Home Explore Help
Sign In
Home
/
codewars
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 8ebe0e50f7
Branches Tags
codewars
/
courses
/
flask
/
microblog
/
env
/
Lib
/
site-packages
/
werkzeug
/
datastructures
/
csp.py

csp.py 3.2 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394 
  1. from __future__ import annotations
    2. 

  2. 

  3. from .mixins import UpdateDictMixin
    4. 

  4. 

  5. 

  6. def csp_property(key):
    7. 

  7.     """Return a new property object for a content security policy header.
    8. 

  8.     Useful if you want to add support for a csp extension in a
    9. 

  9.     subclass.
    10. 

  10.     """
    11. 

  11.     return property(
    12. 

  12.         lambda x: x._get_value(key),
    13. 

  13.         lambda x, v: x._set_value(key, v),
    14. 

  14.         lambda x: x._del_value(key),
    15. 

  15.         f"accessor for {key!r}",
    16. 

  16.     )
    17. 

  17. 

  18. 

  19. class ContentSecurityPolicy(UpdateDictMixin, dict):
    20. 

  20.     """Subclass of a dict that stores values for a Content Security Policy
    21. 

  21.     header. It has accessors for all the level 3 policies.
    22. 

  22. 

  23.     Because the csp directives in the HTTP header use dashes the
    24. 

  24.     python descriptors use underscores for that.
    25. 

  25. 

  26.     To get a header of the :class:`ContentSecuirtyPolicy` object again
    27. 

  27.     you can convert the object into a string or call the
    28. 

  28.     :meth:`to_header` method.  If you plan to subclass it and add your
    29. 

  29.     own items have a look at the sourcecode for that class.
    30. 

  30. 

  31.     .. versionadded:: 1.0.0
    32. 

  32.        Support for Content Security Policy headers was added.
    33. 

  33. 

  34.     """
    35. 

  35. 

  36.     base_uri = csp_property("base-uri")
    37. 

  37.     child_src = csp_property("child-src")
    38. 

  38.     connect_src = csp_property("connect-src")
    39. 

  39.     default_src = csp_property("default-src")
    40. 

  40.     font_src = csp_property("font-src")
    41. 

  41.     form_action = csp_property("form-action")
    42. 

  42.     frame_ancestors = csp_property("frame-ancestors")
    43. 

  43.     frame_src = csp_property("frame-src")
    44. 

  44.     img_src = csp_property("img-src")
    45. 

  45.     manifest_src = csp_property("manifest-src")
    46. 

  46.     media_src = csp_property("media-src")
    47. 

  47.     navigate_to = csp_property("navigate-to")
    48. 

  48.     object_src = csp_property("object-src")
    49. 

  49.     prefetch_src = csp_property("prefetch-src")
    50. 

  50.     plugin_types = csp_property("plugin-types")
    51. 

  51.     report_to = csp_property("report-to")
    52. 

  52.     report_uri = csp_property("report-uri")
    53. 

  53.     sandbox = csp_property("sandbox")
    54. 

  54.     script_src = csp_property("script-src")
    55. 

  55.     script_src_attr = csp_property("script-src-attr")
    56. 

  56.     script_src_elem = csp_property("script-src-elem")
    57. 

  57.     style_src = csp_property("style-src")
    58. 

  58.     style_src_attr = csp_property("style-src-attr")
    59. 

  59.     style_src_elem = csp_property("style-src-elem")
    60. 

  60.     worker_src = csp_property("worker-src")
    61. 

  61. 

  62.     def __init__(self, values=(), on_update=None):
    63. 

  63.         dict.__init__(self, values or ())
    64. 

  64.         self.on_update = on_update
    65. 

  65.         self.provided = values is not None
    66. 

  66. 

  67.     def _get_value(self, key):
    68. 

  68.         """Used internally by the accessor properties."""
    69. 

  69.         return self.get(key)
    70. 

  70. 

  71.     def _set_value(self, key, value):
    72. 

  72.         """Used internally by the accessor properties."""
    73. 

  73.         if value is None:
    74. 

  74.             self.pop(key, None)
    75. 

  75.         else:
    76. 

  76.             self[key] = value
    77. 

  77. 

  78.     def _del_value(self, key):
    79. 

  79.         """Used internally by the accessor properties."""
    80. 

  80.         if key in self:
    81. 

  81.             del self[key]
    82. 

  82. 

  83.     def to_header(self):
    84. 

  84.         """Convert the stored values into a cache control header."""
    85. 

  85.         from ..http import dump_csp_header
    86. 

  86. 

  87.         return dump_csp_header(self)
    88. 

  88. 

  89.     def __str__(self):
    90. 

  90.         return self.to_header()
    91. 

  91. 

  92.     def __repr__(self):
    93. 

  93.         kv_str = " ".join(f"{k}={v!r}" for k, v in sorted(self.items()))
    94. 

  94.         return f"<{type(self).__name__} {kv_str}>"
    95.