MediaWiki  master
ApiCSPReport Class Reference

Api module to receive and log CSP violation reports. More...

Inheritance diagram for ApiCSPReport:
Collaboration diagram for ApiCSPReport:

Public Member Functions

 execute ()
 Logs a content-security-policy violation report from web browser. More...
 
 getAllowedParams ()
 
 isInternal ()
 Mark as internal. More...
 
 isReadMode ()
 Even if you don't have read rights, we still want your report. More...
 
 isWriteMode ()
 
 mustBePosted ()
 
 shouldCheckMaxLag ()
 Doesn't touch db, so max lag should be rather irrelavent. More...
 
- Public Member Functions inherited from ApiBase
 __construct (ApiMain $mainModule, $moduleName, $modulePrefix= '')
 
 execute ()
 Evaluates the parameters, performs the requested query, and sets up the result. More...
 
 getModuleManager ()
 Get the module manager, or null if this module has no sub-modules. More...
 
 getCustomPrinter ()
 If the module may only be used with a certain format module, it should override this method to return an instance of that formatter. More...
 
 getHelpUrls ()
 Return links to more detailed help pages about the module. More...
 
 shouldCheckMaxlag ()
 Indicates if this module needs maxlag to be checked. More...
 
 isReadMode ()
 Indicates whether this module requires read rights. More...
 
 isWriteMode ()
 Indicates whether this module requires write mode. More...
 
 mustBePosted ()
 Indicates whether this module must be called with a POST request. More...
 
 isDeprecated ()
 Indicates whether this module is deprecated. More...
 
 isInternal ()
 Indicates whether this module is "internal" Internal API modules are not (yet) intended for 3rd party use and may be unstable. More...
 
 needsToken ()
 Returns the token type this module requires in order to execute. More...
 
 getConditionalRequestData ($condition)
 Returns data for HTTP conditional request mechanisms. More...
 
 getModuleName ()
 Get the name of the module being executed by this instance. More...
 
 getModulePrefix ()
 Get parameter prefix (usually two letters or an empty string). More...
 
 getMain ()
 Get the main module. More...
 
 isMain ()
 Returns true if this module is the main module ($this === $this->mMainModule), false otherwise. More...
 
 getParent ()
 Get the parent of this module. More...
 
 lacksSameOriginSecurity ()
 Returns true if the current request breaks the same-origin policy. More...
 
 getModulePath ()
 Get the path to this module. More...
 
 getModuleFromPath ($path)
 Get a module from its module path. More...
 
 getResult ()
 Get the result object. More...
 
 getErrorFormatter ()
 Get the error formatter. More...
 
 getContinuationManager ()
 Get the continuation manager. More...
 
 setContinuationManager ($manager)
 Set the continuation manager. More...
 
 dynamicParameterDocumentation ()
 Indicate if the module supports dynamically-determined parameters that cannot be included in self::getAllowedParams(). More...
 
 encodeParamName ($paramName)
 This method mangles parameter name based on the prefix supplied to the constructor. More...
 
 extractRequestParams ($parseLimit=true)
 Using getAllowedParams(), this function makes an array of the values provided by the user, with key being the name of the variable, and value - validated value from user or default. More...
 
 requireOnlyOneParameter ($params, $required)
 Die if none or more than one of a certain set of parameters is set and not false. More...
 
 requireMaxOneParameter ($params, $required)
 Die if more than one of a certain set of parameters is set and not false. More...
 
 requireAtLeastOneParameter ($params, $required)
 Die if none of a certain set of parameters is set and not false. More...
 
 getTitleOrPageId ($params, $load=false)
 Get a WikiPage object from a title or pageid param, if possible. More...
 
 validateToken ($token, array $params)
 Validate the supplied token. More...
 
 getWatchlistUser ($params)
 Gets the user for whom to get the watchlist. More...
 
 setWarning ($warning)
 Set warning section for this module. More...
 
 dieUsage ($description, $errorCode, $httpRespCode=0, $extradata=null)
 Throw a UsageException, which will (if uncaught) call the main module's error handler and die with an error message. More...
 
 dieBlocked (Block $block)
 Throw a UsageException, which will (if uncaught) call the main module's error handler and die with an error message including block info. More...
 
 getErrorFromStatus ($status, &$extraData=null)
 Get error (as code, string) from a Status object. More...
 
 dieStatus ($status)
 Throw a UsageException based on the errors in the Status object. More...
 
static dieReadOnly ()
 Helper function for readonly errors. More...
 
 dieUsageMsg ($error)
 Output the error message related to a certain array. More...
 
