-
- GitHub
- GitLab
- Bitbucket
-
By logging in you accept
our terms of service
and privacy policy
Identify and Parse Web Security Policies Files
Homepage CRAN Documentation Download
Identify and Parse Web Security Policies Files
When security risks in web services are discovered by independent security researchers who understand the severity of the risk, they often lack the channels to properly disclose them. As a result, security issues may be left unreported. The ‘security.txt’ ‘Web Security Policies’ specification defines an ‘IETF’ draft standard https://tools.ietf.org/html/draft-foudil-securitytxt-00 to help organizations define the process for security researchers to securely disclose security vulnerabilities. Tools are provided to help identify and parse ‘security.txt’ files to enable analysis of the usage and adoption of these policies.
The following functions are implemented:
sectxt_info: Retrieve a data frame of security.txt keys/valuessectxt_url: Determine security.txt URL for a given site/URLsectxt_validate: Validate a security.txt Web Security Policies
filesectxt: Parse a security.txt Web Security Policies file & create a
sectxt objectinstall.packages("securitytxt", repos = "https://cinc.rud.is")
# or
remotes::install_git("https://git.rud.is/hrbrmstr/securitytxt.git")
# or
remotes::install_git("https://git.sr.ht/~hrbrmstr/securitytxt")
# or
remotes::install_gitlab("hrbrmstr/securitytxt")
# or
remotes::install_bitbucket("hrbrmstr/securitytxt")
# or
remotes::install_github("hrbrmstr/securitytxt")
NOTE: To use the ‘remotes’ install options you will need to have the {remotes} package installed.
library(securitytxt)
# current verison
packageVersion("securitytxt")
## [1] '0.1.0'
# built-in example
x <- sectxt(readLines(system.file("extdata", "security.txt", package="securitytxt")))
sectxt_info(x)
| key | value |
|---|---|
| contact | security@example.com |
| encryption | https://example.com/pgp-key.txt |
# "live" example
(xurl <- sectxt_url("https://securitytxt.org"))
## [1] "https://securitytxt.org/.well-known/security.txt"
x <- sectxt(url(xurl))
sectxt_info(x)
| key | value |
|---|---|
| contact | https://hackerone.com/ed |
| encryption | https://keybase.pub/edoverflow/pgp_key.asc |
| acknowledgements | https://hackerone.com/ed/thanks |
sectxt_validate(x)
## [1] FALSE
x
## <Web Security Policies Object>
## # If you would like to report a security issue
## # you may report it to us on HackerOne.
## Contact: https://hackerone.com/ed
## Encryption: https://keybase.pub/edoverflow/pgp_key.asc
## Acknowledgements: https://hackerone.com/ed/thanks
# another "live" example
(xurl <- sectxt_url("https://rud.is/b"))
## [1] "https://rud.is/.well-known/security.txt"
x <- sectxt(url(xurl))
sectxt_info(x)
| key | value |
|---|---|
| contact | bob@rud.is |
| encryption | https://keybase.io/hrbrmstr/pgp_keys.asc?fingerprint=e5388172b81c210906f5e5605879179645de9399 |
| disclosure | Full |
sectxt_validate(x)
## [1] TRUE
x
## <Web Security Policies Object>
## Contact: bob@rud.is
## Encryption: https://keybase.io/hrbrmstr/pgp_keys.asc?fingerprint=e5388172b81c210906f5e5605879179645de9399
## Disclosure: Full
Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.
The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.
Learn more →Something wrong with this page? Make a suggestion
Export .ABOUT file for this package
Last synced: 2019-10-11 14:25:52 UTC
Login to resync this project