Changes
150
+
151
+ - 2b3c55d: Fix to restrict frame ancestors of Custom UI apps
152
+
153
+ ## 1.2.0
154
+
155
+ ### Minor Changes
156
+
157
+ - 6c482ef: Add `allow-downloads allow-modals` to sandbox
158
+
159
+ ## 1.2.0-next.0
160
+
161
+ ### Minor Changes
162
+
163
+ - 6c482ef: Add `allow-downloads allow-modals` to sandbox
164
+
165
+ ## 1.1.0
4
166
 
5
167
  ### Minor Changes
6
168
 
package/out/{csp-injection-service.d.ts → csp/csp-injection-service.d.ts} RENAMED
@@ -1,9 +1,10 @@
1
1
  import type { LambdaEnvironment } from '@forge/cli-shared';
2
- import { CSPDetails } from './types';
2
+ import { CSPDetails } from '../types';
3
3
  export declare class CSPInjectionService {
4
4
  private getCSPReportUri;
5
5
  private getForgeGlobalCSP;
6
6
  private getExistingCSPDetails;
7
+ private getFrameAncestors;
7
8
  getInjectableCSP: (existingCSPDetails: CSPDetails, env: LambdaEnvironment, tunnelCSPReporterUri?: string | undefined) => string[];
8
9
  }
9
10
  //# sourceMappingURL=csp-injection-service.d.ts.map
package/out/csp/csp-injection-service.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,UAAU,CAAC;AAUvD,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IAIzB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,iBAAiB;IAalB,gBAAgB,uBACD,UAAU,OACzB,iBAAiB,gDAErB,MAAM,EAAE,CA4CT;CACH"}
package/out/{csp-injection-service.js → csp/csp-injection-service.js} RENAMED
@@ -1,7 +1,7 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.CSPInjectionService = void 0;
4
- const types_1 = require("./types");
4
+ const types_1 = require("../types");
5
5
  const atlassianImageHosts = {
6
6
  dev: ['https://avatar-management--avatars.us-west-2.staging.public.atl-paas.net', 'https://api.dev.atlassian.com'],
7
7
  stg: ['https://avatar-management--avatars.us-west-2.staging.public.atl-paas.net', 'https://api.stg.atlassian.com'],
@@ -13,6 +13,9 @@ class CSPInjectionService {
13
13
  this.getInjectableCSP = (existingCSPDetails, env, tunnelCSPReporterUri) => {
14
14
  const reportUri = tunnelCSPReporterUri || this.getCSPReportUri(env);
15
15
  const defaultSrc = `'self'`;
16
+ const frameAncestors = ["'self'", ...this.getFrameAncestors(env)].join(' ');
17
+ const frameSrc = ["'self'", ...this.getExistingCSPDetails(types_1.ExternalCspType.FRAME_SRC, existingCSPDetails)].join(' ');
18
+ const fontSrc = ["'self'", ...this.getExistingCSPDetails(types_1.ExternalCspType.FONT_SRC, existingCSPDetails)].join(' ');
16
19
  const imgSrc = [
17
20
  "'self'",
18
21
  'data:',
@@ -33,16 +36,19 @@ class CSPInjectionService {
33
36
  this.getForgeGlobalCSP(env),
34
37
  ...this.getExistingCSPDetails(types_1.ExternalCspType.SCRIPT_SRC, existingCSPDetails)
35
38
  ].join(' ');
36
- const styleSrc = ["'self'", ...this.getExistingCSPDetails('style-src', existingCSPDetails)].join(' ');
39
+ const styleSrc = ["'self'", ...this.getExistingCSPDetails(types_1.ExternalCspType.STYLE_SRC, existingCSPDetails)].join(' ');
37
40
  return [
38
41
  `default-src ${defaultSrc}`,
42
+ `frame-ancestors ${frameAncestors}`,
43
+ `frame-src ${frameSrc}`,
44
+ `font-src ${fontSrc}`,
39
45
  `img-src ${imgSrc}`,
40
46
  `media-src ${mediaSrc}`,
41
47
  `connect-src ${connectSrc}`,
42
48
  `script-src ${scriptSrc}`,
43
49
  `style-src ${styleSrc}`,
44
50
  `form-action 'self'`,
45
- `sandbox allow-forms allow-scripts allow-same-origin`,
51
+ `sandbox allow-downloads allow-forms allow-modals allow-same-origin allow-scripts`,
46
52
  `report-uri ${reportUri}`
47
53
  ];
48
54
  };
@@ -61,5 +67,17 @@ class CSPInjectionService {
61
67
  var _a;
62
68
  return (_a = cspDetails[cspType]) !== null && _a !== void 0 ? _a : [];
63
69
  }
70
+ getFrameAncestors(env) {
71
+ if (env === 'prod')
72
+ return ['*.atlassian.net', 'bitbucket.org', '*.jira.com', '*.atlassian.com'];
73
+ return [
74
+ '*.jira-dev.com',
75
+ 'http://localhost:*',
76
+ '*.devbucket.org',
77
+ 'https://staging.bb-inf.net',
78
+ 'https://integration.bb-inf.net',
79
+ '*.atl-paas.net'
80
+ ];
81
+ }
64
82
  }
65
83
  exports.CSPInjectionService = CSPInjectionService;
package/out/{csp-processing-service.d.ts → csp/csp-processing-service.d.ts} RENAMED
@@ -1,6 +1,6 @@
1
1
  import type { Logger } from '@forge/cli-shared';
2
2
  import type { Permissions } from '@forge/manifest';
3
- import { ContentPermissions, CSPDetails, DocumentBody } from './types';
3
+ import { ContentPermissions, CSPDetails, DocumentBody } from '../types';
4
4
  export declare class CSPProcessingService {
5
5
  private readonly logger;
6
6
  constructor(logger: Pick<Logger, 'info'>);
package/out/csp/csp-processing-service.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"csp-processing-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-processing-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAKnD,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,YAAY,EAAuB,MAAM,UAAU,CAAC;AAiB7F,qBAAa,oBAAoB;IACnB,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC;IAElD,aAAa,CAAC,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,GAAG,UAAU;IAkBvE,wBAAwB,CAAC,kBAAkB,EAAE,kBAAkB,GAAG,MAAM,EAAE;IASjF,OAAO,CAAC,2BAA2B;IAcnC,OAAO,CAAC,WAAW;IASnB,OAAO,CAAC,YAAY;IAWpB,OAAO,CAAC,mBAAmB;IAoB3B,OAAO,CAAC,qBAAqB;IAW7B,OAAO,CAAC,UAAU;IAKlB,OAAO,CAAC,oBAAoB;IAM5B,OAAO,CAAC,mBAAmB;IAW3B,OAAO,CAAC,SAAS;IAIjB,OAAO,CAAC,WAAW;IAKnB,OAAO,CAAC,oBAAoB;CAa7B"}
package/out/{csp-processing-service.js → csp/csp-processing-service.js} RENAMED
@@ -21,8 +21,8 @@ class CSPProcessingService {
21
21
  const { scripts, styles } = (_a = permissions === null || permissions === void 0 ? void 0 : permissions.content) !== null && _a !== void 0 ? _a : { scripts: [], styles: [] };
22
22
  const external = (_b = permissions === null || permissions === void 0 ? void 0 : permissions.external) !== null && _b !== void 0 ? _b : {};
23
23
  const $ = cheerio_1.default.load(body);
24
- const _c = this.mapExternalPermissionsToCsp(external), { 'script-src': scriptSrc } = _c, mappedExternalCsp = tslib_1.__rest(_c, ['script-src']);
25
- return Object.assign({ 'style-src': this.getStyleSrc($, styles), 'script-src': [...this.getScriptSrc($, scripts), ...scriptSrc] }, mappedExternalCsp);
