security.txt parser and validator

These details have not been verified by PyPI

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Project description

SecTXT: Security.txt parser and validator

This package contains a security.txt (RFC 9116) parser and validator.

Usage:

>>> from sectxt import SecurityTXT
>>> s = SecurityTXT("www.example.com")
>>> s.is_valid()
True

Validation

>>> from sectxt import SecurityTXT
>>> s = SecurityTXT("www.example.com")
>>> s.errors
[{'code': 'no_uri', 'message': 'The field value must be an URI', 'line': 2}, {'code': 'no_expire', 'message': 'The Expires field is missing', 'line': None}]
>>> s.recommendations
[{'code': 'long_expiry', 'message': 'Expiry date is more than one year in the future', 'line': 3}]

The "errors" and "recommendations" attribute return a list of entries. An entry is a dict with three keys

key	value
code	A fixed error code string
message	A human readable error message in English
line	The 1 based integer line number where the error occurred or None when the error applies to the entire file

Possible errors

code	message
"no_expire"	"Expires field is missing."
"multi_expire"	"Expires field must appear only once."
"expired"	"Expiry date has passed."
"invalid_expiry"	"Date in Expires field is invalid."
"no_canonical_match"	"URL does not match with canonical URLs."
"no_contact"	"Contact field must appear at least once."
"prec_ws"	"There must be no whitespace before the field separator (colon)."
"empty_key"	"Field key can not be empty."
"no_space"	"The field separator (colon) must be followed by a space."
"empty_value"	"Field value can not be empty."
"no_uri"	"Field value must be an URI."
"no_https"	"A web URI must be https."
"utf8"	"Content is not utf-8 encoded."
"location"	"Security.txt must be located at .well-known/security.txt."
"no_security_txt"	"Can not locate security.txt."
"multi_lang"	"Multiple Preferred-Languages lines are not allowed."
"invalid_line"	"No key and value found."
"invalid_cert"	"Invalid certificate.
"no_content_type"	"Missing HTTP content-type header."
"invalid_media"	"Media type in content-type header must be 'text/plain'.
"invalid_charset"	"Charset parameter in content-type header must be 'utf-8' if present."

Possible recommendations

code	message
"long_expiry"	"Expiry date is more than one year in the future."
"no_encryption"	"Contact missing encryption key for email communication.",
"not_signed"	"The contents should be digitally signed."
"no_canonical"	"Canonical field should be present in a signed file."

Project details

These details have not been verified by PyPI

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

0.9.3

Apr 9, 2024

0.9.2

Mar 7, 2024

0.9.1

Nov 7, 2023

0.9.0

Aug 3, 2023

0.8.3

Apr 17, 2023

0.8.2

Apr 14, 2023

0.8.1

Feb 22, 2023

0.8

Jan 11, 2023

0.7

Nov 10, 2022

0.6

Oct 10, 2022

0.5

Oct 6, 2022

This version

0.4

Sep 26, 2022

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sectxt-0.4.tar.gz (11.0 kB view hashes)

Uploaded Sep 26, 2022 Source

Built Distribution

sectxt-0.4-py3-none-any.whl (11.0 kB view hashes)

Uploaded Sep 26, 2022 Python 3

Hashes for sectxt-0.4.tar.gz

Hashes for sectxt-0.4.tar.gz
Algorithm	Hash digest
SHA256	`090d6955f5114f54eb7ce37d1314d35c06d65a0c80b36727b1484334a004b2ee`
MD5	`509db5b7ff4843706e51cdcc3d4b3643`
BLAKE2b-256	`76f2cb9ebaf5e9a03aed6601411d9fa88983ced2fa899912148af5e26a89b867`

Hashes for sectxt-0.4-py3-none-any.whl

Hashes for sectxt-0.4-py3-none-any.whl
Algorithm	Hash digest
SHA256	`2230ae05fc4c08cf4545ec7d048c48e4ec46dc474663537fd77efee5ef77a8a6`
MD5	`fa63cefeed5bd765e2a250e234ade2f3`
BLAKE2b-256	`2f4ce7b5f53c2a02e527177fe4225d7a9bf6cf424b5c14b72a935f14cb9edc25`