Add specs for CSP violation reporter
parent
f21bd0568e
commit
871030cfa9
|
@ -35,7 +35,7 @@ class DashboardController < ApplicationController
|
|||
end
|
||||
|
||||
# Endpoint reports CSP violations, indicating a possible security problem.
|
||||
def csrf_reports
|
||||
def csp_reports
|
||||
payload = request.body.read || ""
|
||||
begin
|
||||
report = JSON.parse(payload)
|
||||
|
@ -43,9 +43,7 @@ class DashboardController < ApplicationController
|
|||
report = {problem: "Crashed while parsing report"}
|
||||
end
|
||||
Rollbar.error("CSP VIOLATION!!!", report)
|
||||
puts "============"
|
||||
puts report.to_yaml
|
||||
puts "============"
|
||||
|
||||
render json: report
|
||||
end
|
||||
end
|
||||
|
|
|
@ -98,7 +98,7 @@ module FarmBot
|
|||
# wouldn't, but I think it's too much
|
||||
# of an inconvinience to block that
|
||||
# feature. Comments welcome -RC.
|
||||
report_uri: %w(/csrf_reports)
|
||||
report_uri: %w(/csp_reports)
|
||||
}
|
||||
end
|
||||
end
|
||||
|
|
|
@ -60,7 +60,7 @@ FarmBot::Application.routes.draw do
|
|||
get "/" => "dashboard#front_page", as: :front_page
|
||||
get "/app" => "dashboard#main_app", as: :dashboard
|
||||
get "/tos_update" => "dashboard#tos_update", as: :tos_update
|
||||
post "/csrf_reports" => "dashboard#csrf_reports", as: :csrf_report
|
||||
post "/csp_reports" => "dashboard#csp_reports", as: :csp_report
|
||||
|
||||
match "/app/*path",
|
||||
to: "dashboard#main_app",
|
||||
|
|
|
@ -23,5 +23,17 @@ describe DashboardController do
|
|||
expect { get :main_app, params: {path: "nope.jpg"} }
|
||||
.to raise_error(ActionController::RoutingError)
|
||||
end
|
||||
|
||||
it "receives CSP violation reports (malformed JSON)" do
|
||||
expect(Rollbar).to receive(:error)
|
||||
.with("CSP VIOLATION!!!", {problem: "Crashed while parsing report"})
|
||||
post :csp_reports, body: "NOT JSON ! ! !"
|
||||
end
|
||||
|
||||
it "receives CSP violation reports (malformed JSON)" do
|
||||
expect(Rollbar).to receive(:error)
|
||||
.with("CSP VIOLATION!!!", {})
|
||||
post :csp_reports, body: {}.to_json, params: {format: :json}
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue