MediaWiki
1.33.0
|
Api module to receive and log CSP violation reports. More...
Public Member Functions | |
execute () | |
Logs a content-security-policy violation report from web browser. More... | |
getAllowedParams () | |
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (array with PARAM_* constants as keys) Don't call this function directly: use getFinalParams() to allow hooks to modify parameters as needed. More... | |
isInternal () | |
Mark as internal. More... | |
isReadMode () | |
Even if you don't have read rights, we still want your report. More... | |
isWriteMode () | |
Indicates whether this module requires write mode. More... | |
mustBePosted () | |
Indicates whether this module must be called with a POST request. More... | |
shouldCheckMaxLag () | |
Doesn't touch db, so max lag should be rather irrelavent. More... | |
Public Member Functions inherited from ApiBase | |
__construct (ApiMain $mainModule, $moduleName, $modulePrefix='') | |
getModuleManager () | |
Get the module manager, or null if this module has no sub-modules. More... | |
getCustomPrinter () | |
If the module may only be used with a certain format module, it should override this method to return an instance of that formatter. More... | |
getHelpUrls () | |
Return links to more detailed help pages about the module. More... | |
shouldCheckMaxlag () | |
Indicates if this module needs maxlag to be checked. More... | |
isDeprecated () | |
Indicates whether this module is deprecated. More... | |
needsToken () | |
Returns the token type this module requires in order to execute. More... | |
getConditionalRequestData ( $condition) | |
Returns data for HTTP conditional request mechanisms. More... | |
getModuleName () | |
Get the name of the module being executed by this instance. More... | |
getModulePrefix () | |
Get parameter prefix (usually two letters or an empty string). More... | |
getMain () | |
Get the main module. More... | |
isMain () | |
Returns true if this module is the main module ($this === $this->mMainModule), false otherwise. More... | |
getParent () | |
Get the parent of this module. More... | |
lacksSameOriginSecurity () | |
Returns true if the current request breaks the same-origin policy. More... | |
getModulePath () | |
Get the path to this module. More... | |
getModuleFromPath ( $path) | |
Get a module from its module path. More... | |
getResult () | |
Get the result object. More... | |
getErrorFormatter () | |
Get the error formatter. More... | |
getContinuationManager () | |
Get the continuation manager. More... | |
setContinuationManager (ApiContinuationManager $manager=null) | |
Set the continuation manager. More... | |
dynamicParameterDocumentation () | |
Indicate if the module supports dynamically-determined parameters that cannot be included in self::getAllowedParams(). More... | |
encodeParamName ( $paramName) | |
This method mangles parameter name based on the prefix supplied to the constructor. More... | |
extractRequestParams ( $options=[]) | |
Using getAllowedParams(), this function makes an array of the values provided by the user, with key being the name of the variable, and value - validated value from user or default. More... | |
requireOnlyOneParameter ( $params, $required) | |
Die if none or more than one of a certain set of parameters is set and not false. More... | |
requireMaxOneParameter ( $params, $required) | |
Die if more than one of a certain set of parameters is set and not false. More... | |
requireAtLeastOneParameter ( $params, $required) | |
Die if none of a certain set of parameters is set and not false. More... | |
requirePostedParameters ( $params, $prefix='prefix') | |
Die if any of the specified parameters were found in the query part of the URL rather than the post body. More... | |
getTitleOrPageId ( $params, $load=false) | |
Get a WikiPage object from a title or pageid param, if possible. More... | |
getTitleFromTitleOrPageId ( $params) | |
Get a Title object from a title or pageid param, if possible. More... | |
validateToken ( $token, array $params) | |
Validate the supplied token. More... | |
getWatchlistUser ( $params) | |
Gets the user for whom to get the watchlist. More... | |
errorArrayToStatus (array $errors, User $user=null) | |
Turn an array of message keys or key+param arrays into a Status. More... | |
addBlockInfoToStatus (StatusValue $status, User $user=null) | |
Add block info to block messages in a Status. More... | |
addWarning ( $msg, $code=null, $data=null) | |
Add a warning for this module. More... | |
addDeprecation ( $msg, $feature, $data=[]) | |
Add a deprecation warning for this module. More... | |
addError ( $msg, $code=null, $data=null) | |
Add an error for this module without aborting. More... | |
addMessagesFromStatus (StatusValue $status, $types=[ 'warning', 'error'], array $filter=[]) | |
Add warnings and/or errors from a Status. More... | |
dieWithError ( $msg, $code=null, $data=null, $httpCode=null) | |
Abort execution with an error. More... | |
dieWithException ( $exception, array $options=[]) | |
