MediaWiki REL1_37
|
Api module to receive and log CSP violation reports. More...
Public Member Functions | |
execute () | |
Logs a content-security-policy violation report from web browser. | |
getAllowedParams () | |
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (array with PARAM_* constants as keys) Don't call this function directly: use getFinalParams() to allow hooks to modify parameters as needed. | |
isInternal () | |
Mark as internal. | |
isReadMode () | |
Even if you don't have read rights, we still want your report. | |
mustBePosted () | |
Indicates whether this module must be called with a POST request. | |
shouldCheckMaxLag () | |
Doesn't touch db, so max lag should be rather irrelavent. | |
Public Member Functions inherited from ApiBase | |
__construct (ApiMain $mainModule, $moduleName, $modulePrefix='') | |
getModuleManager () | |
Get the module manager, or null if this module has no sub-modules. | |
getCustomPrinter () | |
If the module may only be used with a certain format module, it should override this method to return an instance of that formatter. | |
getHelpUrls () | |
Return links to more detailed help pages about the module. | |
shouldCheckMaxlag () | |
Indicates if this module needs maxlag to be checked. | |
isWriteMode () | |
Indicates whether this module requires write mode. | |
isDeprecated () | |
Indicates whether this module is deprecated. | |
needsToken () | |
Returns the token type this module requires in order to execute. | |
getConditionalRequestData ( $condition) | |
Returns data for HTTP conditional request mechanisms. | |
getModuleName () | |
Get the name of the module being executed by this instance. | |
getModulePrefix () | |
Get parameter prefix (usually two letters or an empty string). | |
getMain () | |
Get the main module. | |
isMain () | |
Returns true if this module is the main module ($this === $this->mMainModule), false otherwise. | |
getParent () | |
Get the parent of this module. | |
lacksSameOriginSecurity () | |
Returns true if the current request breaks the same-origin policy. | |
getModulePath () | |
Get the path to this module. | |
getModuleFromPath ( $path) | |
Get a module from its module path. | |
getResult () | |
Get the result object. | |
getErrorFormatter () | |
getContinuationManager () | |
setContinuationManager (ApiContinuationManager $manager=null) | |
dynamicParameterDocumentation () | |
Indicate if the module supports dynamically-determined parameters that cannot be included in self::getAllowedParams(). | |
encodeParamName ( $paramName) | |
This method mangles parameter name based on the prefix supplied to the constructor. | |
extractRequestParams ( $options=[]) | |
Using getAllowedParams(), this function makes an array of the values provided by the user, with key being the name of the variable, and value - validated value from user or default. | |
requireOnlyOneParameter ( $params,... $required) | |
Die if none or more than one of a certain set of parameters is set and not false. | |
requireMaxOneParameter ( $params,... $required) | |
Die if more than one of a certain set of parameters is set and not false. | |
requireAtLeastOneParameter ( $params,... $required) | |
Die if none of a certain set of parameters is set and not false. | |
requirePostedParameters ( $params, $prefix='prefix') | |
Die if any of the specified parameters were found in the query part of the URL rather than the post body. | |
getTitleOrPageId ( $params, $load=false) | |
Get a WikiPage object from a title or pageid param, if possible. | |
getTitleFromTitleOrPageId ( $params) | |
Get a Title object from a title or pageid param, if possible. | |
handleParamNormalization ( $paramName, $value, $rawValue) | |
Handle when a parameter was Unicode-normalized. | |
validateToken ( $token, array $params) | |
Validate the supplied token. | |
getWatchlistUser ( $params) | |
Gets the user for whom to get the watchlist. | |
errorArrayToStatus (array $errors, User $user=null) | |
Turn an array of message keys or key+param arrays into a Status. | |
