feat: Check if server contains posit

DESCRIPTION

@@ -1,7 +1,7 @@
 Type: Package
 Package: audit.base
 Title: Base package for Posit Checks
-Version: 0.6.8
+Version: 0.6.9
 Authors@R:
     person("Jumping", "Rivers", , "[email protected]", role = c("aut", "cre"))
 Description: Base package for sharing classes between posit audit

NAMESPACE

@@ -3,6 +3,7 @@
 export(audit_posit_version)
 export(augment_installed)
 export(base_check)
+export(check_server_headers)
 export(check_sys_deps)
 export(clean_libs)
 export(create_config)

NEWS.md

@@ -1,3 +1,6 @@
+# audit.base 0.6.9 _2023-09-30_
+- feat: Check if `server` contains `Posit`
+
 # audit.base 0.6.8 _2023-09-23_
 - feat: Improved cli of software versions
 

R/check_server_headers.R

@@ -0,0 +1,28 @@
+#' Check server headers
+#'
+#' In addition to the checks made by {serverHeaders} we also check
+#' that Posit isn't in one of the headers.
+#' @param server URL of server
+#' @export
+check_server_headers = function(server) {
+  out = serverHeaders::check(server)
+  posit_headers = get_posit_headers(out$headers)
+  out$headers = dplyr::bind_rows(out$headers, posit_headers)
+  out
+}
+
+# Detects if we are leaking server header information
+get_posit_headers = function(headers) {
+  posit_header = headers |>
+    dplyr::filter(.data$header == "server" &
+                    stringr::str_detect(.data$message, "[p|P]osit")) |>
+    dplyr::mutate(documentation = "https://developer.mozilla.org/docs/Web/HTTP/Headers/Server",
+                  primary_header = TRUE,
+                  status = "WARN")
+  if (nrow(posit_header) == 0) {
+    cli::cli_alert_success("{cli::col_green('server')}: Does not leak information")
+  } else {
+    cli::cli_alert_danger("{cli::col_red('server')}: Contains too much information")
+  }
+  return(posit_header)
+}

R/create_software_tibble.R

@@ -30,10 +30,10 @@ get_latest_versions_from_posit = function(type = c("r", "python")) {
   versions = unlist(jsonlite::read_json(url))
   versions = unname(versions)
   tibble::tibble(patch = get_patch(versions), major = get_major(versions), versions = versions) |>
-    dplyr::filter(!is.na(patch)) |>
-    dplyr::arrange(major, -patch) |>
-    dplyr::group_by(major) |>
-    dplyr::mutate(patch = max(patch))  |>
+    dplyr::filter(!is.na(.data$patch)) |>
+    dplyr::arrange(.data$major, -.data$patch) |>
+    dplyr::group_by(.data$major) |>
+    dplyr::mutate(patch = max(.data$patch))  |>
     dplyr::slice(1) |>
     dplyr::pull(versions)
 }

R/quarto-helpers.R

@@ -5,10 +5,11 @@
 #' @export
 get_quarto_server_header = function(out) {
   headers = out$server_headers$headers
+  headers = dplyr::bind_rows(headers, get_posit_headers(headers))
   headers = dplyr::filter(headers, .data$primary_header)
   headers = dplyr::arrange(headers, dplyr::desc(.data$status)) %>%
     dplyr::mutate(
-      header_docs = purrr::map(.data$documentation, ~ htmltools::a(href = .x, "(docs)")),
+      header_docs = purrr::map(.data$documentation, ~htmltools::a(href = .x, "(docs)")),
       message = purrr::map2(message, .data$header_docs,
                             ~ gt::html(paste(.x, as.character(.y))))) %>%
     dplyr::mutate(value = ifelse(is.na(.data$value), "-", .data$value))

R/software-versions.R

@@ -8,7 +8,7 @@ augment_installed = function(installed, verbose = TRUE) {
   installed = in_db(installed)
   installed = add_upgrade_column(installed)
   installed$major = package_version(installed$major)
-  installed = dplyr::arrange(installed, software, dplyr::desc(major))
+  installed = dplyr::arrange(installed, .data$software, dplyr::desc(.data$major))
   if (verbose) print_colour_versions(installed)
   installed
 }