 dieUsageMsgOrDebug ($error)
 Will only set a warning instead of failing if the global $wgDebugAPI is set to true. More...
 
 parseMsg ($error)
 Return the error message related to a certain array. More...
 
 getFinalDescription ()
 Get final module description, after hooks have had a chance to tweak it as needed. More...
 
 getFinalParams ($flags=0)
 Get final list of parameters, after hooks have had a chance to tweak it as needed. More...
 
 getFinalParamDescription ()
 Get final parameter descriptions, after hooks have had a chance to tweak it as needed. More...
 
 modifyHelp (array &$help, array $options, array &$tocData)
 Called from ApiHelp before the pieces are joined together and returned. More...
 
 makeHelpMsg ()
 Generates help message for this module, or false if there is no description. More...
 
 makeHelpMsgParameters ()
 Generates the parameter descriptions for this module, to be displayed in the module's help. More...
 
 getModuleProfileName ($db=false)
 
 profileIn ()
 
 profileOut ()
 
 safeProfileOut ()
 
 getProfileTime ()
 
 profileDBIn ()
 
 profileDBOut ()
 
 getProfileDBTime ()
 
 getResultData ()
 Get the result data array (read-only) More...
 
- Public Member Functions inherited from ContextSource
 canUseWikiPage ()
 Check whether a WikiPage object can be get with getWikiPage(). More...
 
 exportSession ()
 Export the resolved user IP, HTTP headers, user ID, and session ID. More...
 
 getConfig ()
 Get the Config object. More...
 
 getContext ()
 Get the base IContextSource object. More...
 
 getLanguage ()
 Get the Language object. More...
 
 getOutput ()
 Get the OutputPage object. More...
 
 getRequest ()
 Get the WebRequest object. More...
 
 getSkin ()
 Get the Skin object. More...
 
 getStats ()
 Get the Stats object. More...
 
 getTiming ()
 Get the Timing object. More...
 
 getTitle ()
 Get the Title object. More...
 
 getUser ()
 Get the User object. More...
 
 getWikiPage ()
 Get the WikiPage object. More...
 
 msg ()
 Get a Message object with context set Parameters are the same as wfMessage() More...
 
 setContext (IContextSource $context)
 Set the IContextSource object. More...
 

Public Attributes

const MAX_POST_SIZE = 8192
 These reports should be small. More...
 
- Public Attributes inherited from ApiBase
string $mModulePrefix
 
const GET_VALUES_FOR_HELP = 1
 getAllowedParams() flag: When set, the result could take longer to generate, but should be more thorough. More...
 
const LIMIT_BIG1 = 500
 Fast query, standard limit. More...
 
const LIMIT_BIG2 = 5000
 Fast query, apihighlimits limit. More...
 
const LIMIT_SML1 = 50
 Slow query, standard limit. More...
 
const LIMIT_SML2 = 500
 Slow query, apihighlimits limit. More...
 
const PARAM_DFLT = 0
 (null|boolean|integer|string) Default value of the parameter. More...
 
const PARAM_ISMULTI = 1
 (boolean) Accept multiple pipe-separated values for this parameter (e.g. More...
 
const PARAM_TYPE = 2
 (string|string[]) Either an array of allowed value strings, or a string type as described below. More...
 
const PARAM_MAX = 3
 (integer) Max value allowed for the parameter, for PARAM_TYPE 'integer' and 'limit'. More...
 
const PARAM_MAX2 = 4
 (integer) Max value allowed for the parameter for users with the apihighlimits right, for PARAM_TYPE 'limit'. More...
 
const PARAM_MIN = 5
 (integer) Lowest value allowed for the parameter, for PARAM_TYPE 'integer' and 'limit'. More...
 
const PARAM_ALLOW_DUPLICATES = 6
 (boolean) Allow the same value to be set more than once when PARAM_ISMULTI is true? More...
 
const PARAM_DEPRECATED = 7
 (boolean) Is the parameter deprecated (will show a warning)? More...
 
const PARAM_REQUIRED = 8
 (boolean) Is the parameter required? More...
 
const PARAM_RANGE_ENFORCE = 9
 (boolean) For PARAM_TYPE 'integer', enforce PARAM_MIN and PARAM_MAX? More...
 
const PARAM_HELP_MSG = 10
 (string|array|Message) Specify an alternative i18n documentation message for this parameter. More...
 
const PARAM_HELP_MSG_APPEND = 11
 ((string|array|Message)[]) Specify additional i18n messages to append to the normal message for this parameter. More...
 
const PARAM_HELP_MSG_INFO = 12
 (array) Specify additional information tags for the parameter. More...
 
