[NEW PORT] www/py-django-debreach

Basic/extra mitigation against the BREACH attack for Django projects. django-debreach provides additional protection to Django's built in CSRF token masking by randomizing the content length of each response. This is achieved by adding a random string of between 12 and 25 characters as a comment to the end of the HTML content. Note that this will only be applied to responses with a content type of text/html. WWW: https://github.com/lpomfrey/django-debreach
svn path=/head/; revision=530965
2025-01-03 06:04:53 +00:00 · 2020-04-07 10:41:34 +00:00 · 2020-04-07 10:41:34 +00:00 · f9aff98bb8 · 2021-03-31 03:12:20 +00:00
commit f9aff98bb8
parent 3803aeb484
4 changed files with 39 additions and 0 deletions
--- a/www/Makefile
+++ b/www/Makefile
@ -1508,6 +1508,7 @@
    SUBDIR += py-django-crispy-forms
    SUBDIR += py-django-cron
    SUBDIR += py-django-datetime-widget
+    SUBDIR += py-django-debreach
    SUBDIR += py-django-debug-toolbar
    SUBDIR += py-django-dpaste
    SUBDIR += py-django-evolution
--- a/www/py-django-debreach/Makefile
+++ b/www/py-django-debreach/Makefile
@ -0,0 +1,25 @@
+# $FreeBSD$
+
+PORTNAME=	django-debreach
+PORTVERSION=	2.0.1
+CATEGORIES=	www security python
+MASTER_SITES=	CHEESESHOP
+PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
+
+MAINTAINER=	kai@FreeBSD.org
+COMMENT=	Adds protection against the BREACH attack in Django
+
+LICENSE=	BSD2CLAUSE
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+TEST_DEPENDS=	${PYTHON_PKGNAMEPREFIX}django22>0:www/py-django22@${PY_FLAVOR}
+
+USES=		python:3.5+
+USE_PYTHON=	autoplist distutils
+
+NO_ARCH=	yes
+
+do-test:
+	@cd ${WRKSRC} && ${PYTHON_CMD} runtests.py
+
+.include <bsd.port.mk>
--- a/www/py-django-debreach/distinfo
+++ b/www/py-django-debreach/distinfo
@ -0,0 +1,3 @@
+TIMESTAMP = 1586162610
+SHA256 (django-debreach-2.0.1.tar.gz) = 3dd90385918daef4951e67ef6c3dcb550ac5164d84f5cc9889ed52e312597d68
+SIZE (django-debreach-2.0.1.tar.gz) = 14592
--- a/www/py-django-debreach/pkg-descr
+++ b/www/py-django-debreach/pkg-descr
@ -0,0 +1,10 @@
+Basic/extra mitigation against the BREACH attack for Django projects.
+
+django-debreach provides additional protection to Django's built in CSRF token
+masking by randomizing the content length of each response.
+
+This is achieved by adding a random string of between 12 and 25 characters as a
+comment to the end of the HTML content.  Note that this will only be applied to
+responses with a content type of text/html.
+
+WWW: https://github.com/lpomfrey/django-debreach