apifrom.security.sri

Subresource Integrity (SRI) implementation for APIFromAnything.

This module provides utilities for implementing Subresource Integrity (SRI) to ensure that resources loaded from external sources have not been tampered with.

Overview

Classes

BaseMiddleware
Request
Response
SRIBuilder
SRIGenerator
SRIHashAlgorithm
SRIMiddleware
SRIPolicy

Classes

BaseMiddleware(**options):bases: abc.ABC

Base middleware class for APIFromAnything.

This abstract class defines the interface for middleware components. Middleware components can process requests and responses.

apifrom.security.sri.options

Options for the middleware.

Type:

dict

Initialize a new BaseMiddleware instance.

param **options:

Options for the middleware.

class apifrom.security.sri.Request(request=None, path_params=None, method=None, path=None, query_params=None, headers=None, body=None, client_ip=None)[source]

Parameters:

request (Optional[starlette.requests.Request])
path_params (Optional[dict[Any, Any]])
method (Optional[str])
path (Optional[str])
query_params (Optional[dict[Any, Any]])
headers (Optional[dict[Any, Any]])
body (Optional[Union[str, bytes]])
client_ip (Optional[str])

Request class for APIFromAnything.

This class wraps a Starlette request and provides methods for accessing request data in a convenient way.

apifrom.security.sri._request

The underlying Starlette request.

apifrom.security.sri.path_params

Path parameters extracted from the URL.

apifrom.security.sri.query_params

Query parameters extracted from the URL.

apifrom.security.sri.headers

HTTP headers.

apifrom.security.sri.method

HTTP method.

apifrom.security.sri.path

Request path.

apifrom.security.sri._body

Cached request body.

Initialize a new Request instance.

param request:

The underlying Starlette request.

param path_params:

Path parameters extracted from the URL.

param method:

The HTTP method.

param path:

The request path.

param query_params:

Query parameters.

param headers:

HTTP headers.

param body:

Request body.

param client_ip:

Client IP address.

class apifrom.security.sri.Response(content=None, status_code=200, headers=None, content_type='application/json')[source]

Parameters:

content (Any)
status_code (int)
headers (Optional[Dict[str, str]])
content_type (str)

Response class for APIFromAnything.

This class represents an HTTP response and provides methods for setting response data, status code, and headers.

apifrom.security.sri.content

The response content.

apifrom.security.sri.status_code

The HTTP status code.

apifrom.security.sri.headers

HTTP headers.

apifrom.security.sri.content_type

The content type of the response.

Initialize a new Response instance.

param content:

The response content.

param status_code:

The HTTP status code.

param headers:

HTTP headers.

param content_type:

The content type of the response.

class apifrom.security.sri.SRIBuilder[source]

Helper class for building SRI policies.

apifrom.security.sri.create_common_cdn_policy()

:staticmethod:

Create an SRI policy for common CDN resources.

returns:

An SRI policy for common CDN resources

apifrom.security.sri.create_empty_policy()

:staticmethod:

Create an empty SRI policy.

returns:

An empty SRI policy

apifrom.security.sri.create_policy_from_html(html_content)

:staticmethod:

:async:

Create an SRI policy from HTML content by extracting script and link tags.

param html_content:

The HTML content to extract sources from

returns:

An SRI policy with the extracted sources

class apifrom.security.sri.SRIGenerator[source]

Utility for generating Subresource Integrity hashes.

apifrom.security.sri.generate_hash(content, algorithm=SRIHashAlgorithm.SHA384)

:staticmethod:

Generate a Subresource Integrity hash for the given content.

param content:

The content to hash (string or bytes)

param algorithm:

The hash algorithm to use

returns:

The SRI hash string in the format ‘algorithm-base64hash’

apifrom.security.sri.generate_integrity_attribute(content, algorithms=None)

:staticmethod:

Generate a complete integrity attribute for HTML elements.

param content:

The content to hash

param algorithms:

The hash algorithms to use (defaults to [SHA384])

returns:

The integrity attribute value with multiple hashes if requested

apifrom.security.sri.verify_integrity(content, integrity_value)

:staticmethod:

Verify that content matches an integrity value.

param content:

The content to verify

param integrity_value:

The integrity value to check against

returns:

True if the content matches any of the hashes in the integrity value

SRIHashAlgorithm:bases: enum.Enum

Hash algorithms supported by Subresource Integrity.

SRIMiddleware(script_sources = None, style_sources = None, verify_external_resources = False, algorithms = None, exempt_paths = None):bases: apifrom.middleware.base.BaseMiddleware

Middleware for adding Subresource Integrity headers to responses.

This middleware can modify HTML responses to add integrity attributes to script and link tags that load external resources.

param script_sources:

Dictionary mapping script URLs to their integrity values

param style_sources:

Dictionary mapping style URLs to their integrity values

param verify_external_resources:

Whether to verify external resources

param algorithms:

List of hash algorithms to use for verification

param exempt_paths:

Paths exempt from SRI

apifrom.security.sri._add_integrity_to_html(html_content)

Add integrity attributes to script and link tags in HTML content.

param html_content:

The HTML content to modify

returns:

The modified HTML content

apifrom.security.sri._fetch_and_compute_integrity(url)

:async:

Fetch a resource and compute its integrity value.

param url:

The URL of the resource to fetch

returns:

The integrity value, or None if the resource could not be fetched

apifrom.security.sri._is_exempt(request)

Check if a request is exempt from SRI processing.

param request:

The request to check

returns:

True if the request is exempt, False otherwise

apifrom.security.sri.process_request(request)

:async:

Process a request through the SRI middleware.

param request:

The request to process

returns:

The processed request

apifrom.security.sri.process_response(response)

:async:

Process a response through the SRI middleware.

param response:

The response to process

returns:

The processed response

class apifrom.security.sri.SRIPolicy[source]

Policy for configuring Subresource Integrity.

Initialize the SRI policy.

apifrom.security.sri._compute_integrity(url)

:async:

Compute the integrity value for a URL.

param url:

The URL to compute the integrity for

returns:

The integrity value, or None if it could not be computed

apifrom.security.sri.add_script_source(url, integrity=None)

Add a script source to the policy.

param url:

The URL of the script

param integrity:

The integrity value (will be computed if None)

returns:

The SRI policy instance for chaining

apifrom.security.sri.add_style_source(url, integrity=None)

Add a style source to the policy.

param url:

The URL of the stylesheet

param integrity:

The integrity value (will be computed if None)

returns:

The SRI policy instance for chaining

apifrom.security.sri.compute_missing_integrity_values()

:async:

Compute integrity values for sources that don’t have them.

returns:

The SRI policy instance for chaining

apifrom.security.sri.enable_verification(enable=True)

Enable or disable verification of external resources.

param enable:

Whether to enable verification

returns:

The SRI policy instance for chaining

apifrom.security.sri.set_algorithms(algorithms)

Set the hash algorithms to use.

param algorithms:

The hash algorithms to use

returns:

The SRI policy instance for chaining