actual functions

DESCRIPTION

@@ -22,5 +22,8 @@ Suggests:
 Depends:
     R (>= 3.2.0),
     rJava
+Imports:
+    httr,
+    magrittr
 Roxygen: list(markdown = TRUE)
 RoxygenNote: 6.1.1

NAMESPACE

@@ -1,3 +1,30 @@
 # Generated by roxygen2: do not edit by hand
 
+S3method(as.data.frame,csp)
+export("%>%")
+export(allows_child_from_source)
+export(allows_connect_to)
+export(allows_font_from_source)
+export(allows_form_action)
+export(allows_frame_ancestor)
+export(allows_frame_from_source)
+export(allows_manifest_from_source)
+export(allows_media_from_source)
+export(allows_navigation)
+export(allows_object_from_source)
+export(allows_prefetch_from_source)
+export(allows_script_from_source)
+export(allows_script_with_nonce)
+export(allows_style_from_source)
+export(allows_style_with_nonce)
+export(allows_unsafe_inline_script)
+export(allows_unsafe_inline_style)
+export(allows_worker_from_source)
+export(fetch_csp)
+export(parse_csp)
+export(validate_csp)
 import(rJava)
+importFrom(httr,GET)
+importFrom(httr,HEAD)
+importFrom(httr,warn_for_status)
+importFrom(magrittr,"%>%")

R/allows.R

@@ -0,0 +1,158 @@
+#' Tests for what a parsed CSP allows
+#'
+#' @name csp_allows
+NULL
+
+#' @param csp a `csp` object created with [fetch_csp()] or [parse_csp()]
+#' @param URL source or destination URL
+#' @param nonce a [cryptographic nonce](https://html.spec.whatwg.org/multipage/urls-and-fetching.html#attr-nonce)
+#' @rdname csp_allows
+#' @return logical
+#' @references [Content Security Policy Level 3](https://www.w3.org/TR/CSP3/)
+#' @export
+allows_child_from_source <- function(csp, URL) {
+  URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
+  csp[["policy"]]$allowsChildFromSource(URL)
+}
+
+#' @rdname csp_allows
+#' @export
+allows_connect_to <- function(csp, URL) {
+  URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
+  csp[["policy"]]$allowsConnectTo()
+}
+
+#' @rdname csp_allows
+#' @export
+allows_font_from_source <- function(csp, URL) {
+  URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
+  csp[["policy"]]$allowsFontFromSource()
+}
+
+#' @rdname csp_allows
+#' @export
+allows_form_action <- function(csp, URL) {
+  URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
+  csp[["policy"]]$allowsFormAction()
+}
+
+#' @rdname csp_allows
+#' @export
+allows_frame_ancestor <- function(csp, URL) {
+  URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
+  csp[["policy"]]$allowsFrameAncestor()
+}
+
+#' @rdname csp_allows
+#' @export
+allows_frame_from_source <- function(csp, URL) {
+  URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
+  csp[["policy"]]$allowsFrameFromSource()
+}
+
+allows_img_from_source <- function(csp, URL) {
+  URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
+  csp[["policy"]]$allowsImgFromSource()
+}
+
+#' @rdname csp_allows
+#' @export
+allows_manifest_from_source <- function(csp, URL) {
+  URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
+  csp[["policy"]]$allowsManifestFromSource()
+}
+
+#' @rdname csp_allows
+#' @export
+allows_media_from_source <- function(csp, URL) {
+  URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
+  csp[["policy"]]$allowsMediaFromSource()
+}
+
+#' @rdname csp_allows
+#' @export
+allows_navigation <- function(csp, URL) {
+  URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
+  csp[["policy"]]$allowsNavigation()
+}
+
+#' @rdname csp_allows
+#' @export
+allows_object_from_source <- function(csp, URL) {
+  URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
+  csp[["policy"]]$allowsObjectFromSource()
+}
+
+# #' @rdname csp_allows
+# #' @export
+# allows_plugin <- function(csp) {
+#   allowsPlugin()
+# }
+
+#' @rdname csp_allows
+#' @export
+allows_prefetch_from_source <- function(csp, URL) {
+  URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
+  csp[["policy"]]$allowsPrefetchFromSource()
+}
+
+#' @rdname csp_allows
+#' @export
+allows_script_from_source <- function(csp, URL) {
+  URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
+  csp[["policy"]]$allowsScriptFromSource()
+}
+
+# #' @rdname csp_allows
+# #' @export
+# allows_script_with_hash <- function(csp) {
+#   allowsScriptWithHash()
+# }
+
+#' @rdname csp_allows
+#' @export
+allows_script_with_nonce <- function(csp, nonce) {
+  csp[["policy"]]$allowsScriptWithNonce(nonce)
+}
+
+#' @rdname csp_allows
+#' @export
+allows_style_from_source <- function(csp, URL) {
+  URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
+  csp[["policy"]]$allowsStyleFromSource()
+}
+
+# #' @rdname csp_allows
+# #' @export
+# allows_style_with_hash <- function(csp) {
+#   allowsStyleWithHash()
+# }
+
+#' @rdname csp_allows
+#' @export
+allows_style_with_nonce <- function(csp, nonce) {
+  csp[["policy"]]$allowsStyleWithNonce(nonce)
+}
+
+#' @rdname csp_allows
+#' @export
+allows_unsafe_inline_script <- function(csp) {
+  csp[["policy"]]$allowsUnsafeInlineScript()
+}
+
+#' @rdname csp_allows
+#' @export
+allows_unsafe_inline_style <- function(csp) {
+  csp[["policy"]]$allowsUnsafeInlineStyle()
+}
+
+#' @rdname csp_allows
+#' @export
+allows_worker_from_source <- function(csp, URL) {
+  URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
+  csp[["policy"]]$allowsWorkerFromSource()
+}
+
+# allows_attribute_with_hash <- function(csp) {
+#   allowsAttributeWithHash()
+# }