24
+ const _c = this.mapExternalPermissionsToCsp(external), { 'script-src': scriptSrc, 'style-src': styleSrc } = _c, mappedExternalCsp = tslib_1.__rest(_c, ['script-src', 'style-src']);
25
+ return Object.assign({ 'style-src': [...this.getStyleSrc($, styles), ...styleSrc], 'script-src': [...this.getScriptSrc($, scripts), ...scriptSrc] }, mappedExternalCsp);
26
26
  }
27
27
  getInvalidCspPermissions(contentPermissions) {
28
28
  var _a, _b;
@@ -33,12 +33,15 @@ class CSPProcessingService {
33
33
  }
34
34
  mapExternalPermissionsToCsp(externalPermissions) {
35
35
  var _a;
36
- const { images, media, scripts, fetch } = externalPermissions;
36
+ const { images, media, scripts, fetch, styles, fonts, frames } = externalPermissions;
37
37
  return {
38
38
  'img-src': images !== null && images !== void 0 ? images : [],
39
39
  'media-src': media !== null && media !== void 0 ? media : [],
40
40
  'script-src': scripts !== null && scripts !== void 0 ? scripts : [],
41
- 'connect-src': (_a = fetch === null || fetch === void 0 ? void 0 : fetch.client) !== null && _a !== void 0 ? _a : []
41
+ 'style-src': styles !== null && styles !== void 0 ? styles : [],
42
+ 'connect-src': (_a = fetch === null || fetch === void 0 ? void 0 : fetch.client) !== null && _a !== void 0 ? _a : [],
43
+ 'font-src': fonts !== null && fonts !== void 0 ? fonts : [],
44
+ 'frame-src': frames !== null && frames !== void 0 ? frames : []
42
45
  };
43
46
  }
44
47
  getStyleSrc($, userStyleSrc) {
package/out/csp/index.d.ts ADDED
@@ -0,0 +1,3 @@
1
+ export * from './csp-injection-service';
2
+ export * from './csp-processing-service';
3
+ //# sourceMappingURL=index.d.ts.map
package/out/csp/index.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/csp/index.ts"],"names":[],"mappings":"AAEA,cAAc,yBAAyB,CAAC;AACxC,cAAc,0BAA0B,CAAC"}
package/out/csp/index.js ADDED
@@ -0,0 +1,5 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ const tslib_1 = require("tslib");
4
+ tslib_1.__exportStar(require("./csp-injection-service"), exports);
5
+ tslib_1.__exportStar(require("./csp-processing-service"), exports);
package/out/egress/egress-filtering-service.d.ts ADDED
@@ -0,0 +1,11 @@
1
+ export declare class EgressFilteringService {
2
+ private readonly URLs;
3
+ private readonly wildcardDomains;
4
+ private readonly allowsEverything;
5
+ constructor(allowList: string[]);
6
+ private safeURL;
7
+ isValidUrl(url: string): boolean;
8
+ private domainCheck;
9
+ private domainIsAllowed;
10
+ }
11
+ //# sourceMappingURL=egress-filtering-service.d.ts.map
package/out/egress/egress-filtering-service.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"egress-filtering-service.d.ts","sourceRoot":"","sources":["../../src/egress/egress-filtering-service.ts"],"names":[],"mappings":"AAGA,qBAAa,sBAAsB;IACjC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAQ;IAC7B,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAQ;IACxC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAU;gBAE/B,SAAS,EAAE,MAAM,EAAE;IAY/B,OAAO,CAAC,OAAO;IAOR,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAQvC,OAAO,CAAC,WAAW;IAWnB,OAAO,CAAC,eAAe;CAWxB"}
