feat: Implement Security Report endpoint #276

RaduW · 2019-10-23T14:37:42Z

Security report endpoint implementation.

endpoint

* master: (26 commits) doc: Add documentation about the path of an event through relay (#289) release: 0.4.59 meta: Changelog for 0.4.59 ref: Set _relay_processed to true (#293) feat(protocol): Add valid platforms as constant (#294) fix(protocol): Add missing legacy alias for stacktrace (#292) release: 0.4.58 meta: Add changelog for 0.4.58 feat: Expose globbing code from Semaphore to Python (#288) fix: Add code comment fix: Normalize before datascrubbing (#290) feat(projects): Evict project caches after some time (#287) feat: Add mkdocs like in symbolicator ref: Add event size metrics (#286) test: add panic test ref: Selectively log internal errors to stderr (#285) fix(cabi): Do not ignore process_value result in scrub_event (#284) feat(config): Add a config value for thread counts (#283) fix: Refactor outcomes for parity with Sentry (#282) feat: Add an error boundary to parsing project states (#281) ...

(still some expected output not matching)

untitaker

I haven't checked whether the schema matches the rfcs/specs and whether the url normalization is correct

general/src/protocol/security_report.rs

feat:(document-actors) WIP started implementation of security report

d17db26

endpoint

RaduW changed the title ~~feat:(document-actors) WIP started implementation of security report~~ feat:(security-report) WIP started implementation of security report Oct 23, 2019

RaduW changed the title ~~feat:(security-report) WIP started implementation of security report~~ feat:(security-report) Security Report endpoint Oct 23, 2019

jan-auer changed the title ~~feat:(security-report) Security Report endpoint~~ feat: Implement Security Report endpoint Oct 24, 2019

untitaker and others added 26 commits October 24, 2019 11:54

Merge remote-tracking branch 'origin/master' into feat/security-reports

6abbeee

ref: Avoid passing around strings as errors

9e31003

wip

8ccb4e1

wip

c6db49c

ref: Remove unnecessary serde(default)

014933b

feat:(document-actors) WIP security report

0ce479d

endpoint

ref(store): Move common code into own module

d4fa4ce

ref(store): Move security report parsing into general

b8baa03

fix(general): Use name for helper struct

2508bf3

feat(security-report): WIP work on the security report protocol

065c724

feat(security-report): WIP small fix

0460272

fix: Clippy lints

f1bac6e

fix(csp): Fix backfilling of the effective directive

de9b1a4

feat(security_report): Add logger attribute to all events

39b95b0

feat(csp): Port comment for stripe data scrubbing

4a26987

feat(security_report): Add common attributes in store normalizer

43849ac

feat(security_report): Extract requests from all report types

e418767

feat(security_report): Implement get_tags for all report types

b4ba402

feat(security_report): Implement get_culprit for all types

592b60e

fix(security_report): Fix some schema differences

4449174

fix(csp): Fix multiple whitespaces in culprit calculation

0700c10

fix(csp): Omit scheme from http and https hostnames

641d860

feat(security-report): add request filtering based on content-type

630145a

feat(security-report): small fix (hostname in get_message)

8f431ee

feat(security-report): added outcomes for security report errors

9d1db33

RaduW and others added 17 commits November 5, 2019 14:16

feat(security-report): minor, simplify code

867eadf

ref(security_report): Inline event_to_json

5b80f08

ref(security_report): Move CSP logger to normalizer

7d446d8

fix(csp): Ensure Referer header is only set when available

0ff2b69

fix(csp): Use effective-directive when given

159d242

fix(csp): Port URL unsplitting from Python

9ad0357

test(csp): Port Sentry CSP event manager tests

e762b49

feat(security_report): Extract release and env from query params

5a841fe

test(security_report): Port remaining event manager tests from Sentry

c87b0a8

fix(security_report): Respond with 201 created

9a7a635

fix(endpoints): Register forward endpoint last

d372c0e

fix(security_endpoint): Remove unused imports

abbdf78

feat(security-report): minor, simplify code

2a5a9bd

feat(security-report): added integration tests

82ae5f3

feat(security-report): WIP fixed some integration tests

db2dd16

(still some expected output not matching)

fix(security_report): Extract User-Agent instead of client_agent

7e20f5a

fix(security_report): Fix URI parsing

4ff5bab

jan-auer marked this pull request as ready for review November 7, 2019 09:14

jan-auer requested review from jan-auer and untitaker November 7, 2019 09:14

jan-auer approved these changes Nov 7, 2019

View reviewed changes

untitaker approved these changes Nov 7, 2019

View reviewed changes

general/src/protocol/security_report.rs Outdated Show resolved Hide resolved

jan-auer added 2 commits November 7, 2019 11:55

test(py): Remove old debug prints

9fc9e1f

fix(security_report): Remove debug print

b348cde

jan-auer merged commit 4a7e898 into master Nov 7, 2019

jan-auer deleted the feat/security-reports branch November 7, 2019 12:38

wpodgorski mentioned this pull request Nov 19, 2020

Expect-CT security reporting implementation does not comply with current revision of Expect-CT Extension for HTTP standard #843

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: Implement Security Report endpoint #276

feat: Implement Security Report endpoint #276

RaduW commented Oct 23, 2019

untitaker left a comment

feat: Implement Security Report endpoint #276

feat: Implement Security Report endpoint #276

Conversation

RaduW commented Oct 23, 2019

untitaker left a comment

Choose a reason for hiding this comment