R/csp-validate.R

@@ -0,0 +1,84 @@
+#' Validate a CSP
+#'
+#' Validates a content security policy. If policy problems are found
+#' a data frame of information notes, warnings and errors is returned
+#' with the specific locations of the issues in the original CSP string.
+#'
+#' @param csp a `csp` object created with [fetch_csp()] or [parse_csp()]
+#' @return data frame
+#' @export
+validate_csp <- function(csp) {
+
+  Notice <- J("com.shapesecurity.salvation.data.Notice")
+
+  app <- J("is.rud.crsspy.App")
+
+  p <- csp[["policy"]]
+
+  x <- app$get_notices(p$show(), csp[["origin"]])
+
+  errs <- Notice$getAllErrors(x)
+  info <- Notice$getAllInfos(x)
+  warn <- Notice$getAllWarnings(x)
+
+  e <- errs$toArray()
+  do.call(
+    rbind.data.frame,
+    lapply(e, function(.x) {
+      data.frame(
+        message = .x$message,
+        type = .x$type$toString(),
+        start_line = .x$startLocation$line,
+        start_column = .x$startLocation$column,
+        start_offset = .x$startLocation$offset,
+        end_line = .x$endLocation$line,
+        end_column = .x$endLocation$column,
+        end_offset = .x$endLocation$offset,
+        stringsAsFactors = FALSE
+      )
+    })
+  ) -> edf
+
+  i <- info$toArray()
+  do.call(
+    rbind.data.frame,
+    lapply(i, function(.x) {
+      data.frame(
+        message = .x$message,
+        type = .x$type$toString(),
+        start_line = .x$startLocation$line,
+        start_column = .x$startLocation$column,
+        start_offset = .x$startLocation$offset,
+        end_line = .x$endLocation$line,
+        end_column = .x$endLocation$column,
+        end_offset = .x$endLocation$offset,
+        stringsAsFactors = FALSE
+      )
+    })
+  ) -> idf
+
+  w <- warn$toArray()
+  do.call(
+    rbind.data.frame,
+    lapply(w, function(.x) {
+      data.frame(
+        message = .x$message,
+        type = .x$type$toString(),
+        start_line = .x$startLocation$line,
+        start_column = .x$startLocation$column,
+        start_offset = .x$startLocation$offset,
+        end_line = .x$endLocation$line,
+        end_column = .x$endLocation$column,
+        end_offset = .x$endLocation$offset,
+        stringsAsFactors = FALSE
+      )
+    })
+  ) -> wdf
+
+  out <- do.call(rbind.data.frame, list(edf, wdf, idf))
+
+  class(out) <- c("tbl_df", "tbl", "data.frame")
+
+  out
+
+}