const PARAM_VALUE_LINKS = 13
 (string[]) When PARAM_TYPE is an array, this may be an array mapping those values to page titles which will be linked in the help. More...
 
const PARAM_HELP_MSG_PER_VALUE = 14
 ((string|array|Message)[]) When PARAM_TYPE is an array, this is an array mapping those values to $msg for ApiBase::makeMessage(). More...
 
const PARAM_SUBMODULE_MAP = 15
 (string[]) When PARAM_TYPE is 'submodule', map parameter values to submodule paths. More...
 
const PARAM_SUBMODULE_PARAM_PREFIX = 16
 (string) When PARAM_TYPE is 'submodule', used to indicate the 'g' prefix added by ApiQueryGeneratorBase (and similar if anything else ever does that). More...
 

Private Member Functions

 error ($code, $method)
 Stop processing the request, and output/log an error. More...
 
 generateLogLine ($flags, $report)
 Get text of log line. More...
 
 getFlags ($report)
 Get extra notes about the report. More...
 
 getReport ()
 Get the report from post body and turn into associative array. More...
 
 logReport ($flags, $logLine, $context)
 Log CSP report, with a different severity depending on $flags. More...
 
 verifyPostBodyOk ()
 Output an api error if post body is obviously not OK. More...
 

Private Attributes

 $log
 

Detailed Description

Api module to receive and log CSP violation reports.

Definition at line 30 of file ApiCSPReport.php.

Member Function Documentation

ApiCSPReport::error (   $code,
  $method 
)
private

Stop processing the request, and output/log an error.

Parameters
$codeString error code
$methodString method that made error
Exceptions
UsageExceptionAlways

Definition at line 171 of file ApiCSPReport.php.

References $code, ApiBase\dieUsage(), and ContextSource\getRequest().

Referenced by getReport(), and verifyPostBodyOk().

ApiCSPReport::execute ( )
ApiCSPReport::generateLogLine (   $flags,
  $report 
)
private

Get text of log line.

Parameters
$flagsArray of additional markers for this report
$reportArray the csp report
Returns
String Text to put in log

Definition at line 149 of file ApiCSPReport.php.

References $flags, $line, and $page.

Referenced by execute().

ApiCSPReport::getAllowedParams ( )
ApiCSPReport::getFlags (   $report)
private

Get extra notes about the report.

Parameters
$reportArray The CSP report
Returns
Array

Definition at line 86 of file ApiCSPReport.php.

References $flags, $source, ApiBase\getParameter(), and ContextSource\getRequest().

Referenced by execute().

ApiCSPReport::getReport ( )
private

Get the report from post body and turn into associative array.

Returns
Array

Definition at line 122 of file ApiCSPReport.php.

References $code, $status, error(), FormatJson\FORCE_ASSOC, ApiBase\getErrorFromStatus(), ContextSource\getRequest(), list, and FormatJson\parse().

Referenced by execute().

ApiCSPReport::isInternal ( )

Mark as internal.

This isn't meant to be used by normal api users

Definition at line 205 of file ApiCSPReport.php.

ApiCSPReport::isReadMode ( )

Even if you don't have read rights, we still want your report.

Definition at line 212 of file ApiCSPReport.php.

ApiCSPReport::isWriteMode ( )

Definition at line 198 of file ApiCSPReport.php.

ApiCSPReport::logReport (   $flags,
  $logLine,
  $context 
)
private

Log CSP report, with a different severity depending on $flags.

Parameters
$flagsArray Flags for this report
$logLineString text of log entry
$contextArray logging context

Definition at line 70 of file ApiCSPReport.php.

References ContextSource\$context, and $flags.

Referenced by execute().

ApiCSPReport::mustBePosted ( )

Definition at line 194 of file ApiCSPReport.php.

ApiCSPReport::shouldCheckMaxLag ( )

Doesn't touch db, so max lag should be rather irrelavent.

Also, this makes sure that reports aren't lost during lag events.

Definition at line 221 of file ApiCSPReport.php.

ApiCSPReport::verifyPostBodyOk ( )
private

Output an api error if post body is obviously not OK.

Definition at line 104 of file ApiCSPReport.php.

References $req, error(), and ContextSource\getRequest().

Referenced by execute().

Member Data Documentation

ApiCSPReport::$log
private

Definition at line 32 of file ApiCSPReport.php.

const ApiCSPReport::MAX_POST_SIZE = 8192

These reports should be small.

Ignore super big reports out of paranoia

Definition at line 37 of file ApiCSPReport.php.


The documentation for this class was generated from the following file: