Browse Source

actual functions

master
boB Rudis 5 years ago
parent
commit
dd33ebc81e
No known key found for this signature in database GPG Key ID: 1D7529BE14E2BBA9
  1. 3
      DESCRIPTION
  2. 27
      NAMESPACE
  3. 158
      R/allows.R
  4. 84
      R/csp-validate.R
  5. 6
      R/cspy-package.R
  6. 111
      R/parse-csp-text.R
  7. 11
      R/utils-pipe.R
  8. BIN
      inst/java/cspy-1.0-SNAPSHOT.jar
  9. BIN
      java/cspy/target/classes/is/rud/crsspy/App.class
  10. BIN
      java/cspy/target/cspy-1.0-SNAPSHOT.jar
  11. 4
      java/cspy/target/maven-archiver/pom.properties
  12. 1
      java/cspy/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst
  13. 1
      java/cspy/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst
  14. 0
      java/cspy/target/maven-status/maven-compiler-plugin/testCompile/default-testCompile/createdFiles.lst
  15. 1
      java/cspy/target/maven-status/maven-compiler-plugin/testCompile/default-testCompile/inputFiles.lst
  16. 65
      java/cspy/target/surefire-reports/TEST-is.rud.crsspy.AppTest.xml
  17. 4
      java/cspy/target/surefire-reports/is.rud.crsspy.AppTest.txt
  18. BIN
      java/cspy/target/test-classes/is/rud/crsspy/AppTest.class
  19. 22
      man/as.data.frame.csp.Rd
  20. 9
      man/crsspy.Rd
  21. 76
      man/csp_allows.Rd
  22. 27
      man/parse_csp.Rd
  23. 12
      man/pipe.Rd
  24. 19
      man/validate_csp.Rd

3
DESCRIPTION

@ -22,5 +22,8 @@ Suggests:
Depends:
R (>= 3.2.0),
rJava
Imports:
httr,
magrittr
Roxygen: list(markdown = TRUE)
RoxygenNote: 6.1.1

27
NAMESPACE

@ -1,3 +1,30 @@
# Generated by roxygen2: do not edit by hand
S3method(as.data.frame,csp)
export("%>%")
export(allows_child_from_source)
export(allows_connect_to)
export(allows_font_from_source)
export(allows_form_action)
export(allows_frame_ancestor)
export(allows_frame_from_source)
export(allows_manifest_from_source)
export(allows_media_from_source)
export(allows_navigation)
export(allows_object_from_source)
export(allows_prefetch_from_source)
export(allows_script_from_source)
export(allows_script_with_nonce)
export(allows_style_from_source)
export(allows_style_with_nonce)
export(allows_unsafe_inline_script)
export(allows_unsafe_inline_style)
export(allows_worker_from_source)
export(fetch_csp)
export(parse_csp)
export(validate_csp)
import(rJava)
importFrom(httr,GET)
importFrom(httr,HEAD)
importFrom(httr,warn_for_status)
importFrom(magrittr,"%>%")