R/crsspy-package.R → R/cspy-package.R

@@ -1,7 +1,7 @@
 #' Content Security Policy Decomposer & Evaluator
 #'
-#' - URL: <https://gitlab.com/hrbrmstr/crsspy>
-#' - BugReports: <https://gitlab.com/hrbrmstr/crsspy/issues>
+#' - URL: <https://gitlab.com/hrbrmstr/cspy>
+#' - BugReports: <https://gitlab.com/hrbrmstr/cspy/issues>
 #' - Javadoc: <https://www.javadoc.io/doc/com.shapesecurity/salvation/2.6.0>
 #'
 #' @md
@@ -10,4 +10,6 @@
 #' @keywords internal
 #' @author Bob Rudis (bob@@rud.is)
 #' @import rJava
+#' @importFrom httr GET HEAD warn_for_status
+#' @references [Content Security Policy Level 3](https://www.w3.org/TR/CSP3/)
 NULL

R/parse-csp-text.R

@@ -0,0 +1,111 @@
+#' Fetch and/or parse a content security policy header value
+#'
+#' Use [fetch_csp()] to load & parse a CSP from a remote site. Use [parse_csp()]
+#' to parse an already fetched or composed CSP.
+#'
+#' @param csp_text length 1 character vector containing CSP text
+#' @param origin_url site to fetch CSP from or to use when just parsing a
+#'        plain text (possibly already fetched) CSP
+#' @param method method to use fetch CSP (sites may change headers returned
+#'        depending on the method used)
+#' @references [Content Security Policy Level 3](https://www.w3.org/TR/CSP3/)
+#' @export
+parse_csp <- function(csp_text, origin_url) {
+
+  ParserWithLocation <- J("com.shapesecurity.salvation.ParserWithLocation")
+
+  list(
+    policy = ParserWithLocation$parse(csp_text, origin_url),
+    origin = origin_url
+  ) -> p
+
+
+  class(p) <- c("csp")
+
+  p
+
+}
+
+#' @rdname parse_csp
+#' @export
+fetch_csp <- function(origin_url, method = c("head", "get")) {
+
+  method <- match.arg(tolower(method), c("head", "get"))
+
+  r <- if (method == "head") httr::HEAD(origin_url) else httr::GET(origin_url)
+
+  httr::warn_for_status(r)
+
+  h <- httr::headers(r)
+
+  csp <- h[["content-security-policy"]]
+
+  if (length(csp) == 0) {
+    stop("Content-Security-Policy header not found at ", origin_url, call.=FALSE)
+  }
+
+  p <- parse_csp(csp, origin_url)
+
+  p[["origin"]] <- origin_url
+
+  p
+
+}
+
+# #' Update an origin in a `csp` object
+# #'
+# #' @param csp a `csp` object created with [fetch_csp()] or [parse_csp()]
+# #' @param origin_url origin URL
+# #' @return `csp` object
+# #' @export
+# set_origin <- function(csp, origin_url) {
+#
+#   csp[["origin"]] <- origin_url
+#
+#   csp
+#
+# }
+
+#' Convert a parsed CSP into a data frame of directives and values
+#'
+#' @param x a `csp` object created with [fetch_csp()] or [parse_csp()]
+#' @param include_origin if the `csp` object has an origin URL should
+#'        it be included in the data frame? Default: `TRUE`
+#' @param ... ignored
+#' @references [Content Security Policy Level 3](https://www.w3.org/TR/CSP3/)
+#' @export
+as.data.frame.csp <- function(x, include_origin = TRUE, ...) {
+
+  p <- x$policy
+  d <- p$getDirectives()
+
+  do.call(
+    rbind.data.frame,
+    lapply(d$toArray(), function(.x) {
+      data.frame(
+        directive = .x$name,
+        value = sapply(.x$values()$toArray(), function(.y) .y$show()),
+        stringsAsFactors = FALSE
+      )
+    })
+  ) -> xdf
+
+  if ((!is.na(x$origin)) && include_origin) xdf[["origin"]] <- x$origin
+
+  class(xdf) <- c("tbl_df", "tbl", "data.frame")
+
+  xdf
+
+}
+
+
+
+
+
+
+
+
+
+
+
+