Abort execution with an error derived from an exception. More... | |
dieBlocked (Block $block) | |
Throw an ApiUsageException, which will (if uncaught) call the main module's error handler and die with an error message including block info. More... | |
dieStatus (StatusValue $status) | |
Throw an ApiUsageException based on the Status object. More... | |
dieReadOnly () | |
Helper function for readonly errors. More... | |
checkUserRightsAny ( $rights, $user=null) | |
Helper function for permission-denied errors. More... | |
checkTitleUserPermissions (Title $title, $actions, $options=[]) | |
Helper function for permission-denied errors. More... | |
dieWithErrorOrDebug ( $msg, $code=null, $data=null, $httpCode=null) | |
Will only set a warning instead of failing if the global $wgDebugAPI is set to true. More... | |
logFeatureUsage ( $feature) | |
Write logging information for API features to a debug log, for usage analysis. More... | |
getFinalSummary () | |
Get final module summary. More... | |
getFinalDescription () | |
Get final module description, after hooks have had a chance to tweak it as needed. More... | |
getFinalParams ( $flags=0) | |
Get final list of parameters, after hooks have had a chance to tweak it as needed. More... | |
getFinalParamDescription () | |
Get final parameter descriptions, after hooks have had a chance to tweak it as needed. More... | |
modifyHelp (array &$help, array $options, array &$tocData) | |
Called from ApiHelp before the pieces are joined together and returned. More... | |
Public Member Functions inherited from ContextSource | |
canUseWikiPage () | |
Check whether a WikiPage object can be get with getWikiPage(). More... | |
exportSession () | |
Export the resolved user IP, HTTP headers, user ID, and session ID. More... | |
getConfig () | |
getContext () | |
Get the base IContextSource object. More... | |
getLanguage () | |
getOutput () | |
getRequest () | |
getSkin () | |
getStats () | |
getTiming () | |
getTitle () | |
getUser () | |
getWikiPage () | |
Get the WikiPage object. More... | |
msg ( $key) | |
Get a Message object with context set Parameters are the same as wfMessage() More... | |
setContext (IContextSource $context) | |
Public Attributes | |
const | MAX_POST_SIZE = 8192 |
These reports should be small. More... | |
Public Attributes inherited from ApiBase | |
string | $mModulePrefix |
const | ALL_DEFAULT_STRING = '*' |
const | GET_VALUES_FOR_HELP = 1 |
getAllowedParams() flag: When set, the result could take longer to generate, but should be more thorough. More... | |
const | LIMIT_BIG1 = 500 |
Fast query, standard limit. More... | |
const | LIMIT_BIG2 = 5000 |
Fast query, apihighlimits limit. More... | |
const | LIMIT_SML1 = 50 |
Slow query, standard limit. More... | |
const | LIMIT_SML2 = 500 |
Slow query, apihighlimits limit. More... | |
const | PARAM_DFLT = 0 |
(null|boolean|integer|string) Default value of the parameter. More... | |
const | PARAM_ISMULTI = 1 |
(boolean) Accept multiple pipe-separated values for this parameter (e.g. More... | |
const | PARAM_TYPE = 2 |
(string|string[]) Either an array of allowed value strings, or a string type as described below. More... | |
const | PARAM_MAX = 3 |
(integer) Max value allowed for the parameter, for PARAM_TYPE 'integer' and 'limit'. More... | |
const | PARAM_MAX2 = 4 |
(integer) Max value allowed for the parameter for users with the apihighlimits right, for PARAM_TYPE 'limit'. More... | |
const | PARAM_MIN = 5 |
(integer) Lowest value allowed for the parameter, for PARAM_TYPE 'integer' and 'limit'. More... | |
const | PARAM_ALLOW_DUPLICATES = 6 |
(boolean) Allow the same value to be set more than once when PARAM_ISMULTI is true? More... | |
const | PARAM_DEPRECATED = 7 |
(boolean) Is the parameter deprecated (will show a warning)? More... | |
const | PARAM_REQUIRED = 8 |
(boolean) Is the parameter required? More... | |
const | PARAM_RANGE_ENFORCE = 9 |
(boolean) For PARAM_TYPE 'integer', enforce PARAM_MIN and PARAM_MAX? More... | |
const | PARAM_HELP_MSG = 10 |
(string|array|Message) Specify an alternative i18n documentation message for this parameter. More... | |
const | PARAM_HELP_MSG_APPEND = 11 |
((string|array|Message)[]) Specify additional i18n messages to append to the normal message for this parameter. More... | |
const | PARAM_HELP_MSG_INFO = 12 |
(array) Specify additional information tags for the parameter. More... | |
const | PARAM_VALUE_LINKS = 13 |
(string[]) When PARAM_TYPE is an array, this may be an array mapping those values to page titles which will be linked in the help. More... | |
const | PARAM_HELP_MSG_PER_VALUE = 14 |
((string|array|Message)[]) When PARAM_TYPE is an array, this is an array mapping those values to $msg for ApiBase::makeMessage(). More... | |
const | PARAM_SUBMODULE_MAP = 15 |
(string[]) When PARAM_TYPE is 'submodule', map parameter values to submodule paths. More... | |
const | PARAM_SUBMODULE_PARAM_PREFIX = 16 |
(string) When PARAM_TYPE is 'submodule', used to indicate the 'g' prefix added by ApiQueryGeneratorBase (and similar if anything else ever does that). More... | |
const | PARAM_ALL = 17 |
(boolean|string) When PARAM_TYPE has a defined set of values and PARAM_ISMULTI is true, this allows for an asterisk ('*') to be passed in place of a pipe-separated list of every possible value. More... | |
const | PARAM_EXTRA_NAMESPACES = 18 |
(int[]) When PARAM_TYPE is 'namespace', include these as additional possible values. More... | |
const | PARAM_SENSITIVE = 19 |
(boolean) Is the parameter sensitive? Note 'password'-type fields are always sensitive regardless of the value of this field. More... | |
const | PARAM_DEPRECATED_VALUES = 20 |
(array) When PARAM_TYPE is an array, this indicates which of the values are deprecated. More... | |
const | PARAM_ISMULTI_LIMIT1 = 21 |
(integer) Maximum number of values, for normal users. More... | |
const | PARAM_ISMULTI_LIMIT2 = 22 |
(integer) Maximum number of values, for users with the apihighimits right. More... | |
const | PARAM_MAX_BYTES = 23 |
(integer) Maximum length of a string in bytes (in UTF-8 encoding). More... | |
const | PARAM_MAX_CHARS = 24 |
(integer) Maximum length of a string in characters (unicode codepoints). More... | |
const | PARAM_TEMPLATE_VARS = 25 |
(array) Indicate that this is a templated parameter, and specify replacements. More... | |
Private Member Functions | |
error ( $code, $method) | |
Stop processing the request, and output/log an error. More... | |
generateLogLine ( $flags, $report) | |
Get text of log line. More... | |
getFlags ( $report, $userAgent) | |
Get extra notes about the report. More... | |
getReport () | |
Get the report from post body and turn into associative array. More... | |
logReport ( $flags, $logLine, $context) | |
Log CSP report, with a different severity depending on $flags. More... | |
verifyPostBodyOk () | |
Output an api error if post body is obviously not OK. More... | |
Private Attributes | |
$log | |
Additional Inherited Members | |
Static Public Member Functions inherited from ApiBase | |
static | makeMessage ( $msg, IContextSource $context, array $params=null) |
Create a Message from a string or array. More... | |
static | truncateArray (&$arr, $limit) |
Truncate an array to a certain length. More... | |
Protected Member Functions inherited from ApiBase | |
getExamplesMessages () | |
Returns usage examples for this module. More... | |
getWebUITokenSalt (array $params) | |
Fetch the salt used in the Web UI corresponding to this module. More... | |
getDB () | |
Gets a default replica DB connection object. More... | |
getParameter ( $paramName, $parseLimit=true) | |
Get a value for the given parameter. More... | |
getWatchlistValue ( $watchlist, $titleObj, $userOption=null) | |
Return true if we're to watch the page, false if not, null if no change. More... | |
getParameterFromSettings ( $paramName, $paramSettings, $parseLimit) | |
Using the settings determine the value for the given parameter. More... | |
handleParamNormalization ( $paramName, $value, $rawValue) | |
Handle when a parameter was Unicode-normalized. More... | |
explodeMultiValue ( $value, $limit) | |
Split a multi-valued parameter string, like explode() More... | |
parseMultiValue ( $valueName, $value, $allowMultiple, $allowedValues, $allSpecifier=null, $limit1=null, $limit2=null) | |
Return an array of values that were given in a 'a|b|c' notation, after it optionally validates them against the list allowed values. More... | |
validateLimit ( $paramName, &$value, $min, $max, $botMax=null, $enforceLimits=false) | |
Validate the value against the minimum and user/bot maximum limits. More... | |
validateTimestamp ( $value, $encParamName) | |
Validate and normalize parameters of type 'timestamp'. More... | |
setWatch ( $watch, $titleObj, $userOption=null) | |
Set a watch (or unwatch) based the based on a watchlist parameter. More... | |
useTransactionalTimeLimit () | |
Call wfTransactionalTimeLimit() if this request was POSTed. More... | |
filterIDs ( $fields, array $ids) | |
Filter out-of-range values from a list of positive integer IDs. More... | |
dieContinueUsageIf ( $condition) | |
Die with the 'badcontinue' error. More... | |
getSummaryMessage () | |
Return the summary message. More... | |
getExtendedDescription () | |
Return the extended help text message. More... | |
getHelpFlags () | |
Generates the list of flags for the help screen and for action=paraminfo. More... | |
getModuleSourceInfo () | |
Returns information about the source of this module, if known. More... | |
getDescription () | |
Returns the description string for this module. More... | |
getParamDescription () | |
Returns an array of parameter descriptions. More... | |
getExamples () | |
Returns usage examples for this module. More... | |
getDescriptionMessage () | |
Return the description message. More... | |
Static Protected Member Functions inherited from ApiBase | |
static | dieDebug ( $method, $message) |
Internal code errors should be reported with this method. More... | |
Api module to receive and log CSP violation reports.
