Verified Commit 7809df42 authored by hrbrmstr's avatar hrbrmstr 馃泴
Browse files

pre-CRAN flight check

parent 9759c966
......@@ -10,3 +10,4 @@
^doc$
^CONDUCT\.md$
^appveyor\.yml$
^cran-comments\.md$
......@@ -2,31 +2,32 @@ Package: securitytxt
Type: Package
Title: Identify and Parse Web Security Policies Files
Version: 0.1.0
Date: 2017-10-09
Date: 2017-10-20
Authors@R: c(
person("Bob", "Rudis", email = "bob@rud.is", role = c("aut", "cre"),
comment = c(ORCID = "0000-0001-5670-2640"))
comment = c(ORCID = "0000-0001-5670-2640")),
person("SEOmoz", "Inc", role = c("aut", "cph"),
comment = "url-cpp library, <https://github.com/seomoz/url-cpp>")
)
Author: Bob Rudis (bob@rud.is)
Maintainer: Bob Rudis <bob@rud.is>
Description: When security risks in web services are discovered by independent
security researchers who understand the severity of the risk, they
often lack the channels to properly disclose them. As a result,
security issues may be left unreported. The 'security.txt' 'Web Security Policies'
specification defines a 'IETF' standard to help organizations define the process
for security researchers to securely disclose security vulnerabilities. Tools are
provided to help identify and parse 'security.txt' files to enable analysis of
the usage of these policies.
specification defines an 'IETF' draft standard <https://tools.ietf.org/html/draft-foudil-securitytxt-00>
to help organizations define the process for security researchers to securely
disclose security vulnerabilities. Tools are provided to help identify and
parse 'security.txt' files to enable analysis of the usage and adoption of these policies.
URL: https://github.com/hrbrmstr/securitytxt
BugReports: https://github.com/hrbrmstr/securitytxt/issues
License: AGPL
Copyright: file inst/COPYRIGHTS
License: MIT + file LICENSE
Suggests:
testthat,
covr
Depends:
R (>= 3.2.0)
Imports:
purrr,
Rcpp
RoxygenNote: 6.0.1
LinkingTo: Rcpp
YEAR: 2017
COPYRIGHT HOLDER: Bob Rudis
......@@ -8,8 +8,10 @@
#' _or_ a length >1 character vector that will be concatenated into a single string _or_
#' a `connection` object that will be passed to [readLines()], the result of which
#' will be concatenated into a single string and parsed and the connection will be closed.
#' @references [IETF Draft](https://tools.ietf.org/html/draft-foudil-securitytxt-00); [Information hub](https://securitytxt.org/)
#' [GitHub Organization](https://github.com/securitytxt)
#' @references
#' - [IETF Draft](https://tools.ietf.org/html/draft-foudil-securitytxt-00)
#' - [Information hub](https://securitytxt.org/)
#' - [GitHub Organization](https://github.com/securitytxt)
#' @export
#' @examples
#' sectxt(readLines(system.file("extdata", "security.txt", package="securitytxt")))
......
#' Identify and Parse Web Security Policies Files
#'
#' When security risks in web services are discovered by independent
#' security researchers who understand the severity of the risk, they
#' often lack the channels to properly disclose them. As a result,
#' security issues may be left unreported. The 'security.txt' 'Web Security Policies'
#' specification defines a 'IETF' standard to help organizations define the process
#' for security researchers to securely disclose security vulnerabilities. Tools are
#' provided to help identify and parse 'security.txt' files to enable analysis of
#' the usage of these policies.
#' When security risks in web services are discovered by independent security
#' researchers who understand the severity of the risk, they often lack the
#' channels to properly disclose them. As a result, security issues may be left
#' unreported. The 'security.txt' 'Web Security Policies'specification defines
#' an 'IETF' draft standard
#' <https://tools.ietf.org/html/draft-foudil-securitytxt-00> to help
#' organizations define the process for security researchers to securely
#' disclose security vulnerabilities. Tools are provided to help identify and
#' parse 'security.txt' files to enable analysis of the usage and adoption of
#' these policies.