addBlockInfoToStatus (StatusValue $status, Authority $user=null) | |
Add block info to block messages in a Status. | |
addWarning ( $msg, $code=null, $data=null) | |
Add a warning for this module. | |
addDeprecation ( $msg, $feature, $data=[]) | |
Add a deprecation warning for this module. | |
addError ( $msg, $code=null, $data=null) | |
Add an error for this module without aborting. | |
addMessagesFromStatus (StatusValue $status, $types=[ 'warning', 'error'], array $filter=[]) | |
Add warnings and/or errors from a Status. | |
dieWithError ( $msg, $code=null, $data=null, $httpCode=0) | |
Abort execution with an error. | |
dieWithException (Throwable $exception, array $options=[]) | |
Abort execution with an error derived from a throwable. | |
dieBlocked (Block $block) | |
Throw an ApiUsageException, which will (if uncaught) call the main module's error handler and die with an error message including block info. | |
dieStatus (StatusValue $status) | |
Throw an ApiUsageException based on the Status object. | |
dieReadOnly () | |
Helper function for readonly errors. | |
checkUserRightsAny ( $rights, $user=null) | |
Helper function for permission-denied errors. | |
checkTitleUserPermissions ( $pageIdentity, $actions, array $options=[]) | |
Helper function for permission-denied errors. | |
dieWithErrorOrDebug ( $msg, $code=null, $data=null, $httpCode=null) | |
Will only set a warning instead of failing if the global $wgDebugAPI is set to true. | |
logFeatureUsage ( $feature) | |
Write logging information for API features to a debug log, for usage analysis. | |
getFinalSummary () | |
Get final module summary. | |
getFinalDescription () | |
Get final module description, after hooks have had a chance to tweak it as needed. | |
getFinalParams ( $flags=0) | |
Get final list of parameters, after hooks have had a chance to tweak it as needed. | |
getFinalParamDescription () | |
Get final parameter descriptions, after hooks have had a chance to tweak it as needed. | |
modifyHelp (array &$help, array $options, array &$tocData) | |
Called from ApiHelp before the pieces are joined together and returned. | |
Public Member Functions inherited from ContextSource | |
canUseWikiPage () | |
Check whether a WikiPage object can be get with getWikiPage(). | |
exportSession () | |
Export the resolved user IP, HTTP headers, user ID, and session ID. | |
getAuthority () | |
getConfig () | |
getContext () | |
Get the base IContextSource object. | |
getCsrfTokenSet () | |
Get a repository to obtain and match CSRF tokens. | |
getLanguage () | |
getOutput () | |
getRequest () | |
getSkin () | |
getStats () | |
getTiming () | |
getTitle () | |
getUser () | |
getWikiPage () | |
Get the WikiPage object. | |
msg ( $key,... $params) | |
Get a Message object with context set Parameters are the same as wfMessage() | |
setContext (IContextSource $context) | |
Private Member Functions | |
error ( $code, $method) | |
Stop processing the request, and output/log an error. | |
generateLogLine ( $flags, $report) | |
Get text of log line. | |
getFlags ( $report, $userAgent) | |
Get extra notes about the report. | |
getReport () | |
Get the report from post body and turn into associative array. | |
logReport ( $flags, $logLine, $context) | |
Log CSP report, with a different severity depending on $flags. | |
matchUrlPattern ( $url, array $patterns) | |
originFromUrl ( $url) | |
verifyPostBodyOk () | |
Output an api error if post body is obviously not OK. | |
Private Attributes | |
LoggerInterface | $log |
const | MAX_POST_SIZE = 8192 |
These reports should be small. | |
Additional Inherited Members | |
Static Public Member Functions inherited from ApiBase | |
static | makeMessage ( $msg, IContextSource $context, array $params=null) |
Create a Message from a string or array. | |
Public Attributes inherited from ApiBase | |
const | PARAM_RANGE_ENFORCE = 'api-param-range-enforce' |
(boolean) Inverse of IntegerDef::PARAM_IGNORE_RANGE | |
const | PARAM_DFLT = ParamValidator::PARAM_DEFAULT |
const | PARAM_ISMULTI = ParamValidator::PARAM_ISMULTI |