Definition at line 30 of file ApiCSPReport.php.
|
private |
Stop processing the request, and output/log an error.
string | $code | error code |
string | $method | method that made error |
ApiUsageException | Always |
Definition at line 195 of file ApiCSPReport.php.
References $code, ApiBase\dieWithError(), ContextSource\getRequest(), and wfEscapeWikiText().
Referenced by getReport(), and verifyPostBodyOk().
ApiCSPReport::execute | ( | ) |
Logs a content-security-policy violation report from web browser.
Reimplemented from ApiBase.
Definition at line 42 of file ApiCSPReport.php.
References generateLogLine(), getFlags(), ApiBase\getModuleName(), ApiBase\getParameter(), getReport(), ContextSource\getRequest(), ApiBase\getResult(), ContextSource\getUser(), logReport(), and verifyPostBodyOk().
|
private |
Get text of log line.
array | $flags | of additional markers for this report |
array | $report | the csp report |
Definition at line 173 of file ApiCSPReport.php.
References $line.
Referenced by execute().
ApiCSPReport::getAllowedParams | ( | ) |
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (array with PARAM_* constants as keys) Don't call this function directly: use getFinalParams() to allow hooks to modify parameters as needed.
Some derived classes may choose to handle an integer $flags parameter in the overriding methods. Callers of this method can pass zero or more OR-ed flags like GET_VALUES_FOR_HELP.
Reimplemented from ApiBase.
Definition at line 206 of file ApiCSPReport.php.
References false, ApiBase\PARAM_DFLT, ApiBase\PARAM_REQUIRED, and ApiBase\PARAM_TYPE.
|
private |
Get extra notes about the report.
array | $report | The CSP report |
string | $userAgent |
Definition at line 87 of file ApiCSPReport.php.
References $source, ContentSecurityPolicy\falsePositiveBrowser(), ContextSource\getConfig(), and ApiBase\getParameter().
Referenced by execute().
|
private |
Get the report from post body and turn into associative array.
Definition at line 143 of file ApiCSPReport.php.
References error(), FormatJson\FORCE_ASSOC, ContextSource\getRequest(), and FormatJson\parse().
Referenced by execute().
ApiCSPReport::isInternal | ( | ) |
Mark as internal.
This isn't meant to be used by normal api users
Reimplemented from ApiBase.
Definition at line 232 of file ApiCSPReport.php.
ApiCSPReport::isReadMode | ( | ) |
Even if you don't have read rights, we still want your report.
Reimplemented from ApiBase.
Definition at line 240 of file ApiCSPReport.php.
ApiCSPReport::isWriteMode | ( | ) |
Indicates whether this module requires write mode.
This should return true for modules that may require synchronous database writes. Modules that do not need such writes should also not rely on master database access, since only read queries are needed and each master DB is a single point of failure. Additionally, requests that only need replica DBs can be efficiently routed to any datacenter via the Promise-Non-Write-API-Action header.
Reimplemented from ApiBase.
Definition at line 224 of file ApiCSPReport.php.
|
private |
Log CSP report, with a different severity depending on $flags.
array | $flags | Flags for this report |
string | $logLine | text of log entry |
array | $context | logging context |
Definition at line 70 of file ApiCSPReport.php.
References ContextSource\$context.
Referenced by execute().
ApiCSPReport::mustBePosted | ( | ) |
Indicates whether this module must be called with a POST request.
Reimplemented from ApiBase.
Definition at line 220 of file ApiCSPReport.php.
ApiCSPReport::shouldCheckMaxLag | ( | ) |
Doesn't touch db, so max lag should be rather irrelavent.
Also, this makes sure that reports aren't lost during lag events.
Definition at line 250 of file ApiCSPReport.php.
|
private |
Output an api error if post body is obviously not OK.
Definition at line 125 of file ApiCSPReport.php.
References $req, error(), ContextSource\getRequest(), and MAX_POST_SIZE.
Referenced by execute().
|
private |
Definition at line 32 of file ApiCSPReport.php.
const ApiCSPReport::MAX_POST_SIZE = 8192 |
These reports should be small.
Ignore super big reports out of paranoia
Definition at line 37 of file ApiCSPReport.php.
Referenced by verifyPostBodyOk().