jekyll-secinfo 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: db36616adf02913710e54b3ae0215749cea04314b2df6c9de1644b977d37b05d
+  data.tar.gz: 5feeff4c6bdb0403c5040607c8f855b732a69f1c5bb5ae483126cb5459337bc8
+SHA512:
+  metadata.gz: 70436d3f1d3ea17ddf0bf9971b71f3537696872c08f7c7dc58e0ae79fe727953697d7d27dc490f31b7b27b2695743b438891f1bd146a252879478d25818b2ed7
+  data.tar.gz: d43d7d97f2ed4d16071189e871f9bec4644ac5f508ff6bec6c87212bbf1d54eb2fa363ddd2e8b13ee6a21f991e5f9a2d97593a47c3c4ee22092f220b1866b99f

data/.circleci/config.yml

@@ -0,0 +1,54 @@
+version: 2
+jobs:
+
+  test_and_build:
+    docker:
+      - image: ruby:latest
+    steps:
+      - run: (cd /root/;rm -rf project;mkdir project)
+      - checkout
+      - run: 
+          name: Set up
+          command: |
+            bundle install --jobs 4
+      - run:
+          name: Rake :spec
+          command: |
+            rake 
+
+  upload:
+    docker:
+      - image: ruby:latest
+    steps:
+      - run:
+          name: Install software
+          command: |
+            #apk update;
+            #apk add rsync openssh sshpass;
+            #echo "set ftp:passive-mode true" > ~/.lftprc
+      - restore_cache:
+          key: jekyll-{{ .Environment.CIRCLE_SHA1 }}
+      - run:
+          name: Upload
+          command: |
+            #mkdir ~/.ssh;
+            #echo  "upload.bit.nl,213.136.12.217 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIVx+0N0LECcGHPywPCk9uz4/l3kNUVNe5QQRleIkMCTarkYauvRrPNPl49x3LIjF6cZsmQZX7jwgsJqEzfcF98=" > ~/.ssh/known_hosts;
+            #cd /root/project/;
+            #sshpass -e rsync -av .htaccess www-divd@upload.bit.nl:htdocs;
+            #cd /root/project/csirt.divd.nl/_site;
+            #sshpass -e rsync -av . www-divd@upload.bit.nl:htdocs/securitymeldpunt-nl;
+            #cd /root/project/www.divd.nl/_site;
+            #sshpass -e rsync -av . www-divd@upload.bit.nl:htdocs/divd-nl;
+
+workflows:
+  version: 2
+  build_and_upload:
+    jobs:
+      - test_and_build
+      - upload:
+          requires:
+            - test_and_build
+          filters:
+            branches:
+              only:
+                - main

data/.gitignore

@@ -0,0 +1,12 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+.DS_Store
+/spec/fixtures/.jekyll-cache
+*.gem

data/.rspec

@@ -0,0 +1,3 @@
+--color
+--require spec_helper
+#--order random

data/ACKNOWLEDGEMENTS.md

@@ -0,0 +1,5 @@
+This project is inspirect by and contains code form the following projects:
+* Jekyll-YouTube - https://github.com/dommmel/jekyll-youtube - Copyright (c) 2015 Dommmel - MIT license
+* Jekyll-Spaceship - https://github.com/jeffreytse/jekyll-spaceship/ - Copyright (c) 2019 Jeffrey Tse - MIT license
+* Jekyll-Mentions - https://github.com/jekyll/jekyll-mentions - Copyright (c) 2014-present GitHub, Inc. and the jekyll-mentions contributors
+ - MIT license

