|
|
import gradio as gr |
|
|
import requests |
|
|
|
|
|
def analyze_csp(url): |
|
|
if not url.startswith("http"): |
|
|
url = "http://" + url |
|
|
|
|
|
try: |
|
|
response = requests.get(url, timeout=5) |
|
|
csp = response.headers.get("Content-Security-Policy") |
|
|
|
|
|
if not csp: |
|
|
return "❌ No `Content-Security-Policy` header found.\n\nℹ️ Consider adding a CSP header to help prevent XSS and other code injection attacks." |
|
|
|
|
|
output = f"✅ `Content-Security-Policy` Found:\n\n```\n{csp}\n```\n" |
|
|
|
|
|
|
|
|
insecure_patterns = ["unsafe-inline", "unsafe-eval", "*", "data:", "blob:"] |
|
|
warnings = [] |
|
|
|
|
|
for pattern in insecure_patterns: |
|
|
if pattern in csp: |
|
|
warnings.append(f"⚠️ Contains insecure directive: `{pattern}`") |
|
|
|
|
|
if warnings: |
|
|
output += "\n🔎 Warnings:\n" + "\n".join(warnings) |
|
|
else: |
|
|
output += "\n✅ No obviously insecure directives detected." |
|
|
|
|
|
|
|
|
output += "\n\n💡 Tip: Use a strict CSP and avoid wildcards or unsafe directives whenever possible.\nYou can test CSP at [https://csp-evaluator.withgoogle.com](https://csp-evaluator.withgoogle.com)" |
|
|
|
|
|
return output |
|
|
|
|
|
except requests.exceptions.RequestException as e: |
|
|
return f"❌ Error: {str(e)}" |
|
|
|
|
|
iface = gr.Interface( |
|
|
fn=analyze_csp, |
|
|
inputs=gr.Textbox(label="Enter Website URL", placeholder="e.g. https://example.com"), |
|
|
outputs=gr.Markdown(label="CSP Analysis"), |
|
|
title="🔐 Content Security Policy (CSP) Analyzer", |
|
|
description="Checks if a site uses a CSP header and analyzes its security. Highlights common issues like use of wildcards or unsafe directives." |
|
|
) |
|
|
|
|
|
if __name__ == "__main__": |
|
|
iface.launch() |
|
|
|
