Browse Source

improvements

master
boB Rudis 5 years ago
parent
commit
34b8635a33
No known key found for this signature in database GPG Key ID: 1D7529BE14E2BBA9
  1. 1
      NAMESPACE
  2. 17
      R/aaa.R
  3. 6
      R/findings.R
  4. 16
      man/valid_csp_directives.Rd

1
NAMESPACE

@ -35,6 +35,7 @@ export(check_wildcards)
export(fetch_csp)
export(has_csp)
export(parse_csp)
export(valid_csp_directives)
export(validate_csp)
import(rJava)
importFrom(httr,GET)

17
R/aaa.R

@ -0,0 +1,17 @@
#' Valid CSP Directives
#'
#' A character vector of valid CSP directives as per
#' Content Security Policy Level 3 W3C Working Draft, 15 October 2018
#' (<https://www.w3.org/TR/CSP3/#iana-registry>).
#'
#' @docType data
#' @keywords datasets
#' @export
c(
"base-uri", "block-all-mixed-content", "child-src", "connect-src",
"default-src", "font-src", "form-action", "frame-ancestors", "frame-src",
"img-src", "manifest-src", "media-src", "object-src", "prefetch-src",
"plugin-types", "report-uri", "report-to", "require-sri-for", "sandbox",
"script-src", "script-src-attr", "script-src-elem", "style-src",
"style-src-attr", "style-src-elem", "upgrade-insecure-requests", "worker-src"
) -> valid_csp_directives

6
R/findings.R

@ -150,12 +150,12 @@ check_missing_directives <- function(csp_df) {
}
if (object_src_not_none) {
if (nrow(none) == 0) none <- data.frame(directive = "object-src", value = NA_character_)
if (nrow(object_src) == 0) object_src <- data.frame(directive = "object-src", value = NA_character_)
findings[[length(findings)+1]] <- mk_finding(
category = "missing-directive",
category = "weak-directive",
severity = "POSSIBLY-HIGH",
message = "Can you restrict object-src to 'none'?",
where = none
where = object_src
)
}

16
man/valid_csp_directives.Rd

@ -0,0 +1,16 @@
% Generated by roxygen2: do not edit by hand
% Please edit documentation in R/aaa.R
\docType{data}
\name{valid_csp_directives}
\alias{valid_csp_directives}
\title{Valid CSP Directives}
\format{An object of class \code{character} of length 27.}
\usage{
valid_csp_directives
}
\description{
A character vector of valid CSP directives as per
Content Security Policy Level 3 W3C Working Draft, 15 October 2018
(\url{https://www.w3.org/TR/CSP3/#iana-registry}).
}
\keyword{datasets}
Loading…
Cancel
Save