Monitoring and Alerting During Transition

2 min read Web Security Fundamentals

Monitoring and Alerting During Transition

Implementing robust monitoring during the transition phase is critical:

// CSP Transition Monitor
class CSPTransitionMonitor {
  constructor(alertingService) {
    this.alertingService = alertingService;
    this.metrics = {
      violations: [],
      errors: [],
      performance: []
    };
    this.thresholds = {
      violationSpike: 2.0, // 2x normal rate
      errorRate: 0.001, // 0.1% error rate
      performanceDegradation: 50 // 50ms increase
    };
  }
  
  monitorTransition() {
    // Real-time violation monitoring
    this.setupViolationMonitoring();
    
    // Application error monitoring
    this.setupErrorMonitoring();
    
    // Performance monitoring
    this.setupPerformanceMonitoring();
    
    // Automated rollback system
    this.setupRollbackSystem();
  }
  
  setupViolationMonitoring() {
    setInterval(() => {
      const recentViolations = this.getRecentViolations(5); // Last 5 minutes
      const violationRate = recentViolations.length / 5; // Per minute
      
      if (violationRate > this.getBaselineRate() * this.thresholds.violationSpike) {
        this.alertingService.sendAlert({
          severity: 'high',
          title: 'CSP Violation Spike Detected',
          details: {
            currentRate: violationRate,
            baseline: this.getBaselineRate(),
            topViolations: this.getTopViolations(recentViolations)
          },
          action: 'Review CSP policy for potential issues'
        });
      }
    }, 60000); // Check every minute
  }
  
  setupErrorMonitoring() {
    // Monitor JavaScript errors that might be CSP-related
    const errorHandler = (error) => {
      if (this.isCSPRelatedError(error)) {
        this.metrics.errors.push({
          timestamp: Date.now(),
          error: error.message,
          stack: error.stack,
          url: error.filename,
          line: error.lineno
        });
        
        this.checkErrorThreshold();
      }
    };
    
    // Client-side error tracking
    if (typeof window !== 'undefined') {
      window.addEventListener('error', errorHandler);
    }
  }
  
  isCSPRelatedError(error) {
    const cspErrorPatterns = [
      'Content Security Policy',
      'CSP',
      'blocked by CSP',
      'violates the following Content Security Policy'
    ];
    
    return cspErrorPatterns.some(pattern => 
      error.message.includes(pattern)
    );
  }
  
  setupRollbackSystem() {
    this.rollbackTriggers = {
      checkInterval: 300000, // 5 minutes
      conditions: [
        () => this.getErrorRate() > this.thresholds.errorRate,
        () => this.getViolationRate() > this.getBaselineRate() * 3,
        () => this.getPerformanceDegradation() > this.thresholds.performanceDegradation
      ]
    };
    
    setInterval(() => {
      if (this.shouldTriggerRollback()) {
        this.executeRollback();
      }
    }, this.rollbackTriggers.checkInterval);
  }
  
  shouldTriggerRollback() {
    return this.rollbackTriggers.conditions.some(condition => condition());
  }
  
  executeRollback() {
    this.alertingService.sendAlert({
      severity: 'critical',
      title: 'CSP Rollback Triggered',
      details: {
        errorRate: this.getErrorRate(),
        violationRate: this.getViolationRate(),
        performanceImpact: this.getPerformanceDegradation()
      },
      action: 'Automatically rolling back to report-only mode'
    });
    
    // Execute rollback
    this.switchToReportOnly();
  }
}