Process Content Security Policy violations with SQL, Send to Slack
@dylburger
code:
data:privatelast updated:4 years ago
@dylburger/
Process Content Security Policy violations with SQL, Send to Slack

How this works

This workflow saves Content-Security Policy violations to a table in the Pipedream SQL service for analysis, and sends a formatted message about the violation to Slack.


If you want to run analysis on CSP violation data (see the SQL section below), or send yourself notifications of violations (via Slack, Discord, etc.), you're in the right place!

Quickstart

Just add the workflow's HTTP endpoint as the report-uri directive of your CSP. Here's how:

  1. Copy this workflow. This will generate a URL specific to your copy of the workflow, at the top of the workflow, under the HTTP trigger step. This URL can accept any HTTP request. We'll use that URL in step 3.

  2. In the send_slack_message step, press the Connect Account button to link your Slack account, and enter the Slack channel where you'd like to send notifications. See the Modifying the workflow section if you'd like to send these notifications somewhere else.

  3. Copy the workflow's HTTP endpoint and add it to your Content-Security Policy's report-uri directive:

Content-Security-Policy:
  report-uri https://yourendpoint.m.pipedream.net

Once you deploy this change, you should start receiving new CSP violations as HTTP requests in your workflow. You can examine each violation from the Inspector on the left, examining its full data along with the workflow's execution logs.

Modifying the workflow

By default, this workflow sends formatted messages about CSP violations to Slack. You can remove this step and send yourself an email, or send messages to Discord.

If you'd prefer to send the violation JSON to your own data store, you can swap out that step, too.

In general, you can modify this workflow however you'd like: you can run any Node code, require any npm package, and more.

Querying the data with SQL

Visit the SQL UI and run a query like this to explore the data:

SELECT *
FROM csp_violation_data
LIMIT 10;

Each section of the violation report will be included in its own field, so you can select or group by them to ask interesting questions. For example, let's rank the count of reports by directive and URL to see the top issues contributing to violations:

SELECT effective_directive, blocked_uri, COUNT(*)
FROM csp_violation_data
GROUP BY 1, 2
ORDER BY 3 DESC;

The SQL service uses Presto. You can learn more about running queries and the Presto SQL dialect in the Pipedream docs.