package/out/egress/egress-filtering-service.js ADDED
@@ -0,0 +1,46 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.EgressFilteringService = void 0;
4
+ const tslib_1 = require("tslib");
5
+ const micromatch_1 = tslib_1.__importDefault(require("micromatch"));
6
+ const url_1 = require("url");
7
+ class EgressFilteringService {
8
+ constructor(allowList) {
9
+ this.URLs = allowList
10
+ .filter((domainOrURL) => !domainOrURL.startsWith('*'))
11
+ .map((url) => this.safeURL(url));
12
+ this.wildcardDomains = allowList
13
+ .filter((domainOrURL) => domainOrURL !== '*')
14
+ .map((url) => this.safeURL(url))
15
+ .filter((url) => url.hostname.startsWith('*'));
16
+ this.allowsEverything = allowList.includes('*');
17
+ }
18
+ safeURL(url, defaultProtocol = 'https://') {
19
+ const protocolRegex = /^(.*:\/\/)/;
20
+ return new url_1.URL(protocolRegex.test(url) ? url : `${defaultProtocol}${url}`);
21
+ }
22
+ isValidUrl(url) {
23
+ if (this.allowsEverything) {
24
+ return true;
25
+ }
26
+ return this.domainIsAllowed(this.safeURL(url));
27
+ }
28
+ domainCheck(domain, allowList) {
29
+ const hostnameMatchedProtocol = allowList
30
+ .filter((allowed) => allowed.protocol === domain.protocol)
31
+ .map((url) => url.hostname);
32
+ return (micromatch_1.default([domain.hostname], hostnameMatchedProtocol, {
33
+ dot: true
34
+ }).length > 0);
35
+ }
36
+ domainIsAllowed(domain) {
37
+ if (this.domainCheck(domain, this.URLs)) {
38
+ return true;
39
+ }
40
+ if (this.domainCheck(domain, this.wildcardDomains)) {
41
+ return true;
42
+ }
43
+ return false;
44
+ }
45
+ }
46
+ exports.EgressFilteringService = EgressFilteringService;
package/out/egress/index.d.ts ADDED
@@ -0,0 +1,3 @@
1
+ export * from './egress-filtering-service';
2
+ export * from './utils';
3
+ //# sourceMappingURL=index.d.ts.map
package/out/egress/index.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/egress/index.ts"],"names":[],"mappings":"AAEA,cAAc,4BAA4B,CAAC;AAC3C,cAAc,SAAS,CAAC"}
package/out/egress/index.js ADDED
@@ -0,0 +1,5 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ const tslib_1 = require("tslib");
4
+ tslib_1.__exportStar(require("./egress-filtering-service"), exports);
5
+ tslib_1.__exportStar(require("./utils"), exports);
package/out/egress/utils.d.ts ADDED
@@ -0,0 +1,3 @@
1
+ declare const sortAndGroupEgressPermissionsByDomain: (egressAddresses: string[]) => Array<string>;
2
+ export { sortAndGroupEgressPermissionsByDomain };
3
+ //# sourceMappingURL=utils.d.ts.map
package/out/egress/utils.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/egress/utils.ts"],"names":[],"mappings":"AAGA,QAAA,MAAM,qCAAqC,oBAAqB,MAAM,EAAE,KAAG,KAAK,CAAC,MAAM,CA2BtF,CAAC;AAEF,OAAO,EAAE,qCAAqC,EAAE,CAAC"}
package/out/egress/utils.js ADDED
@@ -0,0 +1,31 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.sortAndGroupEgressPermissionsByDomain = void 0;
4
+ const tslib_1 = require("tslib");
5
+ const micromatch_1 = tslib_1.__importDefault(require("micromatch"));
6
+ const url_1 = require("url");
7
+ const sortAndGroupEgressPermissionsByDomain = (egressAddresses) => {
8
+ const protocolRegex = /^(.*?:\/\/)/;
9
+ const domainSet = new Set();
10
+ const groupSet = new Set();
11
+ const removeSet = new Set();
12
+ if ((egressAddresses === null || egressAddresses === void 0 ? void 0 : egressAddresses.length) === 0) {
13
+ return [];
14
+ }
15
+ egressAddresses.forEach((item) => {
16
+ const itemWithProtocol = protocolRegex.test(item) ? item : `https://${item}`;
17
+ const url = new url_1.URL(itemWithProtocol);
18
+ if (url.hostname.startsWith('*')) {
19
+ groupSet.add(url.hostname.substring(2));
20
+ removeSet.add('!' + url.hostname);
21
+ }
22
+ else {
23
+ domainSet.add(url.hostname);
24
+ }
25
+ });
26
+ if (removeSet.size === 0) {
27
+ return [...domainSet];
28
+ }
29
+ return [...new Set(micromatch_1.default([...domainSet], [...removeSet]).concat([...groupSet]))].sort();
30
+ };
31
+ exports.sortAndGroupEgressPermissionsByDomain = sortAndGroupEgressPermissionsByDomain;
package/out/index.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- export * from './csp-injection-service';
2
- export * from './csp-processing-service';
1
+ export * from './csp';
2
+ export * from './egress';
3
3
  export * from './types';
4
4
  //# sourceMappingURL=index.d.ts.map
package/out/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,cAAc,yBAAyB,CAAC;AACxC,cAAc,0BAA0B,CAAC;AACzC,cAAc,SAAS,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,cAAc,OAAO,CAAC;AACtB,cAAc,UAAU,CAAC;AACzB,cAAc,SAAS,CAAC"}
package/out/index.js CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
3
  const tslib_1 = require("tslib");
4
- tslib_1.__exportStar(require("./csp-injection-service"), exports);
5
- tslib_1.__exportStar(require("./csp-processing-service"), exports);
4
+ tslib_1.__exportStar(require("./csp"), exports);
5
+ tslib_1.__exportStar(require("./egress"), exports);
6
6
  tslib_1.__exportStar(require("./types"), exports);
package/out/types.d.ts CHANGED
@@ -7,10 +7,10 @@ export declare enum ExternalCspType {
7
7
  IMG_SRC = "img-src",
8
8
  MEDIA_SRC = "media-src",
9
9
  SCRIPT_SRC = "script-src",
10
- CONNECT_SRC = "connect-src"
11
- }
12
- export declare type MappedExternalCsp = Record<ExternalCspType, string[]>;
13
- export interface CSPDetails extends MappedExternalCsp {
14
- 'style-src': string[];
10
+ STYLE_SRC = "style-src",
11
+ CONNECT_SRC = "connect-src",
12
+ FONT_SRC = "font-src",
13
+ FRAME_SRC = "frame-src"
15
14
  }
15
+ export declare type CSPDetails = Record<ExternalCspType, string[]>;
16
16
  //# sourceMappingURL=types.d.ts.map
package/out/types.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEnD,oBAAY,YAAY,GAAG,MAAM,GAAG,MAAM,CAAC;AAE3C,oBAAY,kBAAkB,GAAG,WAAW,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC;AACrE,oBAAY,mBAAmB,GAAG,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC;AACvE,oBAAY,eAAe;IACzB,OAAO,YAAY;IACnB,SAAS,cAAc;IACvB,UAAU,eAAe;IACzB,WAAW,gBAAgB;CAC5B;AACD,oBAAY,iBAAiB,GAAG,MAAM,CAAC,eAAe,EAAE,MAAM,EAAE,CAAC,CAAC;AAElE,MAAM,WAAW,UAAW,SAAQ,iBAAiB;IACnD,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEnD,oBAAY,YAAY,GAAG,MAAM,GAAG,MAAM,CAAC;AAE3C,oBAAY,kBAAkB,GAAG,WAAW,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC;AACrE,oBAAY,mBAAmB,GAAG,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC;AACvE,oBAAY,eAAe;IACzB,OAAO,YAAY;IACnB,SAAS,cAAc;IACvB,UAAU,eAAe;IACzB,SAAS,cAAc;IACvB,WAAW,gBAAgB;IAC3B,QAAQ,aAAa;IACrB,SAAS,cAAc;CACxB;AACD,oBAAY,UAAU,GAAG,MAAM,CAAC,eAAe,EAAE,MAAM,EAAE,CAAC,CAAC"}
