jekyll-secinfo 0.1.1 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 40e46c1179460d5e0dd2a5be48fc399a2a1a536ccd8532249298823c68353626
-  data.tar.gz: '079b18a5a5ef5970c12effe60545aad3c25a7d495d42b4cffa2da423c226eae8'
+  metadata.gz: b42c9fb47ecdc616942907528198f12fa11aef810c9faf2de279aa1966dc2f37
+  data.tar.gz: 65dc27e0c3accdc565444e94b9f9912e922e7490d24fac11abc170354dea3910
 SHA512:
-  metadata.gz: 788656524aa4f0c7222d9a79b407875d5bab77f5ec217b2a843abfff7489e5099b45439d6d6fe2905c39b0ee1d6cd7f1202510d3cb1fa12a8724b3d9e66c7390
-  data.tar.gz: 03c2cb2160d6e3b61827f446173aba84733bb8a4b0709817a0c53aa4cf6f7435e1453cca89988a949eebbc5660e46bd200e09ab10d3933e3f59f882998186498
+  metadata.gz: 624d7ce5cbea3b4bb58960efa53aeb56fb10f80f1ccad37ae0ef5d35bec7fb8f9d3e6fcad6b3ece64a8447dd149143aacd9ea665a6a39c38b5e4fe40dfc16f70
+  data.tar.gz: 2b5802638bb9b581e1f5f9a06bc086f31cbe062dad18a35de1d3d22edb6422be424d57a7dd50ecba9f92e4f0c1b63a91a0328bda3c1231300f8afb9f93d352aa

data/.gitignore

@@ -10,3 +10,4 @@
 .DS_Store
 /spec/fixtures/.jekyll-cache
 *.gem
+*.bak

data/.rspec

@@ -1,3 +1,3 @@
 --color
 --require spec_helper
-#--order random
+--order random

data/README.md

@@ -1,7 +1,13 @@
 # Jekyll Secinfo
 
-This Jekyll pluging provides a tag and filter that turns references to security related info (currently only CVEs) into clickable links.
+This Jekyll pluging provides a tag and filter that turns references to security related info (CVEs and CWEs) into clickable links.
 
+
+[![Build Status](https://img.shields.io/circleci/build/github/MrSeccubus/jekyll-secinfo/main)](https://circleci.com/gh/MrSeccubus/jekyll-secinfo)
+[![Maintainability](https://api.codeclimate.com/v1/badges/a99a88d28ad37a79dbf6/maintainability)](https://codeclimate.com/github/codeclimate/codeclimate/maintainability)
+[![Test Coverage](https://api.codeclimate.com/v1/badges/a99a88d28ad37a79dbf6/test_coverage)](https://codeclimate.com/github/codeclimate/codeclimate/test_coverage)
+[![MIT License](https://img.shields.io/badge/License-MIT-brightgreen.svg)](https://github.com/MrSeccubus/jekyll-secinfo/blob/main/LICENSE.txt)
+[![Gem downloads](https://img.shields.io/gem/dt/jekyll-secinfo)](https://rubygems.org/gems/jekyll-secinfo)
 ## Installation
 
 Add this line to your Gemfile:
@@ -30,18 +36,24 @@ plugins:
 
 ## Usage
 
-As a tag `{% cve CVE-2019-19781 %}` or as a filter `{{ "cve-2019-19781" | cve }}`
+As a tag `{% cve CVE-2019-19781 %}`/`{% cwe CWE-78 %}` or as a filter `{{ "cve-2019-19781" | cve }}`/`{{ "cwe-787" | cwe }}`
 
-For CVE multiple formats are accepted:
-* Full CVE in lower or upper case e.g. `CVE-2019-19781` or `cve-2019-19781`
-* Just the number e.g. `2019-19781`
+For CVE and CWE filters an tags multiple formats are accepted:
+* Full CVE in lower or upper case e.g. `CVE-2019-19781`, `CVE-787`, `cve-2019-19781` or `cve-787`
+* Just the number e.g. `2019-19781` or `787`
 
 ## Result
 
 By default the plugin will output the following code
 
+CVEs
+```markup
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781" class="cve secinfo">CVE-2019-19781</a>
+```
+
+CWEs
 ```markup
-<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781" class="cve">CVE-2019-19781</a>
+<a href="https://cwe.mitre.org/data/definitions/787.html" class="cwe secinfo">
 ```
 