R/utils-pipe.R

@@ -0,0 +1,11 @@
+#' Pipe operator
+#'
+#' See \code{magrittr::\link[magrittr]{\%>\%}} for details.
+#'
+#' @name %>%
+#' @rdname pipe
+#' @keywords internal
+#' @export
+#' @importFrom magrittr %>%
+#' @usage lhs \%>\% rhs
+NULL

java/cspy/target/maven-archiver/pom.properties

@@ -0,0 +1,4 @@
+#Created by Apache Maven 3.6.0
+version=1.0-SNAPSHOT
+groupId=is.rud.cspy
+artifactId=cspy

java/cspy/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst

@@ -0,0 +1 @@
+is/rud/crsspy/App.class

java/cspy/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst

@@ -0,0 +1 @@
+/Users/bob/packages/cspy/java/cspy/src/main/java/is/rud/cspy/App.java

java/cspy/target/maven-status/maven-compiler-plugin/testCompile/default-testCompile/inputFiles.lst

@@ -0,0 +1 @@
+/Users/bob/packages/cspy/java/cspy/src/test/java/is/rud/crsspy/AppTest.java

java/cspy/target/surefire-reports/TEST-is.rud.crsspy.AppTest.xml

@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<testsuite xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://maven.apache.org/surefire/maven-surefire-plugin/xsd/surefire-test-report.xsd" name="is.rud.crsspy.AppTest" time="0.047" tests="1" errors="0" skipped="0" failures="0">
+  <properties>
+    <property name="gopherProxySet" value="false"/>
+    <property name="awt.toolkit" value="sun.lwawt.macosx.LWCToolkit"/>
+    <property name="file.encoding.pkg" value="sun.io"/>
+    <property name="java.specification.version" value="1.8"/>
+    <property name="sun.cpu.isalist" value=""/>
+    <property name="sun.jnu.encoding" value="UTF-8"/>
+    <property name="java.class.path" value="/Users/bob/packages/cspy/java/cspy/target/test-classes:/Users/bob/packages/cspy/java/cspy/target/classes:/Users/bob/.m2/repository/com/shapesecurity/salvation/2.6.0/salvation-2.6.0.jar:/Users/bob/.m2/repository/junit/junit/4.11/junit-4.11.jar:/Users/bob/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar:"/>
+    <property name="java.vm.vendor" value="Oracle Corporation"/>
+    <property name="sun.arch.data.model" value="64"/>
+    <property name="java.vendor.url" value="http://java.oracle.com/"/>
+    <property name="user.timezone" value=""/>
+    <property name="java.vm.specification.version" value="1.8"/>
+    <property name="os.name" value="Mac OS X"/>
+    <property name="user.country" value="US"/>
+    <property name="sun.java.launcher" value="SUN_STANDARD"/>
+    <property name="sun.boot.library.path" value="/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib"/>
+    <property name="sun.java.command" value="/Users/bob/packages/cspy/java/cspy/target/surefire/surefirebooter5112374241955296958.jar /Users/bob/packages/cspy/java/cspy/target/surefire 2019-03-09T07-09-43_376-jvmRun1 surefire2087841056108485914tmp surefire_03135102536400349586tmp"/>
+    <property name="http.nonProxyHosts" value="local|*.local|169.254/16|*.169.254/16"/>
+    <property name="surefire.test.class.path" value="/Users/bob/packages/cspy/java/cspy/target/test-classes:/Users/bob/packages/cspy/java/cspy/target/classes:/Users/bob/.m2/repository/com/shapesecurity/salvation/2.6.0/salvation-2.6.0.jar:/Users/bob/.m2/repository/junit/junit/4.11/junit-4.11.jar:/Users/bob/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar:"/>
+    <property name="sun.cpu.endian" value="little"/>
+    <property name="user.home" value="/Users/bob"/>
+    <property name="user.language" value="en"/>
+    <property name="java.specification.vendor" value="Oracle Corporation"/>