158
R/allows.R

@ -0,0 +1,158 @@
#' Tests for what a parsed CSP allows
#'
#' @name csp_allows
NULL
#' @param csp a `csp` object created with [fetch_csp()] or [parse_csp()]
#' @param URL source or destination URL
#' @param nonce a [cryptographic nonce](https://html.spec.whatwg.org/multipage/urls-and-fetching.html#attr-nonce)
#' @rdname csp_allows
#' @return logical
#' @references [Content Security Policy Level 3](https://www.w3.org/TR/CSP3/)
#' @export
allows_child_from_source <- function(csp, URL) {
URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
csp[["policy"]]$allowsChildFromSource(URL)
}
#' @rdname csp_allows
#' @export
allows_connect_to <- function(csp, URL) {
URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
csp[["policy"]]$allowsConnectTo()
}
#' @rdname csp_allows
#' @export
allows_font_from_source <- function(csp, URL) {
URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
csp[["policy"]]$allowsFontFromSource()
}
#' @rdname csp_allows
#' @export
allows_form_action <- function(csp, URL) {
URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
csp[["policy"]]$allowsFormAction()
}
#' @rdname csp_allows
#' @export
allows_frame_ancestor <- function(csp, URL) {
URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
csp[["policy"]]$allowsFrameAncestor()
}
#' @rdname csp_allows
#' @export
allows_frame_from_source <- function(csp, URL) {
URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
csp[["policy"]]$allowsFrameFromSource()
}
allows_img_from_source <- function(csp, URL) {
URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
csp[["policy"]]$allowsImgFromSource()
}
#' @rdname csp_allows
#' @export
allows_manifest_from_source <- function(csp, URL) {
URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
csp[["policy"]]$allowsManifestFromSource()
}
#' @rdname csp_allows
#' @export
allows_media_from_source <- function(csp, URL) {
URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
csp[["policy"]]$allowsMediaFromSource()
}
#' @rdname csp_allows
#' @export
allows_navigation <- function(csp, URL) {
URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
csp[["policy"]]$allowsNavigation()
}
#' @rdname csp_allows
#' @export
allows_object_from_source <- function(csp, URL) {
URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
csp[["policy"]]$allowsObjectFromSource()
}
# #' @rdname csp_allows
# #' @export
# allows_plugin <- function(csp) {
# allowsPlugin()
# }
#' @rdname csp_allows
#' @export
allows_prefetch_from_source <- function(csp, URL) {
URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
csp[["policy"]]$allowsPrefetchFromSource()
}
#' @rdname csp_allows
#' @export
allows_script_from_source <- function(csp, URL) {
URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
csp[["policy"]]$allowsScriptFromSource()
}
# #' @rdname csp_allows
# #' @export
# allows_script_with_hash <- function(csp) {
# allowsScriptWithHash()
# }
#' @rdname csp_allows
#' @export
allows_script_with_nonce <- function(csp, nonce) {
csp[["policy"]]$allowsScriptWithNonce(nonce)
}
#' @rdname csp_allows
#' @export
allows_style_from_source <- function(csp, URL) {
URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
csp[["policy"]]$allowsStyleFromSource()
}
# #' @rdname csp_allows
# #' @export
# allows_style_with_hash <- function(csp) {
# allowsStyleWithHash()
# }
#' @rdname csp_allows
#' @export
allows_style_with_nonce <- function(csp, nonce) {
csp[["policy"]]$allowsStyleWithNonce(nonce)
}
#' @rdname csp_allows
#' @export
allows_unsafe_inline_script <- function(csp) {
csp[["policy"]]$allowsUnsafeInlineScript()
}
#' @rdname csp_allows
#' @export
allows_unsafe_inline_style <- function(csp) {
csp[["policy"]]$allowsUnsafeInlineStyle()
}
#' @rdname csp_allows
#' @export
allows_worker_from_source <- function(csp, URL) {
URL <- J("com.shapesecurity.salvation.data.URI")$parse(URL)
csp[["policy"]]$allowsWorkerFromSource()
}
# allows_attribute_with_hash <- function(csp) {
# allowsAttributeWithHash()
# }

