@forge/csp 1.11.0-next.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +18 -0
- package/out/index.d.ts +0 -1
- package/out/index.d.ts.map +1 -1
- package/out/index.js +0 -1
- package/package.json +4 -5
- package/out/egress/egress-filtering-service.d.ts +0 -11
- package/out/egress/egress-filtering-service.d.ts.map +0 -1
- package/out/egress/egress-filtering-service.js +0 -46
- package/out/egress/index.d.ts +0 -3
- package/out/egress/index.d.ts.map +0 -1
- package/out/egress/index.js +0 -5
- package/out/egress/utils.d.ts +0 -3
- package/out/egress/utils.d.ts.map +0 -1
- package/out/egress/utils.js +0 -31
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,23 @@
|
|
|
1
1
|
# @forge/csp
|
|
2
2
|
|
|
3
|
+
## 2.0.0
|
|
4
|
+
|
|
5
|
+
### Major Changes
|
|
6
|
+
|
|
7
|
+
- 3c0ac54: Move egress related services out of @forge/csp into new @forge/egress package
|
|
8
|
+
|
|
9
|
+
## 2.0.0-next.0
|
|
10
|
+
|
|
11
|
+
### Major Changes
|
|
12
|
+
|
|
13
|
+
- 3c0ac54: Move egress related services out of @forge/csp into new @forge/egress package
|
|
14
|
+
|
|
15
|
+
## 1.11.0
|
|
16
|
+
|
|
17
|
+
### Minor Changes
|
|
18
|
+
|
|
19
|
+
- 671a6a63: Skip generating hashes for inline scripts if unsafe-inline is provided
|
|
20
|
+
|
|
3
21
|
## 1.11.0-next.0
|
|
4
22
|
|
|
5
23
|
### Minor Changes
|
package/out/index.d.ts
CHANGED
package/out/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,cAAc,OAAO,CAAC;AACtB,cAAc,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,cAAc,OAAO,CAAC;AACtB,cAAc,SAAS,CAAC"}
|
package/out/index.js
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@forge/csp",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "2.0.0",
|
|
4
4
|
"description": "Contains the CSP configuration for Custom UI resources in Forge",
|
|
5
5
|
"main": "out/index.js",
|
|
6
6
|
"author": "Atlassian",
|
|
@@ -11,13 +11,12 @@
|
|
|
11
11
|
"clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
|
|
12
12
|
},
|
|
13
13
|
"devDependencies": {
|
|
14
|
-
"@forge/cli-shared": "^
|
|
15
|
-
"@forge/manifest": "^
|
|
14
|
+
"@forge/cli-shared": "^3.1.0",
|
|
15
|
+
"@forge/manifest": "^4.2.0",
|
|
16
16
|
"@types/jest": "^26.0.0"
|
|
17
17
|
},
|
|
18
18
|
"dependencies": {
|
|
19
19
|
"cheerio": "^0.22.0",
|
|
20
|
-
"content-security-policy-parser": "^0.3.0"
|
|
21
|
-
"micromatch": "^4.0.2"
|
|
20
|
+
"content-security-policy-parser": "^0.3.0"
|
|
22
21
|
}
|
|
23
22
|
}
|
|
@@ -1,11 +0,0 @@
|
|
|
1
|
-
export declare class EgressFilteringService {
|
|
2
|
-
private readonly URLs;
|
|
3
|
-
private readonly wildcardDomains;
|
|
4
|
-
private readonly allowsEverything;
|
|
5
|
-
constructor(allowList: string[]);
|
|
6
|
-
private safeURL;
|
|
7
|
-
isValidUrl(url: string): boolean;
|
|
8
|
-
private domainCheck;
|
|
9
|
-
private domainIsAllowed;
|
|
10
|
-
}
|
|
11
|
-
//# sourceMappingURL=egress-filtering-service.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"egress-filtering-service.d.ts","sourceRoot":"","sources":["../../src/egress/egress-filtering-service.ts"],"names":[],"mappings":"AAGA,qBAAa,sBAAsB;IACjC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAQ;IAC7B,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAQ;IACxC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAU;gBAE/B,SAAS,EAAE,MAAM,EAAE;IAY/B,OAAO,CAAC,OAAO;IAOR,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAQvC,OAAO,CAAC,WAAW;IAWnB,OAAO,CAAC,eAAe;CAWxB"}
|
|
@@ -1,46 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.EgressFilteringService = void 0;
|
|
4
|
-
const tslib_1 = require("tslib");
|
|
5
|
-
