Public Member Functions |
Public Attributes |
Private Member Functions |
Private Attributes |
List of all members
ApiCSPReport Class Reference
Api module to receive and log CSP violation reports. More...
Inheritance diagram for ApiCSPReport:
Collaboration diagram for ApiCSPReport:
Public Member Functions | |
| execute () | |
| Logs a content-security-policy violation report from web browser. | |
| getAllowedParams () | |
| Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (array with PARAM_* constants as keys) Don't call this function directly: use getFinalParams() to allow hooks to modify parameters as needed. | |
| isInternal () | |
| Mark as internal. | |
| isReadMode () | |
| Even if you don't have read rights, we still want your report. | |
| isWriteMode () | |
| Indicates whether this module requires write mode. | |
| mustBePosted () | |
| Indicates whether this module must be called with a POST request. | |
| shouldCheckMaxLag () | |
| Doesn't touch db, so max lag should be rather irrelavent. | |
 Public Member Functions inherited from ApiBase | |
| __construct (ApiMain $mainModule, $moduleName, $modulePrefix='') | |
| setWarning ( $warning) | |
| Set warning section for this module. | |
| dieUsage ( $description, $errorCode, $httpRespCode=0, $extradata=null) | |
| Throw a UsageException, which will (if uncaught) call the main module's error handler and die with an error message. | |
| dieBlocked (Block $block) | |
| Throw a UsageException, which will (if uncaught) call the main module's error handler and die with an error message including block info. | |
| getErrorFromStatus ( $status, &$extraData=null) | |
| Get error (as code, string) from a Status object. | |
| dieStatus ( $status) | |
| Throw a UsageException based on the errors in the Status object. | |
| dieReadOnly () | |
| Helper function for readonly errors. | |
| dieUsageMsg ( $error) | |
| Output the error message related to a certain array. | |
| dieUsageMsgOrDebug ( $error) | |
| Will only set a warning instead of failing if the global $wgDebugAPI is set to true. | |
| parseMsg ( $error) | |
| Return the error message related to a certain array. | |
| logFeatureUsage ( $feature) | |
| Write logging information for API features to a debug log, for usage analysis. | |
| getModuleManager () | |
| Get the module manager, or null if this module has no sub-modules. | |
| getCustomPrinter () | |
| If the module may only be used with a certain format module, it should override this method to return an instance of that formatter. | |
| getHelpUrls () | |
| Return links to more detailed help pages about the module. | |
| shouldCheckMaxlag () | |
| Indicates if this module needs maxlag to be checked. | |
| isDeprecated () | |
| Indicates whether this module is deprecated. | |
| needsToken () | |
| Returns the token type this module requires in order to execute. | |
| getConditionalRequestData ( $condition) | |
| Returns data for HTTP conditional request mechanisms. | |
| getModuleName () | |
| Get the name of the module being executed by this instance. | |
| getModulePrefix () | |
| Get parameter prefix (usually two letters or an empty string). | |
| getMain () | |
| Get the main module. | |
| isMain () | |
| Returns true if this module is the main module ($this === $this->mMainModule), false otherwise. | |
| getParent () | |
| Get the parent of this module. | |
| lacksSameOriginSecurity () | |
| Returns true if the current request breaks the same-origin policy. | |
| getModulePath () | |
| Get the path to this module. | |
| getModuleFromPath ( $path) | |
| Get a module from its module path. | |
| getResult () | |
| Get the result object. | |
| getErrorFormatter () | |
| Get the error formatter. | |
| getContinuationManager () | |
| Get the continuation manager. | |
| setContinuationManager ( $manager) | |
| Set the continuation manager. | |
| dynamicParameterDocumentation () | |
| Indicate if the module supports dynamically-determined parameters that cannot be included in self::getAllowedParams(). | |
| encodeParamName ( $paramName) | |
| This method mangles parameter name based on the prefix supplied to the constructor. | |
| extractRequestParams ( $parseLimit=true) | |
| Using getAllowedParams(), this function makes an array of the values provided by the user, with key being the name of the variable, and value - validated value from user or default. | |
| requireOnlyOneParameter ( $params, $required) | |
| Die if none or more than one of a certain set of parameters is set and not false. | |
| requireMaxOneParameter ( $params, $required) | |
| Die if more than one of a certain set of parameters is set and not false. | |
| requireAtLeastOneParameter ( $params, $required) | |
| Die if none of a certain set of parameters is set and not false. | |
| requirePostedParameters ( $params, $prefix='prefix') | |
| Die if any of the specified parameters were found in the query part of the URL rather than the post body. | |
| getTitleOrPageId ( $params, $load=false) | |
| Get a WikiPage object from a title or pageid param, if possible. | |
| validateToken ( $token, array $params) | |
| Validate the supplied token. | |
| getWatchlistUser ( $params) | |
| Gets the user for whom to get the watchlist. | |
| getFinalDescription () | |
| Get final module description, after hooks have had a chance to tweak it as needed. | |
| getFinalParams ( $flags=0) | |
| Get final list of parameters, after hooks have had a chance to tweak it as needed. | |
| getFinalParamDescription () | |
| Get final parameter descriptions, after hooks have had a chance to tweak it as needed. | |
| modifyHelp (array &$help, array $options, array &$tocData) | |
| Called from ApiHelp before the pieces are joined together and returned. | |
| getModuleProfileName ( $db=false) | |
| profileIn () | |
| profileOut () | |
| safeProfileOut () | |
| getProfileTime () | |
| profileDBIn () | |
| profileDBOut () | |
| getProfileDBTime () | |
| Public Member Functions inherited from ContextSource | |
| canUseWikiPage () | |
| Check whether a WikiPage object can be get with getWikiPage(). | |
| exportSession () | |
| Export the resolved user IP, HTTP headers, user ID, and session ID. | |
| getConfig () | |
| Get the Config object. | |
| getContext () | |
| Get the base IContextSource object. | |
| getLanguage () | |
| Get the Language object. | |
| getOutput () | |
| Get the OutputPage object. | |
| getRequest () | |
| Get the WebRequest object. | |
| getSkin () | |
| Get the Skin object. | |
| getStats () | |
| Get the Stats object. | |
| getTiming () | |
| Get the Timing object. | |
| getTitle () | |
| Get the Title object. | |
| getUser () | |
| Get the User object. | |
| getWikiPage () | |
| Get the WikiPage object. | |
| msg () | |
| Get a Message object with context set Parameters are the same as wfMessage() | |
| setContext (IContextSource $context) | |
| Set the IContextSource object. | |
Public Attributes | |
| const | MAX_POST_SIZE = 8192 |
| These reports should be small. | |
| Public Attributes inherited from ApiBase | |
| const | GET_VALUES_FOR_HELP = 1 |
| getAllowedParams() flag: When set, the result could take longer to generate, but should be more thorough. | |
| const | LIMIT_BIG1 = 500 |
| Fast query, standard limit. | |
| const | LIMIT_BIG2 = 5000 |
| Fast query, apihighlimits limit. | |
| const | LIMIT_SML1 = 50 |
| Slow query, standard limit. | |
| const | LIMIT_SML2 = 500 |
| Slow query, apihighlimits limit. | |
| const | PARAM_DFLT = 0 |
| (null|boolean|integer|string) Default value of the parameter. | |
| const | PARAM_ISMULTI = 1 |
| (boolean) Accept multiple pipe-separated values for this parameter (e.g. | |
| const | PARAM_TYPE = 2 |
| (string|string[]) Either an array of allowed value strings, or a string type as described below. | |
| const | PARAM_MAX = 3 |
| (integer) Max value allowed for the parameter, for PARAM_TYPE 'integer' and 'limit'. | |
| const | PARAM_MAX2 = 4 |
| (integer) Max value allowed for the parameter for users with the apihighlimits right, for PARAM_TYPE 'limit'. | |
| const | PARAM_MIN = 5 |
| (integer) Lowest value allowed for the parameter, for PARAM_TYPE 'integer' and 'limit'. | |
| const | PARAM_ALLOW_DUPLICATES = 6 |
| (boolean) Allow the same value to be set more than once when PARAM_ISMULTI is true? | |
| const | PARAM_DEPRECATED = 7 |
| (boolean) Is the parameter deprecated (will show a warning)? | |
| const | PARAM_REQUIRED = 8 |
| (boolean) Is the parameter required? | |
| const | PARAM_RANGE_ENFORCE = 9 |
| (boolean) For PARAM_TYPE 'integer', enforce PARAM_MIN and PARAM_MAX? | |
| const | PARAM_HELP_MSG = 10 |
| (string|array|Message) Specify an alternative i18n documentation message for this parameter. | |
| const | PARAM_HELP_MSG_APPEND = 11 |
| ((string|array|Message)[]) Specify additional i18n messages to append to the normal message for this parameter. | |
| const | PARAM_HELP_MSG_INFO = 12 |
| (array) Specify additional information tags for the parameter. | |
| const | PARAM_VALUE_LINKS = 13 |
| (string[]) When PARAM_TYPE is an array, this may be an array mapping those values to page titles which will be linked in the help. | |
| const | PARAM_HELP_MSG_PER_VALUE = 14 |
| ((string|array|Message)[]) When PARAM_TYPE is an array, this is an array mapping those values to $msg for ApiBase::makeMessage(). | |
| const | PARAM_SUBMODULE_MAP = 15 |
| (string[]) When PARAM_TYPE is 'submodule', map parameter values to submodule paths. | |
| const | PARAM_SUBMODULE_PARAM_PREFIX = 16 |
| (string) When PARAM_TYPE is 'submodule', used to indicate the 'g' prefix added by ApiQueryGeneratorBase (and similar if anything else ever does that). | |
| const | PARAM_SENSITIVE = 17 |
| (boolean) Is the parameter sensitive? Note 'password'-type fields are always sensitive regardless of the value of this field. | |
Private Member Functions | |
| error ( $code, $method) | |
| Stop processing the request, and output/log an error. | |
| generateLogLine ( $flags, $report) | |
| Get text of log line. | |
| getFlags ( $report) | |
| Get extra notes about the report. | |
| getReport () | |
| Get the report from post body and turn into associative array. | |
| logReport ( $flags, $logLine, $context) | |
| Log CSP report, with a different severity depending on $flags. | |
| verifyPostBodyOk () | |
| Output an api error if post body is obviously not OK. | |
Private Attributes | |
| $log | |
Additional Inherited Members | |
| Static Public Member Functions inherited from ApiBase | |
| static | truncateArray (&$arr, $limit) |
| Truncate an array to a certain length. | |
| static | makeMessage ( $msg, IContextSource $context, array $params=null) |
| Create a Message from a string or array. | |
| Static Public Attributes inherited from ApiBase | |
| static | $messageMap |
| Array that maps message keys to error messages. | |
| Protected Member Functions inherited from ApiBase | |
| dieContinueUsageIf ( $condition) | |
| Die with the $prefix. | |
| getExamplesMessages () | |
| Returns usage examples for this module. | |
| getWebUITokenSalt (array $params) | |
| Fetch the salt used in the Web UI corresponding to this module. | |
| getDB () | |
| Gets a default replica DB connection object. | |
| getParameter ( $paramName, $parseLimit=true) | |
| Get a value for the given parameter. | |
| getWatchlistValue ( $watchlist, $titleObj, $userOption=null) | |
| Return true if we're to watch the page, false if not, null if no change. | |
| getParameterFromSettings ( $paramName, $paramSettings, $parseLimit) | |
| Using the settings determine the value for the given parameter. | |
| handleParamNormalization ( $paramName, $value, $rawValue) | |
| Handle when a parameter was Unicode-normalized. | |
| explodeMultiValue ( $value, $limit) | |
| Split a multi-valued parameter string, like explode() | |
| parseMultiValue ( $valueName, $value, $allowMultiple, $allowedValues) | |
| Return an array of values that were given in a 'a|b|c' notation, after it optionally validates them against the list allowed values. | |
| validateLimit ( $paramName, &$value, $min, $max, $botMax=null, $enforceLimits=false) | |
| Validate the value against the minimum and user/bot maximum limits. | |
| validateTimestamp ( $value, $encParamName) | |
| Validate and normalize of parameters of type 'timestamp'. | |
| setWatch ( $watch, $titleObj, $userOption=null) | |
| Set a watch (or unwatch) based the based on a watchlist parameter. | |
| getDescriptionMessage () | |
| Return the description message. | |
| getHelpFlags () | |
| Generates the list of flags for the help screen and for action=paraminfo. | |
| getModuleSourceInfo () | |
| Returns information about the source of this module, if known. | |
| getDescription () | |
| Returns the description string for this module. | |
| getParamDescription () | |
| Returns an array of parameter descriptions. | |
| getExamples () | |
| Returns usage examples for this module. | |
| useTransactionalTimeLimit () | |
| Call wfTransactionalTimeLimit() if this request was POSTed. | |
| Static Protected Member Functions inherited from ApiBase | |
| static | dieDebug ( $method, $message) |
| Internal code errors should be reported with this method. | |
Detailed Description
Api module to receive and log CSP violation reports.
Definition at line 30 of file ApiCSPReport.php.
Member Function Documentation
◆ error()
|
private |
Stop processing the request, and output/log an error.
- Parameters
-
$code String error code $method String method that made error
- Exceptions
-
UsageException Always
Definition at line 181 of file ApiCSPReport.php.
References $code, ApiBase\dieUsage(), and ContextSource\getRequest().
Referenced by getReport(), and verifyPostBodyOk().
◆ execute()
| ApiCSPReport::execute | ( | ) |
Logs a content-security-policy violation report from web browser.
Reimplemented from ApiBase.
Definition at line 42 of file ApiCSPReport.php.
References $flags, generateLogLine(), getFlags(), ApiBase\getModuleName(), ApiBase\getParameter(), getReport(), ContextSource\getRequest(), ApiBase\getResult(), ContextSource\getUser(), logReport(), and verifyPostBodyOk().
◆ generateLogLine()
|
private |
◆ getAllowedParams()
| ApiCSPReport::getAllowedParams | ( | ) |
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (array with PARAM_* constants as keys) Don't call this function directly: use getFinalParams() to allow hooks to modify parameters as needed.
Some derived classes may choose to handle an integer $flags parameter in the overriding methods. Callers of this method can pass zero or more OR-ed flags like GET_VALUES_FOR_HELP.
- Returns
- array
Reimplemented from ApiBase.
Definition at line 190 of file ApiCSPReport.php.
References false, ApiBase\PARAM_DFLT, ApiBase\PARAM_REQUIRED, and ApiBase\PARAM_TYPE.
◆ getFlags()
|
private |
Get extra notes about the report.
- Parameters
-
$report Array The CSP report
- Returns
- Array
Definition at line 86 of file ApiCSPReport.php.
References $flags, $source, ContextSource\getConfig(), and ApiBase\getParameter().
Referenced by execute().
◆ getReport()
|
private |
Get the report from post body and turn into associative array.
- Returns
- Array
Definition at line 132 of file ApiCSPReport.php.
References $code, $status, error(), ApiBase\getErrorFromStatus(), ContextSource\getRequest(), and list.
Referenced by execute().
◆ isInternal()
| ApiCSPReport::isInternal | ( | ) |
Mark as internal.
This isn't meant to be used by normal api users
Reimplemented from ApiBase.
Definition at line 215 of file ApiCSPReport.php.
◆ isReadMode()
| ApiCSPReport::isReadMode | ( | ) |
Even if you don't have read rights, we still want your report.
Reimplemented from ApiBase.
Definition at line 222 of file ApiCSPReport.php.
◆ isWriteMode()
| ApiCSPReport::isWriteMode | ( | ) |
Indicates whether this module requires write mode.
- Returns
- bool
Reimplemented from ApiBase.
Definition at line 208 of file ApiCSPReport.php.
◆ logReport()
|
private |
Log CSP report, with a different severity depending on $flags.
- Parameters
-
$flags Array Flags for this report $logLine String text of log entry $context Array logging context
Definition at line 70 of file ApiCSPReport.php.
References ContextSource\$context, and $flags.
Referenced by execute().
◆ mustBePosted()
| ApiCSPReport::mustBePosted | ( | ) |
Indicates whether this module must be called with a POST request.
- Returns
- bool
Reimplemented from ApiBase.
Definition at line 204 of file ApiCSPReport.php.
◆ shouldCheckMaxLag()
| ApiCSPReport::shouldCheckMaxLag | ( | ) |
Doesn't touch db, so max lag should be rather irrelavent.
Also, this makes sure that reports aren't lost during lag events.
Definition at line 231 of file ApiCSPReport.php.
◆ verifyPostBodyOk()
|
private |
Output an api error if post body is obviously not OK.
Definition at line 114 of file ApiCSPReport.php.
References $req, error(), and ContextSource\getRequest().
Referenced by execute().
Member Data Documentation
◆ $log
|
private |
Definition at line 32 of file ApiCSPReport.php.
◆ MAX_POST_SIZE
| const ApiCSPReport::MAX_POST_SIZE = 8192 |
These reports should be small.
Ignore super big reports out of paranoia
Definition at line 37 of file ApiCSPReport.php.
The documentation for this class was generated from the following file:
- includes/api/ApiCSPReport.php