const | PARAM_TYPE = ParamValidator::PARAM_TYPE |
const | PARAM_MAX = IntegerDef::PARAM_MAX |
const | PARAM_MAX2 = IntegerDef::PARAM_MAX2 |
const | PARAM_MIN = IntegerDef::PARAM_MIN |
const | PARAM_ALLOW_DUPLICATES = ParamValidator::PARAM_ALLOW_DUPLICATES |
const | PARAM_DEPRECATED = ParamValidator::PARAM_DEPRECATED |
const | PARAM_REQUIRED = ParamValidator::PARAM_REQUIRED |
const | PARAM_SUBMODULE_MAP = SubmoduleDef::PARAM_SUBMODULE_MAP |
const | PARAM_SUBMODULE_PARAM_PREFIX = SubmoduleDef::PARAM_SUBMODULE_PARAM_PREFIX |
const | PARAM_ALL = ParamValidator::PARAM_ALL |
const | PARAM_EXTRA_NAMESPACES = NamespaceDef::PARAM_EXTRA_NAMESPACES |
const | PARAM_SENSITIVE = ParamValidator::PARAM_SENSITIVE |
const | PARAM_DEPRECATED_VALUES = EnumDef::PARAM_DEPRECATED_VALUES |
const | PARAM_ISMULTI_LIMIT1 = ParamValidator::PARAM_ISMULTI_LIMIT1 |
const | PARAM_ISMULTI_LIMIT2 = ParamValidator::PARAM_ISMULTI_LIMIT2 |
const | PARAM_MAX_BYTES = StringDef::PARAM_MAX_BYTES |
const | PARAM_MAX_CHARS = StringDef::PARAM_MAX_CHARS |
const | PARAM_HELP_MSG = 'api-param-help-msg' |
(string|array|Message) Specify an alternative i18n documentation message for this parameter. | |
const | PARAM_HELP_MSG_APPEND = 'api-param-help-msg-append' |
((string|array|Message)[]) Specify additional i18n messages to append to the normal message for this parameter. | |
const | PARAM_HELP_MSG_INFO = 'api-param-help-msg-info' |
(array) Specify additional information tags for the parameter. | |
const | PARAM_VALUE_LINKS = 'api-param-value-links' |
Deprecated and unused. | |
const | PARAM_HELP_MSG_PER_VALUE = 'api-param-help-msg-per-value' |
((string|array|Message)[]) When PARAM_TYPE is an array, this is an array mapping those values to $msg for ApiBase::makeMessage(). | |
const | PARAM_TEMPLATE_VARS = 'param-template-vars' |
(array) Indicate that this is a templated parameter, and specify replacements. | |
const | ALL_DEFAULT_STRING = '*' |
(string|array|Message) Specify an alternative i18n documentation message for this parameter. | |
const | LIMIT_BIG1 = 500 |
Fast query, standard limit. | |
const | LIMIT_BIG2 = 5000 |
Fast query, apihighlimits limit. | |
const | LIMIT_SML1 = 50 |
Slow query, standard limit. | |
const | LIMIT_SML2 = 500 |
Slow query, apihighlimits limit. | |
const | GET_VALUES_FOR_HELP = 1 |
getAllowedParams() flag: When set, the result could take longer to generate, but should be more thorough. | |
Protected Member Functions inherited from ApiBase | |
getExamplesMessages () | |
Returns usage examples for this module. | |
getWebUITokenSalt (array $params) | |
Fetch the salt used in the Web UI corresponding to this module. | |
getDB () | |
Gets a default replica DB connection object. | |
getPermissionManager () | |
Obtain a PermissionManager instance that subclasses may use in their authorization checks. | |
getHookContainer () | |
Get a HookContainer, for running extension hooks or for hook metadata. | |
getHookRunner () | |
Get an ApiHookRunner for running core API hooks. | |
getParameter ( $paramName, $parseLimit=true) | |
Get a value for the given parameter. | |
getParameterFromSettings ( $name, $settings, $parseLimit) | |
Using the settings determine the value for the given parameter. | |
useTransactionalTimeLimit () | |
Call wfTransactionalTimeLimit() if this request was POSTed. | |
filterIDs ( $fields, array $ids) | |
Filter out-of-range values from a list of positive integer IDs. | |
dieContinueUsageIf ( $condition) | |
Die with the 'badcontinue' error. | |
getSummaryMessage () | |
Return the summary message. | |
getExtendedDescription () | |
Return the extended help text message. | |
getHelpFlags () | |
Generates the list of flags for the help screen and for action=paraminfo. | |
getModuleSourceInfo () | |
Returns information about the source of this module, if known. | |
Static Protected Member Functions inherited from ApiBase | |
static | dieDebug ( $method, $message) |
Internal code errors should be reported with this method. | |
Api module to receive and log CSP violation reports.