+    <property name="java.home" value="/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre"/>
+    <property name="basedir" value="/Users/bob/packages/cspy/java/cspy"/>
+    <property name="file.separator" value="/"/>
+    <property name="line.separator" value="&#10;"/>
+    <property name="java.vm.specification.vendor" value="Oracle Corporation"/>
+    <property name="java.specification.name" value="Java Platform API Specification"/>
+    <property name="java.awt.graphicsenv" value="sun.awt.CGraphicsEnvironment"/>
+    <property name="surefire.real.class.path" value="/Users/bob/packages/cspy/java/cspy/target/surefire/surefirebooter5112374241955296958.jar"/>
+    <property name="sun.boot.class.path" value="/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/resources.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/rt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/sunrsasign.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/jsse.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/jce.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/charsets.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/jfr.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/classes"/>
+    <property name="sun.management.compiler" value="HotSpot 64-Bit Tiered Compilers"/>
+    <property name="ftp.nonProxyHosts" value="local|*.local|169.254/16|*.169.254/16"/>
+    <property name="java.runtime.version" value="1.8.0_121-b13"/>
+    <property name="user.name" value="bob"/>
+    <property name="path.separator" value=":"/>
+    <property name="os.version" value="10.14.4"/>
+    <property name="java.endorsed.dirs" value="/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/endorsed"/>
+    <property name="java.runtime.name" value="Java(TM) SE Runtime Environment"/>
+    <property name="file.encoding" value="UTF-8"/>
+    <property name="java.vm.name" value="Java HotSpot(TM) 64-Bit Server VM"/>
+    <property name="localRepository" value="/Users/bob/.m2/repository"/>
+    <property name="java.vendor.url.bug" value="http://bugreport.sun.com/bugreport/"/>
+    <property name="java.io.tmpdir" value="/var/folders/9g/ptzggj090rv89mwc7nrhhfhh0000gn/T/"/>
+    <property name="java.version" value="1.8.0_121"/>
+    <property name="user.dir" value="/Users/bob/packages/cspy/java/cspy"/>
+    <property name="os.arch" value="x86_64"/>
+    <property name="java.vm.specification.name" value="Java Virtual Machine Specification"/>
+    <property name="java.awt.printerjob" value="sun.lwawt.macosx.CPrinterJob"/>
+    <property name="sun.os.patch.level" value="unknown"/>
+    <property name="java.library.path" value="/Users/bob/Library/Java/Extensions:/Library/Java/Extensions:/Network/Library/Java/Extensions:/System/Library/Java/Extensions:/usr/lib/java:."/>
+    <property name="java.vm.info" value="mixed mode"/>
+    <property name="java.vendor" value="Oracle Corporation"/>
+    <property name="java.vm.version" value="25.121-b13"/>
+    <property name="java.ext.dirs" value="/Users/bob/Library/Java/Extensions:/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/ext:/Library/Java/Extensions:/Network/Library/Java/Extensions:/System/Library/Java/Extensions:/usr/lib/java"/>
+    <property name="sun.io.unicode.encoding" value="UnicodeBig"/>
+    <property name="java.class.version" value="52.0"/>
+    <property name="socksNonProxyHosts" value="local|*.local|169.254/16|*.169.254/16"/>
+  </properties>
+  <testcase name="shouldAnswerWithTrue" classname="is.rud.crsspy.AppTest" time="0"/>
+</testsuite>

