From 62bc500c242067dd88c24a28819ac93352a4e2c2 Mon Sep 17 00:00:00 2001 From: Tim van der Lippe Date: Mon, 14 Apr 2025 13:15:29 +0200 Subject: [PATCH 1/2] Fix effective directive for inline checks A directive can imply other directives. For example, the `script-src` implies the `script-src-elem` directive. Rather than returning the `script-src` as violated directive, we need to return `script-src-elem`. --- src/lib.rs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/lib.rs b/src/lib.rs index 2956572..69982ed 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -295,7 +295,10 @@ impl CspList { let report_sample = directive.value.iter().any(|t| &t[..] == "'report-sample'"); let violation = Violation { resource: ViolationResource::Inline{ report_sample }, - directive: directive.clone(), + directive: Directive { + name: get_the_effective_directive_for_inline_checks(type_).to_owned(), + value: directive.value.clone(), + }, }; violations.push(violation); if policy.disposition == PolicyDisposition::Enforce { From ccd42e20625cc8d9c27646972d987a137c5ee3dd Mon Sep 17 00:00:00 2001 From: Tim van der Lippe Date: Tue, 15 Apr 2025 18:39:58 +0200 Subject: [PATCH 2/2] Make URL serializable with `serde` --- Cargo.lock | 1 + Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Cargo.lock b/Cargo.lock index f93e7a9..5d63819 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -515,6 +515,7 @@ dependencies = [ "form_urlencoded", "idna", "percent-encoding", + "serde", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 190849c..35d94b3 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -30,4 +30,4 @@ base64 = "0.22" once_cell = "1.9" [features] -serde = ["dep:serde", "bitflags/serde"] +serde = ["dep:serde", "bitflags/serde", "url/serde"]