CSPLens - Analyser & Policy builder banner

CSPLens - Analyser & Policy builder

Created by: Pratik
11 devlogs
34h 56m 30s

CSPLens is a developer-focused tool for analyzing, understanding, and improving Content Security Policies.
PROTECT YOUR SITE FROM XSS AND INJECTIONS!!!!!

This project uses AI

Used chatgpt for UI help as I am not that creative with frontend

Demo Repository

README

Loading README...
Pratik
Pratik worked on CSPLens - Analyser & Policy builder
15 days ago
0h 30m logged

cleaned up the code a little bit, no other changes

i am trying to ship again because of a payout problem

Attachment
0
Pratik
Pratik shipped CSPLens - Analyser & Policy builder
22 days ago

Shipped this project!

Hours: 34.36
Cookies: 🍪 0
Multiplier: 14.71 cookies/hr

Big Update - CSP Builder + Analyser Improvements

Added a complete CSP Policy Builder integrated with the existing analyser

Builder features:

  • Real time security analysis (live flags, missing directives, scoring)
  • Import and edit existing CSP headers
  • Report-Only mode toggle
  • Directive search and filtering
  • Quick-add buttons for common sources
  • Added boolean directives:
    • upgrade-insecure-requests
    • block-all-mixed-content

Presets: Strict, Balanced, Legacy, API Only

Analyser updates:

  • Support for upgrade-insecure-requests and block-all-mixed-content
  • Improved scoring system with both penalties and bonuses, including reasons and stuff
  • Added recommendation system
  • UI changes and better input UI (just added a button there tbh)
Pratik
Pratik worked on CSPLens - Analyser & Policy builder
23 days ago
2h 54m logged

Analyser update 33

  • added the two boolean directives (upgrade-insecure-requests and block-all-mixed-content)
  • better scoring system! last one only punished but this once has bonuses and reason of penalty/bonus
  • recommendation system, it recommends stuff, duh
  • UI changes, using more icons now and changed input method part too

code not the best alibaba-heartbreak , my finals going on, so i will refactor the code after march.

Attachment
Attachment
0
Pratik
Pratik worked on CSPLens - Analyser & Policy builder
26 days ago
5h 46m logged

Big Update - Added Policy Builder

Built a complete CSP Policy Builder, integrated with existing analysis capabilities

Features (in builder only)

  • 2 new boolean directives (upgrade-insecure-requests, block-all-mixed-content)
  • Real time security analysis (red flags, missing directives, scoring)
  • Import existing CSP to edit
  • Report-Only mode toggle
  • Search/filter directives
  • Quick add buttons for common sources
  • 4 Presets for quick building

Presets

  • Strict - Maximum security (‘none’ fallbacks)
  • Balanced - Security + compatibility (‘self’ + ‘unsafe-inline’)
  • Legacy - Older browser support (wildcards, dangerous!)
  • API Only - For API endpoints (‘none’ everywhere)

some changes are yet to be made in analyser like the boolean directives

Git Changelogs

thanks FT Utils

Attachment
Attachment
0
Pratik
Pratik worked on CSPLens - Analyser & Policy builder
29 days ago
2h 19m logged

Started working on policy builder after long
just UI right now but the hook is also in development, it uses the same functions from analyser to follow single source of truth principal

Attachment
0
Pratik
Pratik shipped CSPLens - Analyser & Policy builder
about 2 months ago

Shipped this project!

Hours: 3.93
Cookies: 🍪 30
Multiplier: 7.58 cookies/hr

Same things as last devlog,
added report exporting feature that supports JSON and markdown, look at the previous devlog for more details

Pratik
Pratik worked on CSPLens - Analyser & Policy builder
about 2 months ago
3h 55m logged

Exporting analysis report - added!

Formats supported:

  • JSON
  • Markdown
    pdf coming soon!

now you can save the reports locally and show in meetings if you are employed

  • added a little loading skeleton in analysis
    33
Attachment
Attachment
Attachment
0
Pratik
Pratik shipped CSPLens - Analyser & Policy builder
2 months ago

Shipped this project!

Hours: 19.46
Cookies: 🍪 486
Multiplier: 24.95 cookies/hr

CSPLens is a tool I built to analyze and understand Content Security Policies. It parses CSP headers, evaluates directives and sources, highlights misconfigurations, and maps them to real attack surfaces like XSS, data exfiltration, clickjacking, etc :3

While building it, I learned a lot about real-world CSP stuff (somehow bad-looking CSP is still OK in some specific cases, need to work on my analyser more lol), parser edge cases, and how to turn (a bit) low-level security rules into something developers can actually read and reason about. The project focuses on reason and recommendation over “this bad, that bad”, showing why a policy is risky, not just that it is. :3

This is MVP, more updates coming soon when i feel like it :)

Pratik
Pratik worked on CSPLens - Analyser & Policy builder
2 months ago
2h 58m logged

Added attack surface, improved types to include attack class, improved parser to remove header name and work around invalid directives, added bunch of more directives in rule table

MPV is ready.

Attachment
0
Pratik
Pratik worked on CSPLens - Analyser & Policy builder
3 months ago
3h 22m logged

Major style changes, improved badges, changed directive item style a bit, added missing directives list in overview, added a small help component, removed unique sources for now (will be added in future), made a banner for this and also made the README file

Attachment
0
Pratik
Pratik worked on CSPLens - Analyser & Policy builder
3 months ago
3h 37m logged

A lot of stuff:

  • Replaced that boring stats with policy grade
  • Added a better tooltip with reason, fix recommendation, and reference
  • Updated parser logic
Attachment
Attachment
0