npm
Sign UpSign In

zsyp

1.2.3 • Public • Published

NPM version Build Status Dependency Status

zsyp

CSP violation reports logger. Zsyp is a simple standalone web service that parses CPS violation reports and stores them in MongoDB collection.

Install

npm install --global zsyp

Environment

Zsyp is using dotenv and by default reads its environment from /etc/default/zsyp

  • ZSYP_PORT - port number on which, defaults to 3090
  • ZSYP_DB - mongo URI connection string, defaults to mongodb://localhost/zsyp
  • ZSYP_DOMAINS - domain name or a regular expression used to filter CSP violation reports - can be left empty in which case all reports for all domains are logged

Report format

{
  "from": {
    "ua": "Mozilla/5.0 (Macintosh; Intel Mac OS...",   // User-Agent string
    "browser": {                                       // browser brand and version
      "name": "Safari", 
      "version": "13"
    },
    "os": {                                            // operating system info
      "name": "Mac OS X",
      "version": "10"
    },
    "ip": "1.2.3.4"                                    // originator IP address 
  },
  "csp-report": {                                      // original CSP report
    "document-uri": "https://example.com/page",
    "referrer": "https://example.com/",
    "violated-directive": "...",
    "effective-directive": "...",
    "original-policy": "...",
    "blocked-uri": "",
    "status-code": 0,
    "source-file": "..."
  }
}

Logger

Reports are stored in csp collection. If you want to use capped collection create it manually before running zsyp.

db.createCollection( "csp", { capped: true, size: 100000 } );

License

MIT © Damian Krzeminski

Readme

Keywords

Package Sidebar

Install

npm i zsyp

Repository

github.com/pirxpilot/zsyp

Homepage

github.com/pirxpilot/zsyp#readme

Weekly Downloads

8

Version

1.2.3

License

MIT

Unpacked Size

9.97 kB

Total Files

11

Last publish

Collaborators

  • pirxpilot
Try on RunKit
Report malware