Add urls from various adware to the CSP false positive list

[lhc/web/wiklou.git] / includes / api / ApiCSPReport.php

diff --git a/includes/api/ApiCSPReport.php b/includes/api/ApiCSPReport.php
index 5271996..407ae71 100644 (file)
--- a/includes/api/ApiCSPReport.php
+++ b/includes/api/ApiCSPReport.php
@@ -87,6 +87,7 @@ class ApiCSPReport extends ApiBase {
                $reportOnly = $this->getParameter( 'reportonly' );
                $userAgent = $this->getRequest()->getHeader( 'user-agent' );
                $source = $this->getParameter( 'source' );
+               $falsePositives = $this->getConfig()->get( 'CSPFalsePositiveUrls' );
 
                $flags = [];
                if ( $source !== 'internal' ) {
@@ -95,6 +96,16 @@ class ApiCSPReport extends ApiBase {
                if ( $reportOnly ) {
                        $flags[] = 'report-only';
                }
+
+               if (
+                       ( isset( $report['blocked-uri'] ) &&
+                       isset( $falsePositives[$report['blocked-uri']] ) )
+                       || ( isset( $report['source-file'] ) &&
+                       isset( $falsePositives[$report['source-file']] ) )
+               ) {
+                       // Report caused by Ad-Ware
+                       $flags[] = 'false-positive';
+               }
                return $flags;
        }