From 643348b29ddf0396cb5897673cf3cedc76631bf9 Mon Sep 17 00:00:00 2001
From: labkey-jeckels <jeckels@labkey.com>
Date: Mon, 24 Feb 2025 16:57:05 -0800
Subject: [PATCH] New metrics to track report and enforce CSPs

---
 api/src/org/labkey/api/ApiModule.java | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/api/src/org/labkey/api/ApiModule.java b/api/src/org/labkey/api/ApiModule.java
index e6029ffb627..081769b911c 100644
--- a/api/src/org/labkey/api/ApiModule.java
+++ b/api/src/org/labkey/api/ApiModule.java
@@ -149,6 +149,7 @@
 import org.labkey.api.settings.OptionalFeatureService.FeatureType;
 import org.labkey.api.settings.OptionalFeatureStartupListener;
 import org.labkey.api.settings.WriteableLookAndFeelProperties;
+import org.labkey.api.usageMetrics.UsageMetricsService;
 import org.labkey.api.util.ChecksumUtil;
 import org.labkey.api.util.Compress;
 import org.labkey.api.util.ContextListener;
@@ -216,6 +217,8 @@ public class ApiModule extends CodeOnlyModule
     private static final String CORS_PREFIX = "cors.";
     private static final String CORS_FILTER_NAME = "CorsFilter";
 
+    private static final Map<String, Object> CSP_METRICS = new HashMap<>();
+
     @Override
     protected void init()
     {
@@ -261,6 +264,9 @@ protected void doStartup(ModuleContext moduleContext)
         ContextListener.addStartupListener(new OptionalFeatureStartupListener());
         ContextListener.addStartupListener(new SystemMaintenanceStartupListener());
         ContextListener.addStartupListener(new StartupPropertyStartupListener());
+
+        UsageMetricsService.get().registerUsageMetrics(getName(), () ->
+                Map.of("contentSecurityPolicy", Collections.unmodifiableMap(CSP_METRICS)));
     }
 
     @Override
@@ -314,6 +320,7 @@ private void addCSPFilter(ServletContext servletCtx, String parameterName, Strin
         String policy = servletCtx.getInitParameter(parameterName);
         if (null != policy)
         {
+            CSP_METRICS.put(disposition, policy);
             FilterRegistration registration = servletCtx.addFilter(filterName, new ContentSecurityPolicyFilter());
             registration.addMappingForUrlPatterns(allOf(DispatcherType.class), false, "/*");
             registration.setInitParameters(Map.of("policy", policy, "disposition", disposition));
@@ -537,7 +544,7 @@ public JSONObject getPageContextJson(ContainerUser context)
     {
         JSONObject json = new JSONObject(getDefaultPageContextJson(context.getContainer()));
 
-        AuthenticationConfiguration.SSOAuthenticationConfiguration config = AuthenticationManager.getAutoRedirectSSOAuthConfiguration();
+        AuthenticationConfiguration.SSOAuthenticationConfiguration<?> config = AuthenticationManager.getAutoRedirectSSOAuthConfiguration();
         if (config != null)
             json.put("AutoRedirectSSOAuthConfiguration", config.getDescription());