84
R/csp-validate.R

@ -0,0 +1,84 @@
#' Validate a CSP
#'
#' Validates a content security policy. If policy problems are found
#' a data frame of information notes, warnings and errors is returned
#' with the specific locations of the issues in the original CSP string.
#'
#' @param csp a `csp` object created with [fetch_csp()] or [parse_csp()]
#' @return data frame
#' @export
validate_csp <- function(csp) {
Notice <- J("com.shapesecurity.salvation.data.Notice")
app <- J("is.rud.crsspy.App")
p <- csp[["policy"]]
x <- app$get_notices(p$show(), csp[["origin"]])
errs <- Notice$getAllErrors(x)
info <- Notice$getAllInfos(x)
warn <- Notice$getAllWarnings(x)
e <- errs$toArray()
do.call(
rbind.data.frame,
lapply(e, function(.x) {
data.frame(
message = .x$message,
type = .x$type$toString(),
start_line = .x$startLocation$line,
start_column = .x$startLocation$column,
start_offset = .x$startLocation$offset,
end_line = .x$endLocation$line,
end_column = .x$endLocation$column,
end_offset = .x$endLocation$offset,
stringsAsFactors = FALSE
)
})
) -> edf
i <- info$toArray()
do.call(
rbind.data.frame,
lapply(i, function(.x) {
data.frame(
message = .x$message,
type = .x$type$toString(),
start_line = .x$startLocation$line,
start_column = .x$startLocation$column,
start_offset = .x$startLocation$offset,
end_line = .x$endLocation$line,
end_column = .x$endLocation$column,
end_offset = .x$endLocation$offset,
stringsAsFactors = FALSE
)
})
) -> idf
w <- warn$toArray()
do.call(
rbind.data.frame,
lapply(w, function(.x) {
data.frame(
message = .x$message,
type = .x$type$toString(),
start_line = .x$startLocation$line,
start_column = .x$startLocation$column,
start_offset = .x$startLocation$offset,
end_line = .x$endLocation$line,
end_column = .x$endLocation$column,
end_offset = .x$endLocation$offset,
stringsAsFactors = FALSE
)
})
) -> wdf
out <- do.call(rbind.data.frame, list(edf, wdf, idf))
class(out) <- c("tbl_df", "tbl", "data.frame")
out
}

6
R/crsspy-package.R → R/cspy-package.R

@ -1,7 +1,7 @@
#' Content Security Policy Decomposer & Evaluator
#'
#' - URL: <https://gitlab.com/hrbrmstr/crsspy>
#' - BugReports: <https://gitlab.com/hrbrmstr/crsspy/issues>
#' - URL: <https://gitlab.com/hrbrmstr/cspy>
#' - BugReports: <https://gitlab.com/hrbrmstr/cspy/issues>
#' - Javadoc: <https://www.javadoc.io/doc/com.shapesecurity/salvation/2.6.0>
#'
#' @md
@ -10,4 +10,6 @@
#' @keywords internal
#' @author Bob Rudis (bob@@rud.is)
#' @import rJava
#' @importFrom httr GET HEAD warn_for_status
#' @references [Content Security Policy Level 3](https://www.w3.org/TR/CSP3/)
NULL