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in jekyllcontentful.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Dommmel
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,95 @@
+# Jekyll Secinfo
+
+This Jekyll pluging provides a tag and filter that turns references to security related info (currently only CVEs) into clickable links.
+
+## Installation
+
+Add this line to your Gemfile:
+
+```ruby
+group :jekyll_plugins do
+  gem "jekyll-secinfo"
+end
+```
+
+And then execute:
+
+    $ bundle
+
+Alternatively install the gem yourself as:
+
+    $ gem install jekyll-secinfo
+
+and put this in your ``_config.yml`` 
+
+```yaml
+plugins: 
+- jekyll-secinfo
+# This will require each of these gems automatically.
+```
+
+## Usage
+
+As a tag `{% cve CVE-2019-19781 %}` or as a filter `{{ "cve-2019-19781" | cve }}`
+
+For CVE multiple formats are accepted:
+* Full CVE in lower or upper case e.g. `CVE-2019-19781` or `cve-2019-19781`
+* Just the number e.g. `2019-19781`
+
+## Result
+
+By default the plugin will output the following code
+
+```markup
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781" class="cve">CVE-2019-19781</a>
+```
+
+## Configuration
+
+The behaviour of this plugin can be configured in `_config.yml`
+
+```yml
+jekyll-secinfo: 
+  cve: 
+    style: mitre    # Supported styles are mitre, nvd and cvedetails
+    url:            # Style is ignored if a custom URL is defined.
+```
+
+You can also put these values in the front matter of a page to override the values in `_config.yml` for a specific page.
+
+### Styles
+
+For CVE's the style influences the way a tag or filter is rendered. This is how this input `{% cve CVE-2019-19781 %}` or as a filter `{{ "CVE-2019-19781" | cve }}` will be rendered in different styles:
+
+mitre
+```markup
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781" class="cve">CVE-2019-19781</a>
+```
+
+mitre
+```markup
+<a href="https://nvd.nist.gov/vuln/detail/CVE-2019-19781" class="cve">CVE-2019-19781</a>
+```
+
+mitre
+```markup
+<a href="https://www.cvedetails.com/cve/CVE-2019-19781/" class="cve">CVE-2019-19781</a>
+```
+
+### Using your own URL
+
+You can specify a custom URL to be used as well. If the url includes `%s` this will be substituted with the number part of the CVE once. Otherwise the number part of the CVE will be appended to the url.
+
+```markup
+jekyll-secinfo: 
+  cve: 
+    url: http://localhost:4500/CVE-%s.html
+---
+{% cve 1999-9999 %}
+```
+
+Will reneder as
+```markup
+<p><a href="http://localhost:4500/CVE-1999-99999.html" class="cve">CVE-1999-99999</a></p>
+```
+

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/jekyll-secinfo.gemspec

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'jekyll-secinfo/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "jekyll-secinfo"
+  spec.version       = Jekyll::Secinfo::VERSION
+  spec.authors       = ["Frank Breedijk"]
+  spec.email         = ["fbreedijk@schubergphilis.com"]
+
+  spec.summary       = %q{jekyll plugin to generate html snippets various security info}
+  spec.description   = %q{This Jekyll plugin to generate html snippets for clickable security information tags like CVEs and CWEs}
+  spec.homepage      = "https://github.com/MrSeccubus/jekyll-secinfo"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency 'jekyll'
+  spec.add_dependency "rainbow", "~> 3.0"
+
+  spec.add_development_dependency "bundler", "~> 2.1"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "rubocop-jekyll", "~> 0.4"
+end

data/lib/jekyll-secinfo.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+# External 
+require "jekyll"
+
+# Support
+require "jekyll-secinfo/logger" 
+
+# Core
+require "jekyll-secinfo/cve" 
+
+module Jekyll::Secinfo
+  Logger.display_info
+end
+

data/lib/jekyll-secinfo/config.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+# Support
+require "jekyll-secinfo/logger" 
+
+CONFIG_NAME = 'jekyll-secinfo'
+DEFAULT_CONFIG = {
+	CONFIG_NAME => {
+		"cve" => {
+			"style" => "mitre"
+		}
+	}
+}
+
+
+module Jekyll::Secinfo
+	class Config
+		
+		def self.get(site_config, page)
+			config = DEFAULT_CONFIG
+			if site_config
+				config = config.merge(site_config) if site_config.key?(CONFIG_NAME)
+			end
+			if page.key?(CONFIG_NAME)
+				fromdoc = { CONFIG_NAME => page[CONFIG_NAME] }
+				config = config.merge(fromdoc)
+			end
+
+			if not config[CONFIG_NAME]["cve"].key?("url")
+				case config[CONFIG_NAME]["cve"]["style"]
+				when "mitre"
+					config[CONFIG_NAME]["cve"]["url"] = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
+				when "cvedetails"
+					config[CONFIG_NAME]["cve"]["url"] = "https://www.cvedetails.com/cve/CVE-%s/"
+				when "nvd"
+					config[CONFIG_NAME]["cve"]["url"] = "https://nvd.nist.gov/vuln/detail/CVE-"
+				else
+					# Unknown CVE style unsing 'mitre'-style instead
+					config[CONFIG_NAME]["cve"]["url"] = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
+				end
+			end
+
+			return config[CONFIG_NAME]
+		end #get_config
+
+	end #Config
+end #module

data/lib/jekyll-secinfo/cve.rb

@@ -0,0 +1,63 @@
+# External
+require "jekyll"
+require "jekyll-secinfo/version"
+
+# Support
+require "jekyll-secinfo/logger" 
+require "jekyll-secinfo/config" 
+
+module Jekyll::Secinfo
+  class Cve
+    
+    def self.cve_to_link(text, site, page)
+      #Logger.log(context)
+      config = Jekyll::Secinfo::Config.get(site, page)
+      m = text.match(/^(CVE-|cve-)?(\d{4}-\d{4,})/) # See https://cve.mitre.org/cve/identifiers/syntaxchange.html
+      if m
+        if config["cve"]["url"] =~ /\%s/
+          url=config["cve"]["url"] % m[2]
+        else
+          url="#{config["cve"]["url"]}#{m[2]}"
+        end
+        return "<a href='#{url}' class='cve'>CVE-#{m[2]}</a>"
+      else
+        return nil
+      end
+    end
+  end
+
+  class CveTag < Liquid::Tag
+
+    def initialize(tagName, text, tokens)
+      super
+      @text = text
+    end
+
+    def render(context)
+      cve_text = @text.strip
+      out = Cve.cve_to_link(cve_text, context["site"]["config"], context["page"])
+      return out if out
+      return @text
+    end
+
+  end
+
+  module CveFilter
+    def cve(cvetxt, niets = nil)
+      if cvetxt
+        link = Cve.cve_to_link(cvetxt, @context.registers[:site].config, @context.registers[:page])
+        if link
+          return link
+        else
+          return cvetxt
+        end
+      else
+        return ""
+      end
+    end
+  end
+
+  Liquid::Template.register_tag("cve", Jekyll::Secinfo::CveTag)
+  Liquid::Template.register_filter(CveFilter)
+
+end

data/lib/jekyll-secinfo/logger.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require 'jekyll-secinfo/version'
+require 'rainbow/refinement'
+
+using Rainbow
+
+
+module Jekyll::Secinfo
+  class Logger
+    def initialize(namespace)
+      @namespace = namespace
+    end
+
+    def self.display_info
+      self.log "Jekyll-Secinfo #{Jekyll::Secinfo::VERSION}"
+      self.log 'A Jekyll plugin to provide clickability to security info like CVEs and CWEs.'
+      self.log 'https://github.com/MrSeccubus/jekyll-secinfo'.underline
+    end
+
+    def self.log(content)
+      if (content.is_a? String)
+        self.output 'Jekyll Secinfo', content.bright
+      else
+        self.output 'Jekyll Secinfo', content.inspect.bright
+      end
+    end
+
+    def self.output(title, content)
+      puts "#{title.rjust(18)}: #{content}"
+    end
+
+    def log(content)
+      if @namespace.nil?
+        self.class.log content
+      else
+        self.class.log "[#{@namespace}] #{content}"
+      end
+    end
+  end
+end

data/lib/jekyll-secinfo/version.rb

@@ -0,0 +1,5 @@
+module Jekyll
+  module Secinfo
+    VERSION = "0.0.1"
+  end
+end

metadata

@@ -0,0 +1,142 @@
+--- !ruby/object:Gem::Specification
+name: jekyll-secinfo
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Frank Breedijk
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2021-01-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jekyll
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rainbow
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-jekyll
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+description: This Jekyll plugin to generate html snippets for clickable security information
+  tags like CVEs and CWEs
+email:
+- fbreedijk@schubergphilis.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".circleci/config.yml"
+- ".gitignore"
+- ".rspec"
+- ACKNOWLEDGEMENTS.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- jekyll-secinfo.gemspec
+- lib/jekyll-secinfo.rb
+- lib/jekyll-secinfo/config.rb
+- lib/jekyll-secinfo/cve.rb
+- lib/jekyll-secinfo/logger.rb
+- lib/jekyll-secinfo/version.rb
+homepage: https://github.com/MrSeccubus/jekyll-secinfo
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key: 
+specification_version: 4
+summary: jekyll plugin to generate html snippets various security info
+test_files: []