Shipped this project!
Same things as last devlog,
added report exporting feature that supports JSON and markdown, look at the previous devlog for more details
Activity
Shipped this project!
CSPLens is a tool I built to analyze and understand Content Security Policies. It parses CSP headers, evaluates directives and sources, highlights misconfigurations, and maps them to real attack surfaces like XSS, data exfiltration, clickjacking, etc :3
While building it, I learned a lot about real-world CSP stuff (somehow bad-looking CSP is still OK in some specific cases, need to work on my analyser more lol), parser edge cases, and how to turn (a bit) low-level security rules into something developers can actually read and reason about. The project focuses on reason and recommendation over “this bad, that bad”, showing why a policy is risky, not just that it is. :3
This is MVP, more updates coming soon when i feel like it :)
Added attack surface, improved types to include attack class, improved parser to remove header name and work around invalid directives, added bunch of more directives in rule table
MPV is ready.
0
Log in to leave a comment
Major style changes, improved badges, changed directive item style a bit, added missing directives list in overview, added a small help component, removed unique sources for now (will be added in future), made a banner for this and also made the README file
0
Log in to leave a comment
A lot of stuff:
- Replaced that boring stats with policy grade
- Added a better tooltip with reason, fix recommendation, and reference
- Updated parser logic
0
Log in to leave a comment
Policy breakdown and overview
0
Log in to leave a comment
started analysis work, it can evaluate sources right now
1
Log in to leave a comment
Comments
Well done thats really creative
started the UI work, may not look the best but UI is not my top priority right now :3
0
Log in to leave a comment