Date: Tue, 7 Apr 2020 10:41:35 +0000 (UTC) From: Kai Knoblich <kai@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r530965 - in head/www: . py-django-debreach Message-ID: <202004071041.037AfZmA028175@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kai Date: Tue Apr 7 10:41:34 2020 New Revision: 530965 URL: https://svnweb.freebsd.org/changeset/ports/530965 Log: [NEW PORT] www/py-django-debreach Basic/extra mitigation against the BREACH attack for Django projects. django-debreach provides additional protection to Django's built in CSRF token masking by randomizing the content length of each response. This is achieved by adding a random string of between 12 and 25 characters as a comment to the end of the HTML content. Note that this will only be applied to responses with a content type of text/html. WWW: https://github.com/lpomfrey/django-debreach Added: head/www/py-django-debreach/ head/www/py-django-debreach/Makefile (contents, props changed) head/www/py-django-debreach/distinfo (contents, props changed) head/www/py-django-debreach/pkg-descr (contents, props changed) Modified: head/www/Makefile Modified: head/www/Makefile ============================================================================== --- head/www/Makefile Tue Apr 7 10:28:01 2020 (r530964) +++ head/www/Makefile Tue Apr 7 10:41:34 2020 (r530965) @@ -1508,6 +1508,7 @@ SUBDIR += py-django-crispy-forms SUBDIR += py-django-cron SUBDIR += py-django-datetime-widget + SUBDIR += py-django-debreach SUBDIR += py-django-debug-toolbar SUBDIR += py-django-dpaste SUBDIR += py-django-evolution Added: head/www/py-django-debreach/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/py-django-debreach/Makefile Tue Apr 7 10:41:34 2020 (r530965) @@ -0,0 +1,25 @@ +# $FreeBSD$ + +PORTNAME= django-debreach +PORTVERSION= 2.0.1 +CATEGORIES= www security python +MASTER_SITES= CHEESESHOP +PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} + +MAINTAINER= kai@FreeBSD.org +COMMENT= Adds protection against the BREACH attack in Django + +LICENSE= BSD2CLAUSE +LICENSE_FILE= ${WRKSRC}/LICENSE + +TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}django22>0:www/py-django22@${PY_FLAVOR} + +USES= python:3.5+ +USE_PYTHON= autoplist distutils + +NO_ARCH= yes + +do-test: + @cd ${WRKSRC} && ${PYTHON_CMD} runtests.py + +.include <bsd.port.mk> Added: head/www/py-django-debreach/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/py-django-debreach/distinfo Tue Apr 7 10:41:34 2020 (r530965) @@ -0,0 +1,3 @@ +TIMESTAMP = 1586162610 +SHA256 (django-debreach-2.0.1.tar.gz) = 3dd90385918daef4951e67ef6c3dcb550ac5164d84f5cc9889ed52e312597d68 +SIZE (django-debreach-2.0.1.tar.gz) = 14592 Added: head/www/py-django-debreach/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/py-django-debreach/pkg-descr Tue Apr 7 10:41:34 2020 (r530965) @@ -0,0 +1,10 @@ +Basic/extra mitigation against the BREACH attack for Django projects. + +django-debreach provides additional protection to Django's built in CSRF token +masking by randomizing the content length of each response. + +This is achieved by adding a random string of between 12 and 25 characters as a +comment to the end of the HTML content. Note that this will only be applied to +responses with a content type of text/html. + +WWW: https://github.com/lpomfrey/django-debreach
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202004071041.037AfZmA028175>