apifrom.security.sri ==================== Subresource Integrity (SRI) implementation for APIFromAnything. This module provides utilities for implementing Subresource Integrity (SRI) to ensure that resources loaded from external sources have not been tampered with. .. py:currentmodule:: apifrom.security.sri Overview -------- **Classes** * :py:class:`BaseMiddleware` * :py:class:`Request` * :py:class:`Response` * :py:class:`SRIBuilder` * :py:class:`SRIGenerator` * :py:class:`SRIHashAlgorithm` * :py:class:`SRIMiddleware` * :py:class:`SRIPolicy` Classes ------- .. py:class:: BaseMiddleware(**options):bases: abc.ABC Base middleware class for APIFromAnything. This abstract class defines the interface for middleware components. Middleware components can process requests and responses. .. attribute:: options Options for the middleware. :type: dict Initialize a new BaseMiddleware instance. :param \*\*options: Options for the middleware. .. py:class:: Request(request = None, path_params = None, method = None, path = None, query_params = None, headers = None, body = None, client_ip = None) Request class for APIFromAnything. This class wraps a Starlette request and provides methods for accessing request data in a convenient way. .. attribute:: _request The underlying Starlette request. .. attribute:: path_params Path parameters extracted from the URL. .. attribute:: query_params Query parameters extracted from the URL. .. attribute:: headers HTTP headers. .. attribute:: method HTTP method. .. attribute:: path Request path. .. attribute:: _body Cached request body. Initialize a new Request instance. :param request: The underlying Starlette request. :param path_params: Path parameters extracted from the URL. :param method: The HTTP method. :param path: The request path. :param query_params: Query parameters. :param headers: HTTP headers. :param body: Request body. :param client_ip: Client IP address. .. py:class:: Response(content = None, status_code = 200, headers = None, content_type = 'application/json') Response class for APIFromAnything. This class represents an HTTP response and provides methods for setting response data, status code, and headers. .. attribute:: content The response content. .. attribute:: status_code The HTTP status code. .. attribute:: headers HTTP headers. .. attribute:: content_type The content type of the response. Initialize a new Response instance. :param content: The response content. :param status_code: The HTTP status code. :param headers: HTTP headers. :param content_type: The content type of the response. .. py:class:: SRIBuilder Helper class for building SRI policies. .. method:: create_common_cdn_policy() :staticmethod: Create an SRI policy for common CDN resources. :returns: An SRI policy for common CDN resources .. method:: create_empty_policy() :staticmethod: Create an empty SRI policy. :returns: An empty SRI policy .. method:: create_policy_from_html(html_content) :staticmethod: :async: Create an SRI policy from HTML content by extracting script and link tags. :param html_content: The HTML content to extract sources from :returns: An SRI policy with the extracted sources .. py:class:: SRIGenerator Utility for generating Subresource Integrity hashes. .. method:: generate_hash(content, algorithm = SRIHashAlgorithm.SHA384) :staticmethod: Generate a Subresource Integrity hash for the given content. :param content: The content to hash (string or bytes) :param algorithm: The hash algorithm to use :returns: The SRI hash string in the format 'algorithm-base64hash' .. method:: generate_integrity_attribute(content, algorithms = None) :staticmethod: Generate a complete integrity attribute for HTML elements. :param content: The content to hash :param algorithms: The hash algorithms to use (defaults to [SHA384]) :returns: The integrity attribute value with multiple hashes if requested .. method:: verify_integrity(content, integrity_value) :staticmethod: Verify that content matches an integrity value. :param content: The content to verify :param integrity_value: The integrity value to check against :returns: True if the content matches any of the hashes in the integrity value .. py:class:: SRIHashAlgorithm:bases: enum.Enum Hash algorithms supported by Subresource Integrity. .. :: SHA256 .. :: SHA384 .. :: SHA512 .. py:class:: SRIMiddleware(script_sources = None, style_sources = None, verify_external_resources = False, algorithms = None, exempt_paths = None):bases: apifrom.middleware.base.BaseMiddleware Middleware for adding Subresource Integrity headers to responses. This middleware can modify HTML responses to add integrity attributes to script and link tags that load external resources. :param script_sources: Dictionary mapping script URLs to their integrity values :param style_sources: Dictionary mapping style URLs to their integrity values :param verify_external_resources: Whether to verify external resources :param algorithms: List of hash algorithms to use for verification :param exempt_paths: Paths exempt from SRI .. :: _integrity_cache :annotation: Dict[str, str] .. :: algorithms .. :: exempt_paths .. :: script_sources .. :: style_sources .. :: verify_external_resources .. method:: _add_integrity_to_html(html_content) Add integrity attributes to script and link tags in HTML content. :param html_content: The HTML content to modify :returns: The modified HTML content .. method:: _fetch_and_compute_integrity(url) :async: Fetch a resource and compute its integrity value. :param url: The URL of the resource to fetch :returns: The integrity value, or None if the resource could not be fetched .. method:: _is_exempt(request) Check if a request is exempt from SRI processing. :param request: The request to check :returns: True if the request is exempt, False otherwise .. method:: process_request(request) :async: Process a request through the SRI middleware. :param request: The request to process :returns: The processed request .. method:: process_response(response) :async: Process a response through the SRI middleware. :param response: The response to process :returns: The processed response .. py:class:: SRIPolicy Policy for configuring Subresource Integrity. Initialize the SRI policy. .. :: algorithms .. :: script_sources .. :: style_sources .. :: verify_external_resources .. method:: _compute_integrity(url) :async: Compute the integrity value for a URL. :param url: The URL to compute the integrity for :returns: The integrity value, or None if it could not be computed .. method:: add_script_source(url, integrity = None) Add a script source to the policy. :param url: The URL of the script :param integrity: The integrity value (will be computed if None) :returns: The SRI policy instance for chaining .. method:: add_style_source(url, integrity = None) Add a style source to the policy. :param url: The URL of the stylesheet :param integrity: The integrity value (will be computed if None) :returns: The SRI policy instance for chaining .. method:: compute_missing_integrity_values() :async: Compute integrity values for sources that don't have them. :returns: The SRI policy instance for chaining .. method:: enable_verification(enable = True) Enable or disable verification of external resources. :param enable: Whether to enable verification :returns: The SRI policy instance for chaining .. method:: set_algorithms(algorithms) Set the hash algorithms to use. :param algorithms: The hash algorithms to use :returns: The SRI policy instance for chaining