const micromatch_1 = tslib_1.__importDefault(require("micromatch"));
|
|
6
|
-
const url_1 = require("url");
|
|
7
|
-
class EgressFilteringService {
|
|
8
|
-
constructor(allowList) {
|
|
9
|
-
this.URLs = allowList
|
|
10
|
-
.filter((domainOrURL) => !domainOrURL.startsWith('*'))
|
|
11
|
-
.map((url) => this.safeURL(url));
|
|
12
|
-
this.wildcardDomains = allowList
|
|
13
|
-
.filter((domainOrURL) => domainOrURL !== '*')
|
|
14
|
-
.map((url) => this.safeURL(url))
|
|
15
|
-
.filter((url) => url.hostname.startsWith('*'));
|
|
16
|
-
this.allowsEverything = allowList.includes('*');
|
|
17
|
-
}
|
|
18
|
-
safeURL(url, defaultProtocol = 'https://') {
|
|
19
|
-
const protocolRegex = /^(.*:\/\/)/;
|
|
20
|
-
return new url_1.URL(protocolRegex.test(url) ? url : `${defaultProtocol}${url}`);
|
|
21
|
-
}
|
|
22
|
-
isValidUrl(url) {
|
|
23
|
-
if (this.allowsEverything) {
|
|
24
|
-
return true;
|
|
25
|
-
}
|
|
26
|
-
return this.domainIsAllowed(this.safeURL(url));
|
|
27
|
-
}
|
|
28
|
-
domainCheck(domain, allowList) {
|
|
29
|
-
const hostnameMatchedProtocol = allowList
|
|
30
|
-
.filter((allowed) => allowed.protocol === domain.protocol)
|
|
31
|
-
.map((url) => url.hostname);
|
|
32
|
-
return (micromatch_1.default([domain.hostname], hostnameMatchedProtocol, {
|
|
33
|
-
dot: true
|
|
34
|
-
}).length > 0);
|
|
35
|
-
}
|
|
36
|
-
domainIsAllowed(domain) {
|
|
37
|
-
if (this.domainCheck(domain, this.URLs)) {
|
|
38
|
-
return true;
|
|
39
|
-
}
|
|
40
|
-
if (this.domainCheck(domain, this.wildcardDomains)) {
|
|
41
|
-
return true;
|
|
42
|
-
}
|
|
43
|
-
return false;
|
|
44
|
-
}
|
|
45
|
-
}
|
|
46
|
-
exports.EgressFilteringService = EgressFilteringService;
|
package/out/egress/index.d.ts
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/egress/index.ts"],"names":[],"mappings":"AAEA,cAAc,4BAA4B,CAAC;AAC3C,cAAc,SAAS,CAAC"}
|
package/out/egress/index.js
DELETED
package/out/egress/utils.d.ts
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/egress/utils.ts"],"names":[],"mappings":"AAGA,QAAA,MAAM,qCAAqC,oBAAqB,MAAM,EAAE,KAAG,KAAK,CAAC,MAAM,CA2BtF,CAAC;AAEF,OAAO,EAAE,qCAAqC,EAAE,CAAC"}
|
package/out/egress/utils.js
DELETED
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.sortAndGroupEgressPermissionsByDomain = void 0;
|
|
4
|
-
const tslib_1 = require("tslib");
|
|
5
|
-
const micromatch_1 = tslib_1.__importDefault(require("micromatch"));
|
|
6
|
-
const url_1 = require("url");
|
|
7
|
-
const sortAndGroupEgressPermissionsByDomain = (egressAddresses) => {
|
|
8
|
-
const protocolRegex = /^(.*?:\/\/)/;
|
|
9
|
-
const domainSet = new Set();
|
|
10
|
-
const groupSet = new Set();
|
|
11
|
-
const removeSet = new Set();
|
|
12
|
-
if ((egressAddresses === null || egressAddresses === void 0 ? void 0 : egressAddresses.length) === 0) {
|
|
13
|
-
return [];
|
|
14
|
-
}
|
|
15
|
-
egressAddresses.forEach((item) => {
|
|
16
|
-
const itemWithProtocol = protocolRegex.test(item) ? item : `https://${item}`;
|
|
17
|
-
const url = new url_1.URL(itemWithProtocol);
|
|
18
|
-
if (url.hostname.startsWith('*')) {
|
|
19
|
-
groupSet.add(url.hostname.substring(2));
|
|
20
|
-
removeSet.add('!' + url.hostname);
|
|
21
|
-
}
|
|
22
|
-
else {
|
|
23
|
-
domainSet.add(url.hostname);
|
|
24
|
-
}
|
|
25
|
-
});
|
|
26
|
-
if (removeSet.size === 0) {
|
|
27
|
-
return [...domainSet];
|
|
28
|
-
}
|
|
29
|
-
return [...new Set(micromatch_1.default([...domainSet], [...removeSet]).concat([...groupSet]))].sort();
|
|
30
|
-
};
|
|
31
|
-
exports.sortAndGroupEgressPermissionsByDomain = sortAndGroupEgressPermissionsByDomain;
|