From 3814e10f20cbd4933c59c56960b76032ef24fb4e Mon Sep 17 00:00:00 2001 From: Seednode Date: Tue, 30 Jan 2024 13:27:45 -0600 Subject: [PATCH] Change nonce length to a constant --- cmd/errors.go | 4 ++-- cmd/root.go | 2 +- types/audio/audio.go | 2 +- types/code/code.go | 2 +- types/flash/flash.go | 2 +- types/images/images.go | 2 +- types/text/text.go | 2 +- types/types.go | 6 ++++-- types/video/video.go | 2 +- 9 files changed, 13 insertions(+), 11 deletions(-) diff --git a/cmd/errors.go b/cmd/errors.go index 5f48dc2..79a0bf1 100644 --- a/cmd/errors.go +++ b/cmd/errors.go @@ -31,7 +31,7 @@ func notFound(w http.ResponseWriter, r *http.Request, path string) error { w.WriteHeader(http.StatusNotFound) w.Header().Add("Content-Type", "text/html") - nonce := types.GetNonce(6) + nonce := types.GetNonce() w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s';", nonce)) @@ -57,7 +57,7 @@ func serverError(w http.ResponseWriter, r *http.Request, i interface{}) { w.WriteHeader(http.StatusInternalServerError) w.Header().Add("Content-Type", "text/html") - nonce := types.GetNonce(6) + nonce := types.GetNonce() w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s';", nonce)) diff --git a/cmd/root.go b/cmd/root.go index cf0e9f3..41450da 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -17,7 +17,7 @@ import ( const ( AllowedCharacters string = `^[A-z0-9.\-_]+$` - ReleaseVersion string = "8.2.0" + ReleaseVersion string = "8.3.0" ) var ( diff --git a/types/audio/audio.go b/types/audio/audio.go index f5aa99d..3612a8e 100644 --- a/types/audio/audio.go +++ b/types/audio/audio.go @@ -15,7 +15,7 @@ import ( type Format struct{} func (t Format) CSP(w http.ResponseWriter) string { - nonce := types.GetNonce(6) + nonce := types.GetNonce() w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s';", nonce)) diff --git a/types/code/code.go b/types/code/code.go index 2bd05df..d3a9d43 100644 --- a/types/code/code.go +++ b/types/code/code.go @@ -26,7 +26,7 @@ type Format struct { } func (t Format) CSP(w http.ResponseWriter) string { - nonce := types.GetNonce(6) + nonce := types.GetNonce() w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';", nonce)) diff --git a/types/flash/flash.go b/types/flash/flash.go index d66d012..e6030c0 100644 --- a/types/flash/flash.go +++ b/types/flash/flash.go @@ -15,7 +15,7 @@ import ( type Format struct{} func (t Format) CSP(w http.ResponseWriter) string { - nonce := types.GetNonce(6) + nonce := types.GetNonce() w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s'; script-src 'self' 'unsafe-inline'", nonce)) diff --git a/types/images/images.go b/types/images/images.go index 5d96a3a..c6163b4 100644 --- a/types/images/images.go +++ b/types/images/images.go @@ -32,7 +32,7 @@ type Format struct { } func (t Format) CSP(w http.ResponseWriter) string { - nonce := types.GetNonce(6) + nonce := types.GetNonce() w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s';", nonce)) diff --git a/types/text/text.go b/types/text/text.go index 4a98dcd..affcccd 100644 --- a/types/text/text.go +++ b/types/text/text.go @@ -18,7 +18,7 @@ import ( type Format struct{} func (t Format) CSP(w http.ResponseWriter) string { - nonce := types.GetNonce(6) + nonce := types.GetNonce() w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s';", nonce)) diff --git a/types/types.go b/types/types.go index 8b88f1c..b30460f 100644 --- a/types/types.go +++ b/types/types.go @@ -13,6 +13,8 @@ import ( "strings" ) +const NonceLength = 6 + var SupportedFormats = make(Types) type Type interface { @@ -136,8 +138,8 @@ func removeDuplicateStr(strSlice []string) []string { return list } -func GetNonce(length int) string { - b := make([]byte, length) +func GetNonce() string { + b := make([]byte, NonceLength) if _, err := rand.Read(b); err != nil { return "" } diff --git a/types/video/video.go b/types/video/video.go index 60d35c2..40b2a08 100644 --- a/types/video/video.go +++ b/types/video/video.go @@ -16,7 +16,7 @@ import ( type Format struct{} func (t Format) CSP(w http.ResponseWriter) string { - nonce := types.GetNonce(6) + nonce := types.GetNonce() w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s';", nonce))