111
R/parse-csp-text.R

@ -0,0 +1,111 @@
#' Fetch and/or parse a content security policy header value
#'
#' Use [fetch_csp()] to load & parse a CSP from a remote site. Use [parse_csp()]
#' to parse an already fetched or composed CSP.
#'
#' @param csp_text length 1 character vector containing CSP text
#' @param origin_url site to fetch CSP from or to use when just parsing a
#' plain text (possibly already fetched) CSP
#' @param method method to use fetch CSP (sites may change headers returned
#' depending on the method used)
#' @references [Content Security Policy Level 3](https://www.w3.org/TR/CSP3/)
#' @export
parse_csp <- function(csp_text, origin_url) {
ParserWithLocation <- J("com.shapesecurity.salvation.ParserWithLocation")
list(
policy = ParserWithLocation$parse(csp_text, origin_url),
origin = origin_url
) -> p
class(p) <- c("csp")
p
}
#' @rdname parse_csp
#' @export
fetch_csp <- function(origin_url, method = c("head", "get")) {
method <- match.arg(tolower(method), c("head", "get"))
r <- if (method == "head") httr::HEAD(origin_url) else httr::GET(origin_url)
httr::warn_for_status(r)
h <- httr::headers(r)
csp <- h[["content-security-policy"]]
if (length(csp) == 0) {
stop("Content-Security-Policy header not found at ", origin_url, call.=FALSE)
}
p <- parse_csp(csp, origin_url)
p[["origin"]] <- origin_url
p
}
# #' Update an origin in a `csp` object
# #'
# #' @param csp a `csp` object created with [fetch_csp()] or [parse_csp()]
# #' @param origin_url origin URL
# #' @return `csp` object
# #' @export
# set_origin <- function(csp, origin_url) {
#
# csp[["origin"]] <- origin_url
#
# csp
#
# }
#' Convert a parsed CSP into a data frame of directives and values
#'
#' @param x a `csp` object created with [fetch_csp()] or [parse_csp()]
#' @param include_origin if the `csp` object has an origin URL should
#' it be included in the data frame? Default: `TRUE`
#' @param ... ignored
#' @references [Content Security Policy Level 3](https://www.w3.org/TR/CSP3/)
#' @export
as.data.frame.csp <- function(x, include_origin = TRUE, ...) {
p <- x$policy
d <- p$getDirectives()
do.call(
rbind.data.frame,
lapply(d$toArray(), function(.x) {
data.frame(
directive = .x$name,
value = sapply(.x$values()$toArray(), function(.y) .y$show()),
stringsAsFactors = FALSE
)
})
) -> xdf
if ((!is.na(x$origin)) && include_origin) xdf[["origin"]] <- x$origin
class(xdf) <- c("tbl_df", "tbl", "data.frame")
xdf
}

11
R/utils-pipe.R

@ -0,0 +1,11 @@
#' Pipe operator
#'
#' See \code{magrittr::\link[magrittr]{\%>\%}} for details.
#'
#' @name %>%
#' @rdname pipe
#' @keywords internal
#' @export
#' @importFrom magrittr %>%
#' @usage lhs \%>\% rhs
NULL

BIN
inst/java/cspy-1.0-SNAPSHOT.jar

Binary file not shown.

BIN
java/cspy/target/classes/is/rud/crsspy/App.class

Binary file not shown.

BIN
java/cspy/target/cspy-1.0-SNAPSHOT.jar

Binary file not shown.

4
java/cspy/target/maven-archiver/pom.properties

@ -0,0 +1,4 @@
#Created by Apache Maven 3.6.0
version=1.0-SNAPSHOT
groupId=is.rud.cspy
artifactId=cspy

1
java/cspy/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst

@ -0,0 +1 @@
is/rud/crsspy/App.class

1
java/cspy/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst

@ -0,0 +1 @@
/Users/bob/packages/cspy/java/cspy/src/main/java/is/rud/cspy/App.java

0
java/cspy/target/maven-status/maven-compiler-plugin/testCompile/default-testCompile/createdFiles.lst

1
java/cspy/target/maven-status/maven-compiler-plugin/testCompile/default-testCompile/inputFiles.lst

@ -0,0 +1 @@
/Users/bob/packages/cspy/java/cspy/src/test/java/is/rud/crsspy/AppTest.java