package/out/types.js CHANGED
@@ -6,5 +6,8 @@ var ExternalCspType;
6
6
  ExternalCspType["IMG_SRC"] = "img-src";
7
7
  ExternalCspType["MEDIA_SRC"] = "media-src";
8
8
  ExternalCspType["SCRIPT_SRC"] = "script-src";
9
+ ExternalCspType["STYLE_SRC"] = "style-src";
9
10
  ExternalCspType["CONNECT_SRC"] = "connect-src";
11
+ ExternalCspType["FONT_SRC"] = "font-src";
12
+ ExternalCspType["FRAME_SRC"] = "frame-src";
10
13
  })(ExternalCspType = exports.ExternalCspType || (exports.ExternalCspType = {}));
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@forge/csp",
3
- "version": "0.0.0-experimental-ed3737f",
3
+ "version": "0.0.0-experimental-64caa5a",
4
4
  "description": "Contains the CSP configuration for Custom UI resources in Forge",
5
5
  "main": "out/index.js",
6
6
  "author": "Atlassian",
@@ -11,12 +11,13 @@
11
11
  "clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
12
12
  },
13
13
  "devDependencies": {
14
- "@forge/cli-shared": "^0.0.0-experimental-ed3737f",
15
- "@forge/manifest": "^0.0.0-experimental-ed3737f",
14
+ "@forge/cli-shared": "^0.0.0-experimental-64caa5a",
15
+ "@forge/manifest": "^0.0.0-experimental-64caa5a",
16
16
  "@types/jest": "^26.0.0"
17
17
  },
18
18
  "dependencies": {
19
- "cheerio": "^0.20.0",
20
- "content-security-policy-parser": "^0.3.0"
19
+ "cheerio": "^0.22.0",
20
+ "content-security-policy-parser": "^0.3.0",
21
+ "micromatch": "^4.0.2"
21
22
  }
22
23
  }
package/out/csp-injection-service.d.ts.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"csp-injection-service.d.ts","sourceRoot":"","sources":["../src/csp-injection-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,UAAU,EAAmB,MAAM,SAAS,CAAC;AAUtD,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,iBAAiB;IAIzB,OAAO,CAAC,qBAAqB;IAKtB,gBAAgB,uBACD,UAAU,OACzB,iBAAiB,gDAErB,MAAM,EAAE,CAsCT;CACH"}
package/out/csp-processing-service.d.ts.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"csp-processing-service.d.ts","sourceRoot":"","sources":["../src/csp-processing-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAKnD,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,YAAY,EAA0C,MAAM,SAAS,CAAC;AAiB/G,qBAAa,oBAAoB;IACnB,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC;IAElD,aAAa,CAAC,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,GAAG,UAAU;IAgBvE,wBAAwB,CAAC,kBAAkB,EAAE,kBAAkB,GAAG,MAAM,EAAE;IASjF,OAAO,CAAC,2BAA2B;IAWnC,OAAO,CAAC,WAAW;IASnB,OAAO,CAAC,YAAY;IAWpB,OAAO,CAAC,mBAAmB;IAoB3B,OAAO,CAAC,qBAAqB;IAW7B,OAAO,CAAC,UAAU;IAKlB,OAAO,CAAC,oBAAoB;IAM5B,OAAO,CAAC,mBAAmB;IAW3B,OAAO,CAAC,SAAS;IAIjB,OAAO,CAAC,WAAW;IAKnB,OAAO,CAAC,oBAAoB;CAa7B"}