{"id":16571962,"url":"https://github.com/hrbrmstr/cspy","last_synced_at":"2026-06-06T19:31:58.713Z","repository":{"id":141238075,"uuid":"174155395","full_name":"hrbrmstr/cspy","owner":"hrbrmstr","description":"Content Security Policy Decomposer \u0026 Evaluator","archived":false,"fork":false,"pushed_at":"2019-03-10T20:24:25.000Z","size":417,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-16T02:52:40.933Z","etag":null,"topics":["content-security-policy","r","rjava","rstats"],"latest_commit_sha":null,"homepage":"","language":"R","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hrbrmstr.png","metadata":{"files":{"readme":"README.Rmd","changelog":"NEWS.md","contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-03-06T13:57:55.000Z","updated_at":"2022-07-20T22:51:11.000Z","dependencies_parsed_at":null,"dependency_job_id":"b8aabe71-1dff-4e2a-9a9d-e457316ec13c","html_url":"https://github.com/hrbrmstr/cspy","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hrbrmstr%2Fcspy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hrbrmstr%2Fcspy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hrbrmstr%2Fcspy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hrbrmstr%2Fcspy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hrbrmstr","download_url":"https://codeload.github.com/hrbrmstr/cspy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242039717,"owners_count":20061928,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["content-security-policy","r","rjava","rstats"],"created_at":"2024-10-11T21:25:52.178Z","updated_at":"2026-06-06T19:31:58.675Z","avatar_url":"https://github.com/hrbrmstr.png","language":"R","funding_links":[],"categories":[],"sub_categories":[],"readme":"---\noutput: rmarkdown::github_document\neditor_options: \n  chunk_output_type: console\n---\n```{r pkg-knitr-opts, include=FALSE}\nknitr::opts_chunk$set(collapse=TRUE, fig.retina=2, message=FALSE, warning=FALSE)\noptions(width=120)\n```\n\n[![Travis-CI Build Status](https://travis-ci.org/hrbrmstr/cspy.svg?branch=master)](https://travis-ci.org/hrbrmstr/cspy) \n[![AppVeyor build status](https://ci.appveyor.com/api/projects/status/github/hrbrmstr/cspy?branch=master\u0026svg=true)](https://ci.appveyor.com/project/hrbrmstr/cspy) \n[![Coverage Status](https://codecov.io/gh/hrbrmstr/cspy/branch/master/graph/badge.svg)](https://codecov.io/gh/hrbrmstr/cspy)\n[![CRAN_Status_Badge](https://www.r-pkg.org/badges/version/cspy)](https://cran.r-project.org/package=cspy)\n\n# cspy\n\nContent Security Policy Decomposer \u0026 Evaluator\n\n## Description\n\nMethods are provided to decompose, display, and validate\ncontent security policy header values. Wraps the 'Shape Security'\n'salvation' Java library (\u003chttps://github.com/shapesecurity/salvation\u003e).\nPackage version tracks 'salvation' Java archive version.\n\n## What's Inside The Tin\n\nThe following functions are implemented:\n\nCore:\n\n- `fetch_csp`:\tFetch and/or parse a content security policy header value\n- `has_csp`:\tDoes a URL have a content security policy?\n- `parse_csp`:\tFetch and/or parse a content security policy header value\n- `validate_csp`:\tValidate a CSP\n- `as.data.frame.csp`:\tConvert a parsed CSP into a data frame of directives and values\n\nSecurity/Safety Checks:\n\n- `check_deprecated`:\tTests for insecure CSP settings\n- `check_ip_source`:\tTests for insecure CSP settings\n- `check_missing_directives`:\tTests for insecure CSP settings\n- `check_nonce_length`:\tTests for insecure CSP settings\n- `check_plain_url_schemes`:\tTests for insecure CSP settings\n- `check_script_unsafe_eval`:\tTests for insecure CSP settings\n- `check_script_unsafe_inline`:\tTests for insecure CSP settings\n- `check_src_http`:\tTests for insecure CSP settings\n- `check_wildcards`:\tTests for insecure CSP settings\n\nTesters:\n\n- `allows_child_from_source`:\tTests for what a parsed CSP allows\n- `allows_connect_to`:\tTests for what a parsed CSP allows\n- `allows_font_from_source`:\tTests for what a parsed CSP allows\n- `allows_form_action`:\tTests for what a parsed CSP allows\n- `allows_frame_ancestor`:\tTests for what a parsed CSP allows\n- `allows_frame_from_source`:\tTests for what a parsed CSP allows\n- `allows_manifest_from_source`:\tTests for what a parsed CSP allows\n- `allows_media_from_source`:\tTests for what a parsed CSP allows\n- `allows_navigation`:\tTests for what a parsed CSP allows\n- `allows_object_from_source`:\tTests for what a parsed CSP allows\n- `allows_prefetch_from_source`:\tTests for what a parsed CSP allows\n- `allows_script_from_source`:\tTests for what a parsed CSP allows\n- `allows_script_with_nonce`:\tTests for what a parsed CSP allows\n- `allows_style_from_source`:\tTests for what a parsed CSP allows\n- `allows_style_with_nonce`:\tTests for what a parsed CSP allows\n- `allows_unsafe_inline_script`:\tTests for what a parsed CSP allows\n- `allows_unsafe_inline_style`:\tTests for what a parsed CSP allows\n- `allows_worker_from_source`:\tTests for what a parsed CSP allows\n\n## Installation\n\n```{r install-ex, eval=FALSE}\ninstall.packages(\"cspy\", repos = \"https://cinc.rud.is/\")\n```\n\n## Usage\n\n```{r lib-ex}\nlibrary(cspy)\nlibrary(tibble) # for printing\n\n# current version\npackageVersion(\"cspy\")\n\n```\n\n```{r one}\nhas_csp(\"https://community.rstudio.com\")\n\ncsp \u003c- fetch_csp(\"https://community.rstudio.com\")\n\ncsp\n\n(csp_df \u003c- as.data.frame(csp))\n\nallows_unsafe_inline_script(csp)\n\ncheck_deprecated(csp_df)\n\ncheck_ip_source(csp_df)\n\ncheck_missing_directives(csp_df)\n\ncheck_nonce_length(csp_df)\n\ncheck_plain_url_schemes(csp_df)\n\ncheck_script_unsafe_eval(csp_df)\n\ncheck_script_unsafe_inline(csp_df)\n\ncheck_src_http(csp_df)\n\ncheck_wildcards(csp_df)\n```\n\n## crsspy Metrics\n\n```{r cloc, echo=FALSE}\ncloc::cloc_pkg_md()\n```\n\n## Code of Conduct\n\nPlease note that this project is released with a [Contributor Code of Conduct](CODE_OF_CONDUCT.md). \nBy participating in this project you agree to abide by its terms.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhrbrmstr%2Fcspy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhrbrmstr%2Fcspy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhrbrmstr%2Fcspy/lists"}