You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
boB Rudis 99aa6e75d1
README/cran-comments
3 years ago
R pre-CRAN flight check 5 years ago
inst pre-CRAN flight check 5 years ago
man pre-CRAN flight check 5 years ago
src addressed 2019-08-18 CRAN comments 3 years ago
tests pre-CRAN flight check 5 years ago
.Rbuildignore pre-CRAN flight check 5 years ago
.codecov.yml initial commit 5 years ago
.gitignore initial commit 5 years ago
.travis.yml appveyor, travis & code coverage 5 years ago
CONDUCT.md CRAN checks and tests 5 years ago
DESCRIPTION addressed 2019-08-18 CRAN comments 3 years ago
LICENSE pre-CRAN flight check 5 years ago
NAMESPACE initial commit 5 years ago
NEWS.md initial commit 5 years ago
README.Rmd addressed 2019-08-18 CRAN comments 3 years ago
README.md README/cran-comments 3 years ago
appveyor.yml appveyor, travis & code coverage 5 years ago
cran-comments.md README/cran-comments 3 years ago
securitytxt.Rproj initial commit 5 years ago

README.md

Project Status: Active – The project has reached a stable, usablestate and is being activelydeveloped. Signedby Signed commit% Linux buildStatus Windows buildstatus CoverageStatus cranchecks CRANstatus Minimal RVersion License

securitytxt

Identify and Parse Web Security Policies Files

Description

When security risks in web services are discovered by independent security researchers who understand the severity of the risk, they often lack the channels to properly disclose them. As a result, security issues may be left unreported. The ‘security.txt’ ‘Web Security Policies’ specification defines an ‘IETF’ draft standard https://tools.ietf.org/html/draft-foudil-securitytxt-00 to help organizations define the process for security researchers to securely disclose security vulnerabilities. Tools are provided to help identify and parse ‘security.txt’ files to enable analysis of the usage and adoption of these policies.

What’s Inside The Tin

The following functions are implemented:

  • sectxt_info: Retrieve a data frame of security.txt keys/values
  • sectxt_url: Determine security.txt URL for a given site/URL
  • sectxt_validate: Validate a security.txt Web Security Policies file
  • sectxt: Parse a security.txt Web Security Policies file & create a sectxt object

Installation

install.packages("securitytxt", repos = "https://cinc.rud.is")
# or
remotes::install_git("https://git.rud.is/hrbrmstr/securitytxt.git")
# or
remotes::install_git("https://git.sr.ht/~hrbrmstr/securitytxt")
# or
remotes::install_gitlab("hrbrmstr/securitytxt")
# or
remotes::install_bitbucket("hrbrmstr/securitytxt")
# or
remotes::install_github("hrbrmstr/securitytxt")

NOTE: To use the ‘remotes’ install options you will need to have the {remotes} package installed.

Usage

library(securitytxt)

# current verison
packageVersion("securitytxt")
## [1] '0.1.0'

# built-in example
x <- sectxt(readLines(system.file("extdata", "security.txt", package="securitytxt")))
sectxt_info(x)

# "live" example
(xurl <- sectxt_url("https://securitytxt.org"))
## [1] "https://securitytxt.org/.well-known/security.txt"
x <- sectxt(url(xurl))
sectxt_info(x)
sectxt_validate(x)
## [1] FALSE
x
## <Web Security Policies Object>
## # If you would like to report a security issue
## # you may report it to us on HackerOne.
## Contact: https://hackerone.com/ed
## Encryption: https://keybase.pub/edoverflow/pgp_key.asc
## Acknowledgements: https://hackerone.com/ed/thanks

# another "live" example
(xurl <- sectxt_url("https://rud.is/b"))
## [1] "https://rud.is/.well-known/security.txt"
x <- sectxt(url(xurl))
sectxt_info(x)
sectxt_validate(x)
## [1] TRUE
x
## <Web Security Policies Object>
## Contact: bob@rud.is
## Encryption: https://keybase.io/hrbrmstr/pgp_keys.asc?fingerprint=e5388172b81c210906f5e5605879179645de9399
## Disclosure: Full

Code of Conduct

Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.