Merge pull request #1 from RobDWaller/0.1.0-beta

0.1.0 beta

Author: RobDWaller

.github/workflows/build-test.yml

@@ -0,0 +1,27 @@
+name: Build and Test Project
+
+on: [push]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Build, Test, Analyse
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+      - run: rustup component add clippy
+      - run: rustup component add rustfmt
+      - run: cargo build
+      - run: cargo test
+      - run: cargo fmt -- --check
+      - run: cargo clippy --all-targets --all-features -- -D warnings
+      - name: Code Coverage
+        uses: actions-rs/tarpaulin@v0.1
+        with: 
+          args: '-v'
+      - name: Codecov.io
+        uses: codecov/codecov-action@v1.0.2
+        with:
+          token: ${{secrets.CODECOV_TOKEN}}

.github/workflows/crates-publish.yml

@@ -0,0 +1,18 @@
+name: Publish to Crates.io
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Build and Publish
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+      - run: cargo build
+      - run: cargo login${{secrets.CRATES_TOKEN}}
+      - run: cargo publish

Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "csp_generator"
 description = "Consume a JSON formatted list of domains and CSP directives and output a correctly formatted Content Security Policy string."
-version = "0.1.0-alpha"
+version = "0.1.0-beta"
 authors = ["Rob Waller <rdwaller1984@gmail.com>"]
 edition = "2018"
 keywords = ["csp", "json", "content-security", "csp-generator", "security"]

src/config.rs

@@ -12,7 +12,27 @@ impl GetDirectives for Directives {
 
 pub fn get_directives() -> Directives {
     Directives {
-        list: vec![String::from("script-src"), String::from("connect-src")],
+        list: vec![
+            String::from("default-src"),
+            String::from("script-src"),
+            String::from("style-src"),
+            String::from("img-src"),
+            String::from("connect-src"),
+            String::from("font-src"),
+            String::from("object-src"),
+            String::from("media-src"),
+            String::from("frame-src"),
+            String::from("sandbox"),
+            String::from("report-uri"),
+            String::from("child-src"),
+            String::from("form-action"),
+            String::from("frame-ancestors"),
+            String::from("plugin-types"),
+            String::from("report-to"),
+            String::from("worker-src"),
+            String::from("manifest-src"),
+            String::from("navigate-to"),
+        ],
     }
 }
 
@@ -24,6 +44,8 @@ mod config_test {
     fn test_get_directives() {
         let config: super::Directives = super::get_directives();
 
-        assert_eq!(config.get_directives()[0], String::from("script-src"));
+        assert_eq!(config.get_directives()[0], String::from("default-src"));
+        assert_eq!(config.get_directives()[9], String::from("sandbox"));
+        assert_eq!(config.get_directives()[18], String::from("navigate-to"));
     }
 }

src/directives.rs

@@ -6,17 +6,23 @@ use std::thread;
 use std::thread::JoinHandle;
 
 fn build_line(directive: String, domains: domains::Collection) -> String {
-    let mut directive_line: String = directive.to_string();
-    directive_line.push_str(":");
+    let mut directive_line: String = directive.clone();
+    let mut directive_check: String = directive.clone();
+    directive_check.push_str("; ");
 
     for domain in domains.domains {
-        if domain.directive.contains(&directive.to_string()) {
+        if domain.directive.contains(&directive) {
             directive_line.push_str(" ");
             directive_line.push_str(domain.domain.as_str());
         }
     }
 
     directive_line.push_str("; ");
+
+    if directive_line == directive_check {
+        return String::from("");
+    }
+
     directive_line
 }
 
@@ -28,7 +34,7 @@ fn build_lines(directives: Vec<String>, domains: domains::Collection) -> Vec<Joi
     let mut threads: Vec<JoinHandle<String>> = vec![];
 
     for directive in directives {
-        threads.push(self::create_thread(directive.to_string(), domains.clone()));
+        threads.push(self::create_thread(directive, domains.clone()));
     }
 
     threads
@@ -78,7 +84,28 @@ mod directives_test {
 
         let connect_src: String = super::build_line(String::from("connect-src"), json);
 
-        assert_eq!(connect_src, String::from("connect-src: *.example.com; "));
+        assert_eq!(connect_src, String::from("connect-src *.example.com; "));
+    }
+
+    #[test]
+    fn test_build_line_no_directive() {
+        let directives: Vec<String> = vec![String::from("connect-src"), String::from("script-src")];
+
+        let item = domains::Item {
+            domain: String::from("*.example.com"),
+            directive: directives,
+        };
+
+        let mut domain_list: Vec<domains::Item> = Vec::new();
+        domain_list.push(item);
+
+        let json = domains::Collection {
+            domains: domain_list,
+        };
+
+        let default_src: String = super::build_line(String::from("default-src"), json);
+
+        assert_eq!(default_src, String::from(""));
     }
 
     #[test]
@@ -96,7 +123,7 @@ mod directives_test {
 
         assert_eq!(
             csp.unwrap(),
-            String::from("script-src: test.com; connect-src: example.com test.com;")
+            String::from("script-src test.com; connect-src example.com test.com;")
         );
     }
 }

src/lib.rs

@@ -17,7 +17,7 @@ pub fn enforce(directives: impl GetDirectives, json: &str) -> String {
 
     match result {
         Ok(result) => {
-            let mut directive: String = String::from("content-security-policy ");
+            let mut directive: String = String::from("Content-Security-Policy ");
             directive.push_str(result.as_str());
             directive
         }
@@ -30,7 +30,7 @@ pub fn report_only(directives: impl GetDirectives, json: &str) -> String {
 
     match result {
         Ok(result) => {
-            let mut directive: String = String::from("content-security-policy-report-only ");
+            let mut directive: String = String::from("Content-Security-Policy-Report-Only ");
             directive.push_str(result.as_str());
             directive
         }

tests/csp_generator_test.rs

@@ -19,7 +19,7 @@ mod csp_generator_test {
         assert_eq!(
             csp,
             String::from(
-                "content-security-policy script-src: test.com; connect-src: example.com test.com;"
+                "Content-Security-Policy script-src test.com; connect-src example.com test.com;"
             )
         );
     }
@@ -63,7 +63,7 @@ mod csp_generator_test {
         assert_eq!(
             csp,
             String::from(
-                "content-security-policy-report-only script-src: test.com; connect-src: example.com test.com;"
+                "Content-Security-Policy-Report-Only script-src test.com; connect-src example.com test.com;"
             )
         );
     }