From f9aff98bb893f90bec632301aa9eb717998c31dd Mon Sep 17 00:00:00 2001
From: Kai Knoblich <kai@FreeBSD.org>
Date: Tue, 7 Apr 2020 10:41:34 +0000
Subject: [PATCH] [NEW PORT] www/py-django-debreach

Basic/extra mitigation against the BREACH attack for Django projects.

django-debreach provides additional protection to Django's built in CSRF token
masking by randomizing the content length of each response.

This is achieved by adding a random string of between 12 and 25 characters as a
comment to the end of the HTML content.  Note that this will only be applied to
responses with a content type of text/html.

WWW: https://github.com/lpomfrey/django-debreach
---
 www/Makefile                     |  1 +
 www/py-django-debreach/Makefile  | 25 +++++++++++++++++++++++++
 www/py-django-debreach/distinfo  |  3 +++
 www/py-django-debreach/pkg-descr | 10 ++++++++++
 4 files changed, 39 insertions(+)
 create mode 100644 www/py-django-debreach/Makefile
 create mode 100644 www/py-django-debreach/distinfo
 create mode 100644 www/py-django-debreach/pkg-descr

diff --git a/www/Makefile b/www/Makefile
index 2f08543d4a86..ab1a98c37ed9 100644
--- a/www/Makefile
+++ b/www/Makefile
@@ -1508,6 +1508,7 @@
     SUBDIR += py-django-crispy-forms
     SUBDIR += py-django-cron
     SUBDIR += py-django-datetime-widget
+    SUBDIR += py-django-debreach
     SUBDIR += py-django-debug-toolbar
     SUBDIR += py-django-dpaste
     SUBDIR += py-django-evolution
diff --git a/www/py-django-debreach/Makefile b/www/py-django-debreach/Makefile
new file mode 100644
index 000000000000..b06938103c43
--- /dev/null
+++ b/www/py-django-debreach/Makefile
@@ -0,0 +1,25 @@
+# $FreeBSD$
+
+PORTNAME=	django-debreach
+PORTVERSION=	2.0.1
+CATEGORIES=	www security python
+MASTER_SITES=	CHEESESHOP
+PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
+
+MAINTAINER=	kai@FreeBSD.org
+COMMENT=	Adds protection against the BREACH attack in Django
+
+LICENSE=	BSD2CLAUSE
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+TEST_DEPENDS=	${PYTHON_PKGNAMEPREFIX}django22>0:www/py-django22@${PY_FLAVOR}
+
+USES=		python:3.5+
+USE_PYTHON=	autoplist distutils
+
+NO_ARCH=	yes
+
+do-test:
+	@cd ${WRKSRC} && ${PYTHON_CMD} runtests.py
+
+.include <bsd.port.mk>
diff --git a/www/py-django-debreach/distinfo b/www/py-django-debreach/distinfo
new file mode 100644
index 000000000000..686ae673e756
--- /dev/null
+++ b/www/py-django-debreach/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1586162610
+SHA256 (django-debreach-2.0.1.tar.gz) = 3dd90385918daef4951e67ef6c3dcb550ac5164d84f5cc9889ed52e312597d68
+SIZE (django-debreach-2.0.1.tar.gz) = 14592
diff --git a/www/py-django-debreach/pkg-descr b/www/py-django-debreach/pkg-descr
new file mode 100644
index 000000000000..28a5dbb2c7f2
--- /dev/null
+++ b/www/py-django-debreach/pkg-descr
@@ -0,0 +1,10 @@
+Basic/extra mitigation against the BREACH attack for Django projects.
+
+django-debreach provides additional protection to Django's built in CSRF token
+masking by randomizing the content length of each response.
+
+This is achieved by adding a random string of between 12 and 25 characters as a
+comment to the end of the HTML content.  Note that this will only be applied to
+responses with a content type of text/html.
+
+WWW: https://github.com/lpomfrey/django-debreach