Added checkcsp logic

2025-10-31 10:19:09 +00:00 · 2025-05-13 15:33:06 +02:00
parent 383fb5bd90
commit 894e31bc3f
1 changed files with 23 additions and 27 deletions
--- a/roles/health-csp/files/health-csp.py
+++ b/roles/health-csp/files/health-csp.py
@@ -6,61 +6,57 @@ import subprocess
 import sys
 import argparse

-
 def extract_domains(config_path):
    """
    Extracts domain names from .conf filenames in the given directory.
    """
    domain_pattern = re.compile(r'^([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}\.conf$')
-    domains = []
-
    try:
-        for filename in os.listdir(config_path):
-            if filename.endswith(".conf") and domain_pattern.match(filename):
-                domain = filename[:-5]  # Remove ".conf"
-                domains.append(domain)
+        return [
+            fn[:-5]
+            for fn in os.listdir(config_path)
+            if fn.endswith(".conf") and domain_pattern.match(fn)
+        ]
    except FileNotFoundError:
        print(f"Directory {config_path} not found.", file=sys.stderr)
        return None

-    return domains
-
-
-def run_node_checker(script_path, domains):
+def run_checkcsp(domains):
    """
-    Executes the Node.js CSP checker script with the given domains.
+    Executes the 'checkcsp' command with the given domains.
    """
+    cmd = ["checkcsp", "start"] + domains
    try:
-        result = subprocess.run(
-            ["node", script_path] + domains,
-            check=True
-        )
+        result = subprocess.run(cmd, check=True)
        return result.returncode
    except subprocess.CalledProcessError as e:
-        print(f"{os.path.basename(script_path)} reported issues (exit code {e.returncode})")
+        print(f"'checkcsp' reported issues (exit code {e.returncode})", file=sys.stderr)
        return e.returncode
    except Exception as e:
        print(f"Unexpected error: {e}", file=sys.stderr)
        return 1

-
 def main():
-    parser = argparse.ArgumentParser(description="Check CSP-blocked resources via Puppeteer")
-    parser.add_argument("--nginx-config-dir", required=True, help="Directory containing NGINX .conf files")
-    parser.add_argument("--script", required=True, help="Path to Node.js CSP checker script")
+    parser = argparse.ArgumentParser(
+        description="Extract domains from NGINX and run checkcsp against them"
+    )
+    parser.add_argument(
+        "--nginx-config-dir",
+        required=True,
+        help="Directory containing NGINX .conf files"
+    )
    args = parser.parse_args()

    domains = extract_domains(args.nginx_config_dir)
-
    if domains is None:
-        return 1
+        sys.exit(1)

    if not domains:
        print("No domains found to check.")
-        return 0
-
-    return run_node_checker(args.script, domains)
+        sys.exit(0)

+    rc = run_checkcsp(domains)
+    sys.exit(rc)

 if __name__ == "__main__":
-    sys.exit(main())
+    main()