knitr::opts_chunk$set(collapse=TRUE, fig.retina=2, message=FALSE, warning=FALSE) options(width=120)
Content Security Policy Decomposer & Evaluator
Methods are provided to decompose, display, and validate content security policy header values. Wraps the 'Shape Security' 'salvation' Java library (https://github.com/shapesecurity/salvation). Package version tracks 'salvation' Java archive version.
The following functions are implemented:
Core:
fetch_csp
: Fetch and/or parse a content security policy header valuehas_csp
: Does a URL have a content security policy?parse_csp
: Fetch and/or parse a content security policy header valuevalidate_csp
: Validate a CSPas.data.frame.csp
: Convert a parsed CSP into a data frame of directives and valuesSecurity/Safety Checks:
check_deprecated
: Tests for insecure CSP settingscheck_ip_source
: Tests for insecure CSP settingscheck_missing_directives
: Tests for insecure CSP settingscheck_nonce_length
: Tests for insecure CSP settingscheck_plain_url_schemes
: Tests for insecure CSP settingscheck_script_unsafe_eval
: Tests for insecure CSP settingscheck_script_unsafe_inline
: Tests for insecure CSP settingscheck_src_http
: Tests for insecure CSP settingscheck_wildcards
: Tests for insecure CSP settingsTesters:
allows_child_from_source
: Tests for what a parsed CSP allowsallows_connect_to
: Tests for what a parsed CSP allowsallows_font_from_source
: Tests for what a parsed CSP allowsallows_form_action
: Tests for what a parsed CSP allowsallows_frame_ancestor
: Tests for what a parsed CSP allowsallows_frame_from_source
: Tests for what a parsed CSP allowsallows_manifest_from_source
: Tests for what a parsed CSP allowsallows_media_from_source
: Tests for what a parsed CSP allowsallows_navigation
: Tests for what a parsed CSP allowsallows_object_from_source
: Tests for what a parsed CSP allowsallows_prefetch_from_source
: Tests for what a parsed CSP allowsallows_script_from_source
: Tests for what a parsed CSP allowsallows_script_with_nonce
: Tests for what a parsed CSP allowsallows_style_from_source
: Tests for what a parsed CSP allowsallows_style_with_nonce
: Tests for what a parsed CSP allowsallows_unsafe_inline_script
: Tests for what a parsed CSP allowsallows_unsafe_inline_style
: Tests for what a parsed CSP allowsallows_worker_from_source
: Tests for what a parsed CSP allowsinstall.packages("cspy", repos = "https://cinc.rud.is/")
library(cspy) library(tibble) # for printing # current version packageVersion("cspy")
has_csp("https://community.rstudio.com") csp <- fetch_csp("https://community.rstudio.com") csp (csp_df <- as.data.frame(csp)) allows_unsafe_inline_script(csp) check_deprecated(csp_df) check_ip_source(csp_df) check_missing_directives(csp_df) check_nonce_length(csp_df) check_plain_url_schemes(csp_df) check_script_unsafe_eval(csp_df) check_script_unsafe_inline(csp_df) check_src_http(csp_df) check_wildcards(csp_df)
cloc::cloc_pkg_md()
Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.