jekyll-cve-badge 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: e152973b1af5f5b503e255a95f0504447b2d94dc03ce3f3f6229c6a33fbccf5e
+  data.tar.gz: 4fc0f7d858597e6f8eb11c234708f7f5b435c158373aad245bc3d8ac86a8bafe
+SHA512:
+  metadata.gz: 69aad079968893ffce9ec349b879b2c0c7156afa40cacad51d7edefec9f919a973a2f6ec8d9e1df76864ec9edefb17abeef58a1e5a774fbe9f8a7b2eaa1a68e7
+  data.tar.gz: f158849c3bda81a3d5dc5f4f04c1f585ad51e5518d79a66b603f0d67721ee016da39aa1e23aa5ab754a5d2dad027ff4805e7e54d7ff611f6dafebc12ea5cf490

data/.gitignore

@@ -0,0 +1,11 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+.DS_Store
+*.gem

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2021 Rasmus Moorats
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,30 @@
+# Jekyll CVE badge
+
+Generates a shields-like badge for a specified CVE. Automatically fetches the CVSS score from NVD and generates the badge accordingly.
+
+![2021-09-14-14-29-21](https://user-images.githubusercontent.com/36747857/133249814-91cb7b07-41af-4a67-9f97-f049d6a3ca57.png)
+
+It uses CVSSv3 by default. If the CVE is old and a CVSSv3 is not available, CVSSv2 will be used. The badge itself links to the corresponding page on NVD.
+
+### Installation and usage
+
+Add the following to your Gemfile's jekyll_plugins group:
+```rb
+gem "jekyll-cve-badge", :git => "https://github.com/neonsea/jekyll-cve-badge.git"
+```
+
+Run `bundler install`.
+
+You can then use the tag `cve_badge` anywhere. For example:
+```md
+{% cve_badge "CVE-2021-31698" %}
+```
+
+### Notes
+
+* NVD's API is slow, so posts will take quite a lot longer to generate. Not much I can do here
+* Add a `cve-badge.html` in your `_layouts` directory for custom styling. The layout is passed the params `cve_id`, `cve_severity`, and `cve_score`
+
+### TODO
+
+* Add flag to just add the badge with no CVSS rating

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/jekyll-cve-badge.gemspec

@@ -0,0 +1,23 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'jekyll-cve-badge/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "jekyll-cve-badge"
+  spec.version       = Jekyll::CVEBadge::VERSION
+  spec.authors       = ["Rasmus Moorats"]
+  spec.email         = ["xx@nns.ee"]
+
+  spec.summary       = %q{Jekyll plugin to embed a shields-like badge for CVE IDs}
+  spec.description   = %q{Jekyll plugin to embed a shields-like badge for CVE IDs}
+  spec.homepage      = "https://github.com/neonsea/jekyll-cve-badge"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency 'jekyll'
+  spec.add_development_dependency "bundler", "~> 2.2"
+  spec.add_development_dependency "rake", "~> 10.0"
+end

data/lib/jekyll-cve-badge/api-helper.rb

@@ -0,0 +1,27 @@
+module Jekyll
+  module CVEBadge
+    module APIHelper
+      
+      def get_cvss_severity_score(cve_id)
+        uri = URI.parse("https://services.nvd.nist.gov/rest/json/cve/1.0/#{cve_id}")
+
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = true
+        request = Net::HTTP::Get.new(uri.request_uri)
+        response = http.request(request)
+
+        if response.code != "200"
+          [nil, nil]
+        end
+
+        result = JSON.parse(response.body)
+
+        if result["result"]["CVE_Items"][0]["impact"]["baseMetricV3"] != nil
+          [result["result"]["CVE_Items"][0]["impact"]["baseMetricV3"]["cvssV3"]["baseSeverity"], result["result"]["CVE_Items"][0]["impact"]["baseMetricV3"]["cvssV3"]["baseScore"]]
+        else
+          [result["result"]["CVE_Items"][0]["impact"]["baseMetricV2"]["severity"], result["result"]["CVE_Items"][0]["impact"]["baseMetricV2"]["cvssV2"]["baseScore"]]
+        end
+      end
+    end
+  end
+end

data/lib/jekyll-cve-badge/version.rb

@@ -0,0 +1,5 @@
+module Jekyll
+  module CVEBadge
+    VERSION = "0.0.1"
+  end
+end

data/lib/jekyll-cve-badge.rb

@@ -0,0 +1,75 @@
+require "jekyll"
+require "jekyll-cve-badge/api-helper"
+require "jekyll-cve-badge/version"
+require "json"
+require "net/http"
+require "uri"
+class CVEBadge < Liquid::Tag
+
+  include Jekyll::CVEBadge::APIHelper
+
+  def initialize(tagName, content, tokens)
+    super
+    @content = content
+  end
+
+  def render(context)
+    cve_id = "#{context[@content.strip]}"
+
+    (cve_severity, cve_score) = get_cvss_severity_score(cve_id)
+
+    tmpl_path = File.join Dir.pwd, "_includes", "cve-badge.html"
+    if File.exist?(tmpl_path)
+      tmpl = File.read tmpl_path
+      site = context.registers[:site]
+      tmpl = (Liquid::Template.parse tmpl).render site.site_payload.merge!({"cve_id" => @cve_id, "cve_severity" => @cve_severity, "cve_score" => @cve_score})
+    else
+      %Q{<style>
+        .cve-container {
+          margin-bottom: 1em;
+        }
+
+        .cve-container > a {
+          border-bottom: none;
+        }
+
+        .cve-badge {
+          color: #fff;
+          padding: 2px 7px;
+          font-weight: 300;
+          font-size: 1.5rem;
+        }
+      
+        .cve-id {
+          border-radius: 4px 0px 0px 4px;
+          background-color: #8963BA;
+          background-image: linear-gradient(to top right, #8963BA, #EF476F);
+        }
+      
+        .cve-score {
+          border-radius: 0px 4px 4px 0px;
+          box-shadow: inset 7px 0 10px -7px rgb(0 0 0 / 0.4);
+        }
+      
+        .cve-score.severity-critical {
+          background-color: #333333;
+        }
+      
+        .cve-score.severity-high {
+          background-color: #d62f2c;
+        }
+      
+        .cve-score.severity-medium {
+          background-color: #de7f0b;
+        }
+      
+        .cve-score.severity-low {
+          background-color: #eadc38;
+          color: #3f3f3f;
+        }
+</style><div class="cve-container"><a href="https://nvd.nist.gov/vuln/detail/#{cve_id}"><span class="cve-badge cve-id">#{cve_id}</span><span class="cve-badge cve-score severity-#{cve_severity.downcase}">#{cve_severity}: #{cve_score}</span></a></div>}
+    end
+  end
+
+  Liquid::Template.register_tag "cve_badge", self
+end

metadata

@@ -0,0 +1,94 @@
+--- !ruby/object:Gem::Specification
+name: jekyll-cve-badge
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Rasmus Moorats
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2021-09-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jekyll
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+description: Jekyll plugin to embed a shields-like badge for CVE IDs
+email:
+- xx@nns.ee
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- jekyll-cve-badge.gemspec
+- lib/jekyll-cve-badge.rb
+- lib/jekyll-cve-badge/api-helper.rb
+- lib/jekyll-cve-badge/version.rb
+homepage: https://github.com/neonsea/jekyll-cve-badge
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.5
+signing_key: 
+specification_version: 4
+summary: Jekyll plugin to embed a shields-like badge for CVE IDs
+test_files: []