#'
#' @md
#' @name securitytxt
#' @references [IETF Draft](https://tools.ietf.org/html/draft-foudil-securitytxt-00); [Information hub](https://securitytxt.org/)
#' [GitHub Organization](https://github.com/securitytxt)
#' @references
#' - [IETF Draft](https://tools.ietf.org/html/draft-foudil-securitytxt-00)
#' - [Information hub](https://securitytxt.org/)
#' - [GitHub Organization](https://github.com/securitytxt)
#' @docType package
#' @author Bob Rudis (bob@@rud.is)
#' @useDynLib securitytxt
......
## Test environments
* local OS X install, R 3.4.2
* ubuntu 14.04 (on travis-ci), R oldrel, release & devel
* ubuntu 16.04.3 (local), R 3.4.1
* r-hub Windows
* win-builder (devel and release)
## R CMD check results
0 errors | 0 warnings | 1 note
* This is a new release.
## Reverse dependencies
This is a new release, so there are no reverse dependencies.
---
* I've used the new ORCID id in
Authors@R (not sure if I need
to note that but it's "new" so
figured it wldn't hurt to
mention it).
* There is extra copyright info
for the included C++ lib used
both in inst/COPYRIGHTS &
in the C++ source files.
* Some examples that require
internet connectivity are
marked 'dontrun' b/c they
are for illustration only.
* Tests are included and run
weekly on Travis-CI
* Tests are manuall run on AppVeyor
as well for all builds.
* Code coverage is also provided.
\ No newline at end of file
All R source code and the following C[++] source files:
- src/securitymain.cpp
- src/security.cpp
- src/security.h
are released under the MIT License
----
As per https://github.com/seomoz/url-cpp/blob/master/LICENSE, the following
source files are part of the url-cpp library:
- src/psl.cpp
- src/psl.h
- src/punycode.cpp
- src/punycode.h
- src/url.cpp
- src/url.h
- src/utf8.cpp
- src/utf8.h
which has the following MIT License text:
Copyright (c) 2016-2017 SEOmoz, Inc.
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\ No newline at end of file
......@@ -23,6 +23,9 @@ sectxt(url(sectxt_url("https://securitytxt.org")))
}
}
\references{
\href{https://tools.ietf.org/html/draft-foudil-securitytxt-00}{IETF Draft}; \href{https://securitytxt.org/}{Information hub}
\href{https://github.com/securitytxt}{GitHub Organization}
\itemize{
\item \href{https://tools.ietf.org/html/draft-foudil-securitytxt-00}{IETF Draft}
\item \href{https://securitytxt.org/}{Information hub}
\item \href{https://github.com/securitytxt}{GitHub Organization}
}
}
......@@ -6,18 +6,23 @@
\alias{securitytxt-package}
\title{Identify and Parse Web Security Policies Files}
\description{
When security risks in web services are discovered by independent
security researchers who understand the severity of the risk, they
often lack the channels to properly disclose them. As a result,
security issues may be left unreported. The 'security.txt' 'Web Security Policies'
specification defines a 'IETF' standard to help organizations define the process
for security researchers to securely disclose security vulnerabilities. Tools are
provided to help identify and parse 'security.txt' files to enable analysis of
the usage of these policies.
When security risks in web services are discovered by independent security
researchers who understand the severity of the risk, they often lack the
channels to properly disclose them. As a result, security issues may be left
unreported. The 'security.txt' 'Web Security Policies'specification defines
an 'IETF' draft standard
\url{https://tools.ietf.org/html/draft-foudil-securitytxt-00} to help
organizations define the process for security researchers to securely
disclose security vulnerabilities. Tools are provided to help identify and
parse 'security.txt' files to enable analysis of the usage and adoption of
these policies.
}
\references{
\href{https://tools.ietf.org/html/draft-foudil-securitytxt-00}{IETF Draft}; \href{https://securitytxt.org/}{Information hub}
\href{https://github.com/securitytxt}{GitHub Organization}
\itemize{
\item \href{https://tools.ietf.org/html/draft-foudil-securitytxt-00}{IETF Draft}
\item \href{https://securitytxt.org/}{Information hub}
\item \href{https://github.com/securitytxt}{GitHub Organization}
}
}
\author{
Bob Rudis (bob@rud.is)
......