65
java/cspy/target/surefire-reports/TEST-is.rud.crsspy.AppTest.xml

@ -0,0 +1,65 @@
<?xml version="1.0" encoding="UTF-8"?>
<testsuite xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://maven.apache.org/surefire/maven-surefire-plugin/xsd/surefire-test-report.xsd" name="is.rud.crsspy.AppTest" time="0.047" tests="1" errors="0" skipped="0" failures="0">
<properties>
<property name="gopherProxySet" value="false"/>
<property name="awt.toolkit" value="sun.lwawt.macosx.LWCToolkit"/>
<property name="file.encoding.pkg" value="sun.io"/>
<property name="java.specification.version" value="1.8"/>
<property name="sun.cpu.isalist" value=""/>
<property name="sun.jnu.encoding" value="UTF-8"/>
<property name="java.class.path" value="/Users/bob/packages/cspy/java/cspy/target/test-classes:/Users/bob/packages/cspy/java/cspy/target/classes:/Users/bob/.m2/repository/com/shapesecurity/salvation/2.6.0/salvation-2.6.0.jar:/Users/bob/.m2/repository/junit/junit/4.11/junit-4.11.jar:/Users/bob/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar:"/>
<property name="java.vm.vendor" value="Oracle Corporation"/>
<property name="sun.arch.data.model" value="64"/>
<property name="java.vendor.url" value="http://java.oracle.com/"/>
<property name="user.timezone" value=""/>
<property name="java.vm.specification.version" value="1.8"/>
<property name="os.name" value="Mac OS X"/>
<property name="user.country" value="US"/>
<property name="sun.java.launcher" value="SUN_STANDARD"/>
<property name="sun.boot.library.path" value="/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib"/>
<property name="sun.java.command" value="/Users/bob/packages/cspy/java/cspy/target/surefire/surefirebooter5112374241955296958.jar /Users/bob/packages/cspy/java/cspy/target/surefire 2019-03-09T07-09-43_376-jvmRun1 surefire2087841056108485914tmp surefire_03135102536400349586tmp"/>
<property name="http.nonProxyHosts" value="local|*.local|169.254/16|*.169.254/16"/>
<property name="surefire.test.class.path" value="/Users/bob/packages/cspy/java/cspy/target/test-classes:/Users/bob/packages/cspy/java/cspy/target/classes:/Users/bob/.m2/repository/com/shapesecurity/salvation/2.6.0/salvation-2.6.0.jar:/Users/bob/.m2/repository/junit/junit/4.11/junit-4.11.jar:/Users/bob/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar:"/>
<property name="sun.cpu.endian" value="little"/>
<property name="user.home" value="/Users/bob"/>
<property name="user.language" value="en"/>
<property name="java.specification.vendor" value="Oracle Corporation"/>
<property name="java.home" value="/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre"/>
<property name="basedir" value="/Users/bob/packages/cspy/java/cspy"/>
<property name="file.separator" value="/"/>
<property name="line.separator" value="&#10;"/>
<property name="java.vm.specification.vendor" value="Oracle Corporation"/>
<property name="java.specification.name" value="Java Platform API Specification"/>
<property name="java.awt.graphicsenv" value="sun.awt.CGraphicsEnvironment"/>
<property name="surefire.real.class.path" value="/Users/bob/packages/cspy/java/cspy/target/surefire/surefirebooter5112374241955296958.jar"/>
<property name="sun.boot.class.path" value="/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/resources.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/rt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/sunrsasign.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/jsse.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/jce.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/charsets.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/jfr.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/classes"/>
<property name="sun.management.compiler" value="HotSpot 64-Bit Tiered Compilers"/>
<property name="ftp.nonProxyHosts" value="local|*.local|169.254/16|*.169.254/16"/>
<property name="java.runtime.version" value="1.8.0_121-b13"/>
<property name="user.name" value="bob"/>
<property name="path.separator" value=":"/>
<property name="os.version" value="10.14.4"/>
<property name="java.endorsed.dirs" value="/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/endorsed"/>
<property name="java.runtime.name" value="Java(TM) SE Runtime Environment"/>
<property name="file.encoding" value="UTF-8"/>
<property name="java.vm.name" value="Java HotSpot(TM) 64-Bit Server VM"/>
<property name="localRepository" value="/Users/bob/.m2/repository"/>
<property name="java.vendor.url.bug" value="http://bugreport.sun.com/bugreport/"/>
<property name="java.io.tmpdir" value="/var/folders/9g/ptzggj090rv89mwc7nrhhfhh0000gn/T/"/>
<property name="java.version" value="1.8.0_121"/>
<property name="user.dir" value="/Users/bob/packages/cspy/java/cspy"/>
<property name="os.arch" value="x86_64"/>
<property name="java.vm.specification.name" value="Java Virtual Machine Specification"/>
<property name="java.awt.printerjob" value="sun.lwawt.macosx.CPrinterJob"/>
<property name="sun.os.patch.level" value="unknown"/>
<property name="java.library.path" value="/Users/bob/Library/Java/Extensions:/Library/Java/Extensions:/Network/Library/Java/Extensions:/System/Library/Java/Extensions:/usr/lib/java:."/>
<property name="java.vm.info" value="mixed mode"/>
<property name="java.vendor" value="Oracle Corporation"/>
<property name="java.vm.version" value="25.121-b13"/>
<property name="java.ext.dirs" value="/Users/bob/Library/Java/Extensions:/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/ext:/Library/Java/Extensions:/Network/Library/Java/Extensions:/System/Library/Java/Extensions:/usr/lib/java"/>
<property name="sun.io.unicode.encoding" value="UnicodeBig"/>
<property name="java.class.version" value="52.0"/>
<property name="socksNonProxyHosts" value="local|*.local|169.254/16|*.169.254/16"/>
</properties>
<testcase name="shouldAnswerWithTrue" classname="is.rud.crsspy.AppTest" time="0"/>
</testsuite>

4
java/cspy/target/surefire-reports/is.rud.crsspy.AppTest.txt

@ -0,0 +1,4 @@
-------------------------------------------------------------------------------
Test set: is.rud.crsspy.AppTest
-------------------------------------------------------------------------------
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.047 s - in is.rud.crsspy.AppTest

BIN
java/cspy/target/test-classes/is/rud/crsspy/AppTest.class

Binary file not shown.

22
man/as.data.frame.csp.Rd

@ -0,0 +1,22 @@
% Generated by roxygen2: do not edit by hand
% Please edit documentation in R/parse-csp-text.R
\name{as.data.frame.csp}
\alias{as.data.frame.csp}
\title{Convert a parsed CSP into a data frame of directives and values}
\usage{
\method{as.data.frame}{csp}(x, include_origin = TRUE, ...)
}
\arguments{
\item{x}{a \code{csp} object created with \code{\link[=fetch_csp]{fetch_csp()}} or \code{\link[=parse_csp]{parse_csp()}}}
\item{include_origin}{if the \code{csp} object has an origin URL should
it be included in the data frame? Default: \code{TRUE}}
\item{...}{ignored}
}
\description{
Convert a parsed CSP into a data frame of directives and values
}
\references{
\href{https://www.w3.org/TR/CSP3/}{Content Security Policy Level 3}
}

9
man/crsspy.Rd

@ -1,5 +1,5 @@
% Generated by roxygen2: do not edit by hand
% Please edit documentation in R/crsspy-package.R
% Please edit documentation in R/cspy-package.R
\docType{package}
\name{crsspy}
\alias{crsspy}
@ -7,11 +7,14 @@
\title{Content Security Policy Decomposer & Evaluator}
\description{
\itemize{
\item URL: \url{https://gitlab.com/hrbrmstr/crsspy}
\item BugReports: \url{https://gitlab.com/hrbrmstr/crsspy/issues}
\item URL: \url{https://gitlab.com/hrbrmstr/cspy}
\item BugReports: \url{https://gitlab.com/hrbrmstr/cspy/issues}
\item Javadoc: \url{https://www.javadoc.io/doc/com.shapesecurity/salvation/2.6.0}
}
}
\references{
\href{https://www.w3.org/TR/CSP3/}{Content Security Policy Level 3}
}
\author{
Bob Rudis (bob@rud.is)
}

76
man/csp_allows.Rd

@ -0,0 +1,76 @@
% Generated by roxygen2: do not edit by hand
% Please edit documentation in R/allows.R
\name{csp_allows}
\alias{csp_allows}
\alias{allows_child_from_source}
\alias{allows_connect_to}
\alias{allows_font_from_source}
\alias{allows_form_action}
\alias{allows_frame_ancestor}
\alias{allows_frame_from_source}
\alias{allows_manifest_from_source}
\alias{allows_media_from_source}
\alias{allows_navigation}
\alias{allows_object_from_source}
\alias{allows_prefetch_from_source}
\alias{allows_script_from_source}
\alias{allows_script_with_nonce}
\alias{allows_style_from_source}
\alias{allows_style_with_nonce}
\alias{allows_unsafe_inline_script}
\alias{allows_unsafe_inline_style}
\alias{allows_worker_from_source}
\title{Tests for what a parsed CSP allows}
\usage{
allows_child_from_source(csp, URL)
allows_connect_to(csp, URL)
allows_font_from_source(csp, URL)
allows_form_action(csp, URL)
allows_frame_ancestor(csp, URL)
allows_frame_from_source(csp, URL)
allows_manifest_from_source(csp, URL)
allows_media_from_source(csp, URL)
allows_navigation(csp, URL)
allows_object_from_source(csp, URL)
allows_prefetch_from_source(csp, URL)
allows_script_from_source(csp, URL)
allows_script_with_nonce(csp, nonce)
allows_style_from_source(csp, URL)
allows_style_with_nonce(csp, nonce)
allows_unsafe_inline_script(csp)
allows_unsafe_inline_style(csp)
allows_worker_from_source(csp, URL)
}
\arguments{
\item{csp}{a \code{csp} object created with \code{\link[=fetch_csp]{fetch_csp()}} or \code{\link[=parse_csp]{parse_csp()}}}
\item{URL}{source or destination URL}
\item{nonce}{a \href{https://html.spec.whatwg.org/multipage/urls-and-fetching.html#attr-nonce}{cryptographic nonce}}
}
\value{
logical
}
\description{
Tests for what a parsed CSP allows
}
\references{
\href{https://www.w3.org/TR/CSP3/}{Content Security Policy Level 3}
}

27
man/parse_csp.Rd

@ -0,0 +1,27 @@
% Generated by roxygen2: do not edit by hand
% Please edit documentation in R/parse-csp-text.R
\name{parse_csp}
\alias{parse_csp}
\alias{fetch_csp}
\title{Fetch and/or parse a content security policy header value}
\usage{
parse_csp(csp_text, origin_url)
fetch_csp(origin_url, method = c("head", "get"))
}
\arguments{
\item{csp_text}{length 1 character vector containing CSP text}
\item{origin_url}{site to fetch CSP from or to use when just parsing a
plain text (possibly already fetched) CSP}
\item{method}{method to use fetch CSP (sites may change headers returned
depending on the method used)}
}
\description{
Use \code{\link[=fetch_csp]{fetch_csp()}} to load & parse a CSP from a remote site. Use \code{\link[=parse_csp]{parse_csp()}}
to parse an already fetched or composed CSP.
}
\references{
\href{https://www.w3.org/TR/CSP3/}{Content Security Policy Level 3}
}

12
man/pipe.Rd

@ -0,0 +1,12 @@
% Generated by roxygen2: do not edit by hand
% Please edit documentation in R/utils-pipe.R
\name{\%>\%}
\alias{\%>\%}
\title{Pipe operator}
\usage{
lhs \%>\% rhs
}
\description{
See \code{magrittr::\link[magrittr]{\%>\%}} for details.
}
\keyword{internal}

19
man/validate_csp.Rd

@ -0,0 +1,19 @@
% Generated by roxygen2: do not edit by hand
% Please edit documentation in R/csp-validate.R
\name{validate_csp}
\alias{validate_csp}
\title{Validate a CSP}
\usage{
validate_csp(csp)
}
\arguments{
\item{csp}{a \code{csp} object created with \code{\link[=fetch_csp]{fetch_csp()}} or \code{\link[=parse_csp]{parse_csp()}}}
}
\value{
data frame
}
\description{
Validates a content security policy. If policy problems are found
a data frame of information notes, warnings and errors is returned
with the specific locations of the issues in the original CSP string.
}
Loading…
Cancel
Save