🔐 Identify and Parse Web Security Policies Files in R
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
R
inst
man
src
tests
.Rbuildignore
.codecov.yml
.gitignore
.travis.yml
CONDUCT.md
DESCRIPTION
LICENSE
NAMESPACE
NEWS.md
README.Rmd
README.md
appveyor.yml
cran-comments.md
securitytxt.Rproj

README.md

Build Status Build status Coverage Status

securitytxt

Identify and Parse Web Security Policies Files

Description

When security risks in web services are discovered by independent security researchers who understand the severity of the risk, they often lack the channels to properly disclose them. As a result, security issues may be left unreported. The 'security.txt' 'Web Security Policies' specification defines a 'IETF' standard to help organizations define the process for security researchers to securely disclose security vulnerabilities.

Tools are provided to identify and parse 'security.txt' files, enabling analysis of the usage of these policies.

What's Inside The Tin

The following functions are implemented:

  • sectxt: Parse a 'security.txt' Web Security Policies file & create a 'sectxt' object
  • sectxt_info: Retrieve a data frame of security.txt keys/values
  • sectxt_validate: Validate a 'security.txt' Web Security Policies file
  • sectxt_url: Determine security.txt URL for a given site/URL

Installation

devtools::install_git("git://gitlab.com/hrbrmstr/securitytxt")

Usage

library(securitytxt)

# current verison
packageVersion("securitytxt")
## [1] '0.1.0'
# built-in example
x <- sectxt(readLines(system.file("extdata", "security.txt", package="securitytxt")))
sectxt_info(x)
##          key                           value
## 1    contact            security@example.com
## 2 encryption https://example.com/pgp-key.txt
# "live" example
(xurl <- sectxt_url("https://securitytxt.org"))
## [1] "https://securitytxt.org/.well-known/security.txt"
x <- sectxt(url(xurl))
sectxt_info(x)
##       key                          value
## 1 contact https://twitter.com/EdOverflow
sectxt_validate(x)
## [1] TRUE
x
## <Web Security Policies Object>
## # Our security address
## Contact: https://twitter.com/EdOverflow
# another "live" example
(xurl <- sectxt_url("https://rud.is/b"))
## [1] "https://rud.is/.well-known/security.txt"
x <- sectxt(url(xurl))
sectxt_info(x)
##          key                                                                                         value
## 1    contact                                                                                    bob@rud.is
## 2 encryption https://keybase.io/hrbrmstr/pgp_keys.asc?fingerprint=e5388172b81c210906f5e5605879179645de9399
## 3 disclosure                                                                                          Full
sectxt_validate(x)
## [1] TRUE
x
## <Web Security Policies Object>
## Contact: bob@rud.is
## Encryption: https://keybase.io/hrbrmstr/pgp_keys.asc?fingerprint=e5388172b81c210906f5e5605879179645de9399
## Disclosure: Full

Code of Conduct

Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.