A Python script that scans HTML files to automatically generate strict Content-Security-Policy headers based on detected sources.
Scan HTML files in directory and build CSP (content-security-policy) header
This tool is used by web developers and security professionals to automate the creation of CSP headers by analyzing the actual content of HTML files, ensuring accurate and strict policy definitions. It helps prevent security risks like cross-site scripting by identifying all source references and building appropriate CSP directives.
Users should ensure their HTML files are complete and representative of the deployed site to generate accurate CSP headers. The tool warns about unencrypted HTTP sources, which should be addressed to maintain strict security. Customization of directive search conditions is possible by modifying the definitions.py file, allowing advanced users to tailor CSP generation to specific project needs.
Run `pip3 install csp-scan`cd my-frontend-src
Navigate to the directory containing the HTML files to be scanned.
csp-scan
Run the CSP scan on the current directory to generate the Content-Security-Policy header.
csp-scan -d 'self'
Specify the value for the default-src directive; defaults to 'self'.
csp-scan -r https://example.com/report
Set a report URI to which CSP violation reports will be sent.
csp-scan -l
Include entire source paths literally in the generated CSP header.