Tests for insecure CSP settings

check_script_unsafe_inline(csp_df)

check_script_unsafe_eval(csp_df)

check_plain_url_schemes(csp_df)

check_wildcards(csp_df)

check_missing_directives(csp_df)

check_ip_source(csp_df)

check_deprecated(csp_df)

check_nonce_length(csp_df)

check_src_http(csp_df)

Arguments

csp_df

Preferably a CSP data frame (made with as.data.frame()) but can be a raw CSP object. Passing in a pre-made data frame will be faster when using multiple CSP security checker functions.

Value

a csp_finding or csp_findings_list object containing one or more csp_finding objects. Each csp_finding object will have the category, severity, message and where the violation(s) occurred.

References

CSP With Google