From e82e961dd75401cd78c5b46c7dde4e197557b385 Mon Sep 17 00:00:00 2001
From: hackademix
Date: Sun, 26 Aug 2018 16:33:40 +0200
Subject: Refactoring CSP building out of RequestGuard.

---
 src/lib/CSP.js    | 22 ++++++++++++++++++++++
 src/lib/NetCSP.js | 30 ++++++++++++++++++++++++++++++
 2 files changed, 52 insertions(+)
 create mode 100644 src/lib/CSP.js
 create mode 100644 src/lib/NetCSP.js

(limited to 'src/lib')

diff --git a/src/lib/CSP.js b/src/lib/CSP.js
new file mode 100644
index 0000000..8550f09
--- /dev/null
+++ b/src/lib/CSP.js
@@ -0,0 +1,22 @@
+"use strict";
+
+class CSP {
+    
+  build(...directives) {
+    return directives.join(';');
+  }
+  
+  buildBlocker(...types) {
+      return this.build(...(types.map(type => `${type.name || type}-src ${type.value || "'none'"}`)));
+  }
+  
+  blocks(header, type) {
+    return `;${header};`.includes(`;${type}-src 'none';`)
+  }
+  
+  asHeader(value) {
+    return {name: CSP.headerName, value};
+  }
+}
+
+CSP.headerName = "content-security-policy";
diff --git a/src/lib/NetCSP.js b/src/lib/NetCSP.js
new file mode 100644
index 0000000..cb79a80
--- /dev/null
+++ b/src/lib/NetCSP.js
@@ -0,0 +1,30 @@
+"use strict";
+
+class NetCSP extends CSP {
+  constructor(start, end) {
+    super();
+    this.start = start;
+    this.end = end;
+  }
+  
+  isMine(header) {
+    let {name, value} = header;
+    if (name.toLowerCase() !== CSP.headerName) return false;
+    let startIdx = value.indexOf(this.start);
+    return startIdx > -1 && startIdx < value.lastIndexOf(this.end);
+  }
+  
+  inject(headerValue, mine) {
+    let startIdx = headerValue.indexOf(this.start);
+    if (startIdx < 0) return `${headerValue};${mine}`;
+    let endIdx = headerValue.lastIndexOf(this.end);
+    let retValue = `${headerValue.substring(0, startIdx)}${mine}`;
+
+    return endIdx < 0 ? retValue : `${retValue}${headerValue.substring(endIdx + this.end.length + 1)}`;
+  }
+  
+  build(...directives) {
+    return `${this.start}${super.build(...directives)}${this.end}`;
+  }
+  
+}
-- 
cgit v1.2.3