CSPLens is a developer-focused tool for analyzing, understanding, and improving Content Security Policies.
PROTECT YOUR SITE FROM XSS AND INJECTIONS!!!!!
Same things as last devlog,
added report exporting feature that supports JSON and markdown, look at the previous devlog for more details
CSPLens is a tool I built to analyze and understand Content Security Policies. It parses CSP headers, evaluates directives and sources, highlights misconfigurations, and maps them to real attack surfaces like XSS, data exfiltration, clickjacking, etc :3
While building it, I learned a lot about real-world CSP stuff (somehow bad-looking CSP is still OK in some specific cases, need to work on my analyser more lol), parser edge cases, and how to turn (a bit) low-level security rules into something developers can actually read and reason about. The project focuses on reason and recommendation over “this bad, that bad”, showing why a policy is risky, not just that it is. :3
This is MVP, more updates coming soon when i feel like it :)
Added attack surface, improved types to include attack class, improved parser to remove header name and work around invalid directives, added bunch of more directives in rule table
MPV is ready.
Log in to leave a comment
Major style changes, improved badges, changed directive item style a bit, added missing directives list in overview, added a small help component, removed unique sources for now (will be added in future), made a banner for this and also made the README file
Log in to leave a comment
A lot of stuff:
Log in to leave a comment
Policy breakdown and overview
Log in to leave a comment
started analysis work, it can evaluate sources right now
Log in to leave a comment
Well done thats really creative
started the UI work, may not look the best but UI is not my top priority right now :3
Log in to leave a comment