/*
Copyright (c) 2016-2017 SEOmoz, Inc.
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#include <algorithm>
#include <fstream>
#include <iostream>
......@@ -140,7 +162,7 @@ namespace Url
// Return the whole string if position == std:string::npos
size_t start = (position == std::string::npos) ? 0 : position + 1;
std::string result(hostname, start);
std::transform(result.begin(), result.end(), result.begin(), ::tolower);
......
/*
Copyright (c) 2016-2017 SEOmoz, Inc.
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#ifndef PSL_CPP_H
#define PSL_CPP_H
......
/*
Copyright (c) 2016-2017 SEOmoz, Inc.
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#include <algorithm>
#include <string>
#include <iostream>
......@@ -42,7 +64,7 @@ namespace Url
{
output.append(1, '-');
}
// while h < length(input) do begin
while (h < codepoints.size())
{
......@@ -63,7 +85,7 @@ namespace Url
}
delta += (m - n) * (h + 1);
// let n = m
// let n = m
n = m;
// for each code point c in the input (in order) do begin
......@@ -92,7 +114,7 @@ namespace Url
// tmax if k >= bias + tmax, or k - bias otherwise
punycode_uint t = k <= bias ? TMIN :
k >= bias + TMAX ? TMAX : k - bias;
// if q < t then break
if (q < t)
{
......@@ -105,7 +127,7 @@ namespace Url
// let q = (q - t) div (base - t)
q = (q - t) / (BASE - t);
}
// output the code point for digit q
output.append(1, DIGIT_TO_BASIC[q]);
......@@ -117,15 +139,15 @@ namespace Url
// increment h
++h;
}
}
// increment delta and n
++delta;
++n;
}
str.assign(output);
return str;
}
......@@ -230,7 +252,7 @@ namespace Url
{
throw std::invalid_argument("Premature termination");
}
// let digit = the code point's digit-value, fail if it has none
int lookup = BASIC_TO_DIGIT[static_cast<size_t>(*it)];
if (lookup == -1)
......@@ -256,7 +278,7 @@ namespace Url
{
break;
}
// let w = w * (base - t), fail on overflow
if (w > (MAX_PUNYCODE_UINT / (BASE - t)))
{
......@@ -294,10 +316,10 @@ namespace Url
}
w *= (BASE - t);
}
// let bias = adapt(i - oldi, length(output) + 1, test oldi is 0?)
bias = adapt(i - oldi, codepoints.size() + 1, oldi == 0);
// let n = n + i div (length(output) + 1), fail on overflow
if ((i / (codepoints.size() + 1)) > (MAX_PUNYCODE_UINT - n))
{
......@@ -387,7 +409,7 @@ namespace Url
// if firsttime then let delta = delta div damp
// else let delta = delta div 2
delta = firsttime ? delta / DAMP : delta >> 1;
// let delta = delta + (delta div numpoints)
delta += (delta / numpoints);
......@@ -401,7 +423,7 @@ namespace Url
// let k = k + base
delta /= (BASE - TMIN);
}
// return k + (((base - tmin + 1) * delta) div (delta + skew))
return k + (((BASE - TMIN + 1) * delta) / (delta + SKEW));
}
......
/*
Copyright (c) 2016-2017 SEOmoz, Inc.
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#ifndef PUNYCODE_CPP_H
#define PUNYCODE_CPP_H
......
/*
Copyright (c) 2016-2017 SEOmoz, Inc.
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#include <algorithm>
#include <string>
#include <iterator>
......
/*
Copyright (c) 2016-2017 SEOmoz, Inc.
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#ifndef URL_CPP_H
#define URL_CPP_H
......
/*
Copyright (c) 2016-2017 SEOmoz, Inc.
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#include <algorithm>
#include <string>
#include <iostream>
......
/*
Copyright (c) 2016-2017 SEOmoz, Inc.
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#ifndef UTF8_CPP_H
#define UTF8_CPP_H
......
context("basic functionality")
test_that("we can do something", {
context("core functionality")
test_that("extraction and validation work", {
x <- sectxt(readLines(system.file("extdata", "security.txt", package="securitytxt")))
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment