class YamlCspConfig::YamlLoader

The entity that is responsible for loading the YAML and applying overrides

Constants

DIRECTIVES

Attributes

config_file_path[R]
env_var_group_key[R]
env_var_key_prefix[R]
policy[R]

Public Class Methods

call(policy, config_file = YamlCspConfig.configuration.configuration_file_path) click to toggle source
# File lib/yaml_csp_config/yaml_loader.rb, line 26
def call(policy, config_file = YamlCspConfig.configuration.configuration_file_path)
  new(policy, config_file).configure
end
new( policy, config_file_path, group_key: YamlCspConfig.configuration.default_env_var_group_key, var_key_prefix: YamlCspConfig.configuration.default_env_var_additions_key_prefix ) click to toggle source
# File lib/yaml_csp_config/yaml_loader.rb, line 31
def initialize(
  policy,
  config_file_path,
  group_key: YamlCspConfig.configuration.default_env_var_group_key,
  var_key_prefix: YamlCspConfig.configuration.default_env_var_additions_key_prefix
)
  raise ArgumentError, "Config file doesn't exist" unless File.exist?(config_file_path)

  @policy = policy
  @config_file_path = config_file_path
  @env_var_group_key = group_key
  @env_var_key_prefix = var_key_prefix
end

Public Instance Methods

configure() click to toggle source
# File lib/yaml_csp_config/yaml_loader.rb, line 45
def configure
  configure_with_overrides.each do |rule, values|
    unless policy.respond_to?(rule.to_sym)
      raise StandardError, "A CSP configuration was defined for an unsupported directive/setting: #{rule}"
    end

    policy.send(rule, *values)
  end

  policy
end

Private Instance Methods

add_to_csp(policies, rule, value) click to toggle source
# File lib/yaml_csp_config/yaml_loader.rb, line 106
def add_to_csp(policies, rule, value)
  policies[rule] ||= []
  policies[rule] += parse_policies_config(value)
end
config_key_base() click to toggle source
# File lib/yaml_csp_config/yaml_loader.rb, line 115
def config_key_base
  @config_key_base ||= YamlCspConfig.configuration.yaml_config_base_key.to_s
end
configure_with_overrides() click to toggle source
# File lib/yaml_csp_config/yaml_loader.rb, line 66
def configure_with_overrides
  config = raw_configuration
  policies = config[config_key_base].transform_values { |v| parse_policies_config(v) }
  env_var_direct_override(
    env_var_group_override(
      config,
      env_override(config, policies)
    )
  )
end
env_override(config, policies) click to toggle source

Override with any Rails env specific config

# File lib/yaml_csp_config/yaml_loader.rb, line 78
def env_override(config, policies)
  d = config[Rails.env.to_s]
  return policies unless d
  raise(StandardError, "The config is invalid for env #{Rails.env}") unless d.is_a?(Hash)
  d.each { |k, v| add_to_csp(policies, k, v) }
  policies
end
env_var_direct_override(policies) click to toggle source

Allow environment variables to add to rules

# File lib/yaml_csp_config/yaml_loader.rb, line 97
def env_var_direct_override(policies)
  DIRECTIVES.each do |rule|
    d = rule.to_s
    k = env_var_key_prefix + d.upcase
    add_to_csp(policies, d, ENV[k].split(" ")) if ENV[k].present?
  end
  policies
end
env_var_group_override(config, policies) click to toggle source

Optional an overriding config group can be specified by name in an environment variable

# File lib/yaml_csp_config/yaml_loader.rb, line 87
def env_var_group_override(config, policies)
  group_name = ENV[env_var_group_key]
  return policies if group_name.nil? || group_name.empty? || group_name == Rails.env
  d = config[group_name]
  raise(StandardError, "The config is invalid for #{group_name}") unless d.is_a?(Hash)
  d.each { |k, v| add_to_csp(policies, k, v) }
  policies
end
parse_policies_config(policy) click to toggle source
# File lib/yaml_csp_config/yaml_loader.rb, line 111
def parse_policies_config(policy)
  Array.wrap(policy).flatten
end
raw_configuration() click to toggle source
# File lib/yaml_csp_config/yaml_loader.rb, line 61
def raw_configuration
  parsed = ERB.new(File.read(config_file_path.to_s)).result(binding)
  YAML.safe_load(parsed, permitted_classes: [Symbol], aliases: true)
end