Definition at line 31 of file ApiCSPReport.php.
|
private |
Stop processing the request, and output/log an error.
string | $code | error code |
string | $method | method that made error |
ApiUsageException | Always |
Definition at line 247 of file ApiCSPReport.php.
References ApiBase\dieWithError(), ContextSource\getRequest(), and wfEscapeWikiText().
Referenced by getReport(), and verifyPostBodyOk().
ApiCSPReport::execute | ( | ) |
Logs a content-security-policy violation report from web browser.
Reimplemented from ApiBase.
Definition at line 44 of file ApiCSPReport.php.
References generateLogLine(), getFlags(), ApiBase\getModuleName(), ApiBase\getParameter(), getReport(), ContextSource\getRequest(), ApiBase\getResult(), ContextSource\getUser(), logReport(), and verifyPostBodyOk().
|
private |
Get text of log line.
array | $flags | of additional markers for this report |
array | $report | the csp report |
Definition at line 208 of file ApiCSPReport.php.
References $line, and originFromUrl().
Referenced by execute().
ApiCSPReport::getAllowedParams | ( | ) |
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (array with PARAM_* constants as keys) Don't call this function directly: use getFinalParams() to allow hooks to modify parameters as needed.
Some derived classes may choose to handle an integer $flags parameter in the overriding methods. Callers of this method can pass zero or more OR-ed flags like GET_VALUES_FOR_HELP.
Reimplemented from ApiBase.
Definition at line 258 of file ApiCSPReport.php.
References ApiBase\PARAM_DFLT, ApiBase\PARAM_REQUIRED, and ApiBase\PARAM_TYPE.
|
private |
Get extra notes about the report.
array | $report | The CSP report |
string | $userAgent |
Definition at line 89 of file ApiCSPReport.php.
References $source, ContentSecurityPolicy\falsePositiveBrowser(), ContextSource\getConfig(), ApiBase\getParameter(), and matchUrlPattern().
Referenced by execute().
|
private |
Get the report from post body and turn into associative array.
Definition at line 178 of file ApiCSPReport.php.
References error(), and ContextSource\getRequest().
Referenced by execute().
ApiCSPReport::isInternal | ( | ) |
Mark as internal.
This isn't meant to be used by normal api users
Reimplemented from ApiBase.
Definition at line 280 of file ApiCSPReport.php.
ApiCSPReport::isReadMode | ( | ) |
Even if you don't have read rights, we still want your report.
Reimplemented from ApiBase.
Definition at line 288 of file ApiCSPReport.php.
|
private |
Log CSP report, with a different severity depending on $flags.
array | $flags | Flags for this report |
string | $logLine | text of log entry |
array | $context | logging context |
Definition at line 72 of file ApiCSPReport.php.
References ContextSource\$context.
Referenced by execute().
|
private |
string | $url | |
string[] | $patterns |
Definition at line 129 of file ApiCSPReport.php.
References wfAssembleUrl(), and wfParseUrl().
Referenced by getFlags().
ApiCSPReport::mustBePosted | ( | ) |
Indicates whether this module must be called with a POST request.
Reimplemented from ApiBase.
Definition at line 272 of file ApiCSPReport.php.
|
private |
string | $url |
Definition at line 231 of file ApiCSPReport.php.
References wfAssembleUrl(), and wfParseUrl().
Referenced by generateLogLine().
ApiCSPReport::shouldCheckMaxLag | ( | ) |
Doesn't touch db, so max lag should be rather irrelavent.
Also, this makes sure that reports aren't lost during lag events.
Definition at line 298 of file ApiCSPReport.php.
|
private |
Output an api error if post body is obviously not OK.
Definition at line 160 of file ApiCSPReport.php.
References error(), and ContextSource\getRequest().
Referenced by execute().
|
private |
Definition at line 34 of file ApiCSPReport.php.
|
private |
These reports should be small.
Ignore super big reports out of paranoia
Definition at line 39 of file ApiCSPReport.php.