salvation

This is a general purpose library for working with Content Security Policy policies.

parse CSP policies into an easy-to-use representation
ask questions about what a CSP policy allows or restricts
warn about nonsensical CSP policies and deprecated or nonstandard features
safely create, manipulate, and merge CSP policies
render and optimise CSP policies

Install

mvn install

Create a Policy

Parse a policy using one of the Parser.parse static methods. An Origin or String may be given as the origin. The third parameter, if given, will be populated with warnings.

List<Warning> warnings = new ArrayList();
Origin origin = URI.parse("http://example.com");
String policyText = "...";
Policy p = Parser.parse(policyText, origin, warnings);

To include location information, use ParserWithLocation.parse in place of Parser.parse.

A policy may also be created using the Policy constructor and populated using the addDirective method.

Origin origin = URI.parse("http://example.com");
Policy p = new Policy(origin);
Set<SourceExpression> scriptSourceValues = new HashSet<>();
scriptSourceValues.add(new None());
p.addDirective(new ScriptSrcDirective(scriptSourceValues));

Query a Policy

Policy p = Parser.parse("script-src a; default-src b", "http://example.com");
p.allowsScriptFromSource(Uri.parse("a")); // true
p.allowsScriptFromSource(Uri.parse("b")); // false
p.allowsStyleFromSource(Uri.parse("b")); // true

About

Parse Content Security Policy headers, warn about policy errors, safely manipulate, render, and optimise policies

http://cspvalidator.org

Languages

Language:Java 100.0%