bn4t
/
csp-handler
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 1 Wiki Activity
A simple application to send CSP violation reports to an email address
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21 Commits
1 Branch
4.5 MiB
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
csp-handler/mail.go

58 lines
2.2 KiB
Raw Permalink Blame History 

  1. /*

  2.  *     Copyright (C) 2019  bn4t

  3.  *

  4.  *     This program is free software: you can redistribute it and/or modify

  5.  *     it under the terms of the GNU General Public License as published by

  6.  *     the Free Software Foundation, either version 3 of the License, or

  7.  *     (at your option) any later version.

  8.  *

  9.  *     This program is distributed in the hope that it will be useful,

  10.  *     but WITHOUT ANY WARRANTY; without even the implied warranty of

  11.  *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  12.  *     GNU General Public License for more details.

  13.  *

  14.  *     You should have received a copy of the GNU General Public License

  15.  *     along with this program.  If not, see <https://www.gnu.org/licenses/>.

  16.  */

  17. 

  18. package main

  19. 

  20. import (

  21. 	"fmt"

  22. 	"log"

  23. 	"net"

  24. 	"net/mail"

  25. 	"net/smtp"

  26. 	"time"

  27. )

  28. 

  29. // sendCSPMail sends a CSP violation email to the in the config specified receiver

  30. func sendCSPMail(domain string, documentUri string, referrer string, violatedDirective string, originalPolicy string, blockedUri string) error {

  31. 	from := mail.Address{Name: "CSP-Handler", Address: Config.SenderEmail}

  32. 	body := "A CSP violation occurred for " + domain + " at " + documentUri + "\n\n**Additional info:** \nReferrer: " + referrer + "\nViolated directive: " + violatedDirective +

  33. 		"\nOriginal policy: " + originalPolicy + "\nBlocked URI: " + blockedUri + "\n\nThis violation happened at " + time.Now().UTC().Format(time.RFC1123Z) + "."

  34. 	host, _, _ := net.SplitHostPort(Config.SmtpAddress)

  35. 	auth := smtp.PlainAuth("", Config.SmtpUsername, Config.SmtpPassword, host)

  36. 

  37. 	// Setup headers

  38. 	headers := make(map[string]string)

  39. 	headers["From"] = from.String()

  40. 	headers["To"] = Config.ReceiverEmail

  41. 	headers["Subject"] = "CSP violation report for " + domain

  42. 	headers["MIME-Version"] = "1.0"

  43. 	headers["Content-Type"] = "text/plain; charset=\"utf-8\""

  44. 

  45. 	// Setup message

  46. 	var msg string

  47. 	for k, v := range headers {

  48. 		msg += fmt.Sprintf("%s: %s\r\n", k, v)

  49. 	}

  50. 	msg += "\r\n\r\n" + body

  51. 	err := smtp.SendMail(Config.SmtpAddress, auth, Config.SenderEmail, []string{Config.ReceiverEmail}, []byte(msg))

  52. 	if err != nil {

  53. 		log.Print("An error occurred while sending a csp violation mail:")

  54. 		log.Print(err)

  55. 	}

  56. 	return err

  57. }