java/cspy/target/surefire-reports/is.rud.crsspy.AppTest.txt

@@ -0,0 +1,4 @@
+-------------------------------------------------------------------------------
+Test set: is.rud.crsspy.AppTest
+-------------------------------------------------------------------------------
+Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.047 s - in is.rud.crsspy.AppTest

man/as.data.frame.csp.Rd

@@ -0,0 +1,22 @@
+% Generated by roxygen2: do not edit by hand
+% Please edit documentation in R/parse-csp-text.R
+\name{as.data.frame.csp}
+\alias{as.data.frame.csp}
+\title{Convert a parsed CSP into a data frame of directives and values}
+\usage{
+\method{as.data.frame}{csp}(x, include_origin = TRUE, ...)
+}
+\arguments{
+\item{x}{a \code{csp} object created with \code{\link[=fetch_csp]{fetch_csp()}} or \code{\link[=parse_csp]{parse_csp()}}}
+
+\item{include_origin}{if the \code{csp} object has an origin URL should
+it be included in the data frame? Default: \code{TRUE}}
+
+\item{...}{ignored}
+}
+\description{
+Convert a parsed CSP into a data frame of directives and values
+}
+\references{
+\href{https://www.w3.org/TR/CSP3/}{Content Security Policy Level 3}
+}

man/crsspy.Rd

@@ -1,5 +1,5 @@
 % Generated by roxygen2: do not edit by hand
-% Please edit documentation in R/crsspy-package.R
+% Please edit documentation in R/cspy-package.R
 \docType{package}
 \name{crsspy}
 \alias{crsspy}
@@ -7,11 +7,14 @@
 \title{Content Security Policy Decomposer & Evaluator}
 \description{
 \itemize{
-\item URL: \url{https://gitlab.com/hrbrmstr/crsspy}
-\item BugReports: \url{https://gitlab.com/hrbrmstr/crsspy/issues}
+\item URL: \url{https://gitlab.com/hrbrmstr/cspy}
+\item BugReports: \url{https://gitlab.com/hrbrmstr/cspy/issues}
 \item Javadoc: \url{https://www.javadoc.io/doc/com.shapesecurity/salvation/2.6.0}
 }
 }
+\references{
+\href{https://www.w3.org/TR/CSP3/}{Content Security Policy Level 3}
+}
 \author{
 Bob Rudis (bob@rud.is)
 }

