From fde5f3e53672200ec3641f69643066ff389af7a7 Mon Sep 17 00:00:00 2001 From: ctflearner <98345027+ctflearner@users.noreply.github.com> Date: Wed, 18 Dec 2024 23:01:03 +0530 Subject: [PATCH] Create DetectCSPReportOnlyHeader.bambda This script checks if the HTTP response contains the "Content-Security-Policy-Report-Only" header, which is used for monitoring CSP violations without enforcing restrictions. --- .../HTTP/DetectCSPReportOnlyHeader.bambda | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 Filter/Proxy/HTTP/DetectCSPReportOnlyHeader.bambda diff --git a/Filter/Proxy/HTTP/DetectCSPReportOnlyHeader.bambda b/Filter/Proxy/HTTP/DetectCSPReportOnlyHeader.bambda new file mode 100644 index 0000000..8c60e2a --- /dev/null +++ b/Filter/Proxy/HTTP/DetectCSPReportOnlyHeader.bambda @@ -0,0 +1,25 @@ +/** + * Bambda Script to Detect "Content-Security-Policy-Report-Only (CSP-RO)" Header in HTTP Response + * @author ctflearner + * This script checks if the HTTP response contains the "Content-Security-Policy-Report-Only" header, + * which is used for monitoring CSP violations without enforcing restrictions. + * Additionally, it verifies if the header specifies a "report-uri" directive, + * indicating where CSP violation reports are sent. + * The script ensures there is a response and scans the headers for these conditions. + **/ + + + +return requestResponse.hasResponse() && ( + // Check for Content-Security-Policy-Report-Only header + requestResponse.response().headers().stream() + .anyMatch(header -> + header.name().equalsIgnoreCase("Content-Security-Policy-Report-Only") + ) && + // Optional: Check if report-uri is specified + requestResponse.response().headers().stream() + .anyMatch(header -> + header.name().equalsIgnoreCase("Content-Security-Policy-Report-Only") && + header.value().toLowerCase().contains("report-uri") + ) +);