Package jenkins.security.csp

Class CspBuilder

java.lang.Object
jenkins.security.csp.CspBuilder
@Restricted(org.kohsuke.accmod.restrictions.Beta.class) public class CspBuilder extends Object
Builder for a CSP rule set.
Since:
TODO
See Also:

  • Constructor Details

    • CspBuilder

      public CspBuilder()

  • Method Details

    • withDefaultContributions

      public CspBuilder withDefaultContributions()

    • add

      public CspBuilder add(String directive, String... values)
      Add the given directive and values. If the directive is already present, merge the values. If this is a fetch directive, #add does not disable inheritance from fallback directives. To disable inheritance for fetch directives, call initialize(FetchDirective, String...) instead.

      The directives Directive.REPORT_URI and Directive.REPORT_TO cannot be set manually, so will be skipped.

      Similarly, the value Directive.NONE cannot be set and will be skipped. Instead, call remove(String, String...) with a single argument to reset the directive, then call initialize(FetchDirective, String...) with just the FetchDirective argument to disable inheritance.

      Parameters:
      directive - the directive to add
      values - the values to add to the directive. null values are ignored. If only null values are passed, the directive will not be added. This is different from calling this with only the directive argument (i.e., an empty list of values), which will add the directive with no additional values, potentially resulting in an effective Directive.NONE value.
      Returns:
      this builder

    • remove

      public CspBuilder remove(String directive, String... values)
      Remove the given values from the directive, if present. If the directive does not exist, do nothing. If no values are provided, removes the entire directive.
      Parameters:
      directive - the directive to remove
      values - the values to remove from the directive, or none if the entire directive should be removed.
      Returns:
      this builder

    • initialize

      public CspBuilder initialize(FetchDirective fetchDirective, String... values)
      Adds an initial value for the specified *-src directive. Unlike calls to add(String, String...), this disables inheriting from (fetch directive) fallbacks. This can be invoked multiple times, and the merged set of values will be used.
      Parameters:
      fetchDirective - the directive
      values - Its initial values. If this is an empty list, will initialize as Directive.NONE. null values in the list are ignored. If this is a non-empty list with only null values, this invocation has no effect.
      Returns:
      this builder

    • getMergedDirectives

      public List<Directive> getMergedDirectives()
      Determine the current effective directives. This can be used to inform potential callers of remove(String, String...) what to remove.
      Returns:
      the current effective directives

    • build

      public String build()
      Build the final CSP string. Any directives with no values left will have the 'none' value set.
      Returns:
      the CSP string

    • buildDirectives

      public Map<String,String> buildDirectives()
      Compiles the directives into a map from key (e.g., default-src) to values (e.g., 'self' 'unsafe-inline').
      Returns:
      a map from directive name to its value for all specified directives.