man/csp_allows.Rd

@@ -0,0 +1,76 @@
+% Generated by roxygen2: do not edit by hand
+% Please edit documentation in R/allows.R
+\name{csp_allows}
+\alias{csp_allows}
+\alias{allows_child_from_source}
+\alias{allows_connect_to}
+\alias{allows_font_from_source}
+\alias{allows_form_action}
+\alias{allows_frame_ancestor}
+\alias{allows_frame_from_source}
+\alias{allows_manifest_from_source}
+\alias{allows_media_from_source}
+\alias{allows_navigation}
+\alias{allows_object_from_source}
+\alias{allows_prefetch_from_source}
+\alias{allows_script_from_source}
+\alias{allows_script_with_nonce}
+\alias{allows_style_from_source}
+\alias{allows_style_with_nonce}
+\alias{allows_unsafe_inline_script}
+\alias{allows_unsafe_inline_style}
+\alias{allows_worker_from_source}
+\title{Tests for what a parsed CSP allows}
+\usage{
+allows_child_from_source(csp, URL)
+
+allows_connect_to(csp, URL)
+
+allows_font_from_source(csp, URL)
+
+allows_form_action(csp, URL)
+
+allows_frame_ancestor(csp, URL)
+
+allows_frame_from_source(csp, URL)
+
+allows_manifest_from_source(csp, URL)
+
+allows_media_from_source(csp, URL)
+
+allows_navigation(csp, URL)
+
+allows_object_from_source(csp, URL)
+
+allows_prefetch_from_source(csp, URL)
+
+allows_script_from_source(csp, URL)
+
+allows_script_with_nonce(csp, nonce)
+
+allows_style_from_source(csp, URL)
+
+allows_style_with_nonce(csp, nonce)
+
+allows_unsafe_inline_script(csp)
+
+allows_unsafe_inline_style(csp)
+
+allows_worker_from_source(csp, URL)
+}
+\arguments{
+\item{csp}{a \code{csp} object created with \code{\link[=fetch_csp]{fetch_csp()}} or \code{\link[=parse_csp]{parse_csp()}}}
+
+\item{URL}{source or destination URL}
+
+\item{nonce}{a \href{https://html.spec.whatwg.org/multipage/urls-and-fetching.html#attr-nonce}{cryptographic nonce}}
+}
+\value{
+logical
+}
+\description{
+Tests for what a parsed CSP allows
+}
+\references{
+\href{https://www.w3.org/TR/CSP3/}{Content Security Policy Level 3}
+}

man/parse_csp.Rd

@@ -0,0 +1,27 @@
+% Generated by roxygen2: do not edit by hand
+% Please edit documentation in R/parse-csp-text.R
+\name{parse_csp}
+\alias{parse_csp}
+\alias{fetch_csp}
+\title{Fetch and/or parse a content security policy header value}
+\usage{
+parse_csp(csp_text, origin_url)
+
+fetch_csp(origin_url, method = c("head", "get"))
+}
+\arguments{
+\item{csp_text}{length 1 character vector containing CSP text}
+
+\item{origin_url}{site to fetch CSP from or to use when just parsing a
+plain text (possibly already fetched) CSP}
+
+\item{method}{method to use fetch CSP (sites may change headers returned
+depending on the method used)}
+}
+\description{
+Use \code{\link[=fetch_csp]{fetch_csp()}} to load & parse a CSP from a remote site. Use \code{\link[=parse_csp]{parse_csp()}}
+to parse an already fetched or composed CSP.
+}
+\references{
+\href{https://www.w3.org/TR/CSP3/}{Content Security Policy Level 3}
+}

man/pipe.Rd

@@ -0,0 +1,12 @@
+% Generated by roxygen2: do not edit by hand
+% Please edit documentation in R/utils-pipe.R
+\name{\%>\%}
+\alias{\%>\%}
+\title{Pipe operator}
+\usage{
+lhs \%>\% rhs
+}
+\description{
+See \code{magrittr::\link[magrittr]{\%>\%}} for details.
+}
+\keyword{internal}

man/validate_csp.Rd

@@ -0,0 +1,19 @@
+% Generated by roxygen2: do not edit by hand
+% Please edit documentation in R/csp-validate.R
+\name{validate_csp}
+\alias{validate_csp}
+\title{Validate a CSP}
+\usage{
+validate_csp(csp)
+}
+\arguments{
+\item{csp}{a \code{csp} object created with \code{\link[=fetch_csp]{fetch_csp()}} or \code{\link[=parse_csp]{parse_csp()}}}
+}
+\value{
+data frame
+}
+\description{
+Validates a content security policy. If policy problems are found
+a data frame of information notes, warnings and errors is returned
+with the specific locations of the issues in the original CSP string.
+}