 ## Configuration
@@ -53,28 +65,49 @@ jekyll-secinfo:
   cve: 
     style: mitre    # Supported styles are mitre, nvd and cvedetails
     url:            # Style is ignored if a custom URL is defined.
+   cwe
+    style: mitre    # Supported styles are mitre and cvedetails
+    url:            # Style is ignored if a custom URL is defined.
 ```
 
 You can also put these values in the front matter of a page to override the values in `_config.yml` for a specific page.
 
 ### Styles
 
-For CVE's the style influences the way a tag or filter is rendered. This is how this input `{% cve CVE-2019-19781 %}` or as a filter `{{ "CVE-2019-19781" | cve }}` will be rendered in different styles:
+For CVEs and CWEs the style influences the way a tag or filter is rendered. This is how the following input will be rendered in different styles
+
+input as tags
+```markup
+CVE: {% cve CVE-2019-19781 %}
+CWE: {% cwe CWE-79 %}
+```
+
+input with filters:
+```markup
+CVE: {{ "CVE-2019-19781" | cve }}
+CWE: {{ "cwe-79" | cwe }}
+```
 
-mitre
+
+Mitre
 ```markup
-<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781" class="cve">CVE-2019-19781</a>
+CVE: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781" class="cve secinfo">CVE-2019-19781</a>
+CWE: <a href="https://cwe.mitre.org/data/definitions/79.html" class="cwe secinfo">CWE-79</a>
 ```
 
-mitre
+
+CVE details
 ```markup
-<a href="https://nvd.nist.gov/vuln/detail/CVE-2019-19781" class="cve">CVE-2019-19781</a>
+CVE: <a href="https://www.cvedetails.com/cve/CVE-2019-19781/" class="cve secinfo">CVE-2019-19781</a>
+CWE: <a href="https://www.cvedetails.com/cwe-details/79" class="cwe secinfo">CWE-79</a>
 ```
 
-mitre
+NVD
 ```markup
-<a href="https://www.cvedetails.com/cve/CVE-2019-19781/" class="cve">CVE-2019-19781</a>
+CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-19781" class="cve secinfo">CVE-2019-19781</a>
+CWE: <a href="https://cwe.mitre.org/data/definitions/79.html" class="cwe secinfo">CWE-79</a>
 ```
+(Since CWE doesn;t support the style `nvd` it falls back tot he default `mitre` style)
 
 ### Using your own URL
 
@@ -84,12 +117,17 @@ You can specify a custom URL to be used as well. If the url includes `%s` this w
 jekyll-secinfo: 
   cve: 
     url: http://localhost:4500/CVE-%s.html
+  cwe: 
+    url: http://localhost:4500/CWE-
 ---
 {% cve 1999-9999 %}
+{% cve 79 %}
+
 ```
 
 Will reneder as
 ```markup
-<p><a href="http://localhost:4500/CVE-1999-99999.html" class="cve">CVE-1999-99999</a></p>
+<p><a href="http://localhost:4500/CVE-1999-99999.html" class="cve secinfo">CVE-1999-99999</a>
+<a href="http://localhost:4500/CWE-79" class="cwe secinfo">CVE-1999-99999</a></p>
 ```
 

data/lib/jekyll-secinfo.rb

@@ -8,6 +8,7 @@ require "jekyll-secinfo/logger"
 
 # Core
 require "jekyll-secinfo/cve" 
+require "jekyll-secinfo/cwe" 
 
 module Jekyll::Secinfo
   Logger.display_info

data/lib/jekyll-secinfo/config.rb

@@ -4,43 +4,86 @@
 require "jekyll-secinfo/logger" 
 
 CONFIG_NAME = 'jekyll-secinfo'
-DEFAULT_CONFIG = {
-	CONFIG_NAME => {
-		"cve" => {
-			"style" => "mitre"
-		}
-	}
-}
-
 
 module Jekyll::Secinfo
 	class Config
-		
+				
 		def self.get(site_config, page)
-			config = DEFAULT_CONFIG
-			if site_config
-				config = config.merge(site_config) if site_config.key?(CONFIG_NAME)
-			end
-			if page.key?(CONFIG_NAME)
-				fromdoc = { CONFIG_NAME => page[CONFIG_NAME] }
-				config = config.merge(fromdoc)
+			config = { 
+				"cve" => {},
+				"cwe" => {} 
+			}
+			if site_config && site_config.key?(CONFIG_NAME) 
+				#config["site"] = site_config[CONFIG_NAME]
+				if site_config[CONFIG_NAME].key?("cve") && site_config[CONFIG_NAME]["cve"]
+					if site_config[CONFIG_NAME]["cve"].key?("style") && site_config[CONFIG_NAME]["cve"]["style"]
+						config["cve"]["style"] = site_config[CONFIG_NAME]["cve"]["style"]
+					end
+					if site_config[CONFIG_NAME]["cve"].key?("url") && site_config[CONFIG_NAME]["cve"]["url"]
+						config["cve"]["url"] = site_config[CONFIG_NAME]["cve"]["url"]
+					end
+				end
+				if site_config[CONFIG_NAME].key?("cwe") && site_config[CONFIG_NAME]["cwe"]
+					if site_config[CONFIG_NAME]["cwe"].key?("style") && site_config[CONFIG_NAME]["cwe"]["style"]
+						config["cwe"]["style"] = site_config[CONFIG_NAME]["cwe"]["style"]
+					end
+					if site_config[CONFIG_NAME]["cwe"].key?("url") && site_config[CONFIG_NAME]["cwe"]["url"]
+						config["cwe"]["url"] = site_config[CONFIG_NAME]["cwe"]["url"]
+					end
+				end
 			end
 
-			if not config[CONFIG_NAME]["cve"].key?("url")
-				case config[CONFIG_NAME]["cve"]["style"]
+			if page.key?(CONFIG_NAME) && page[CONFIG_NAME]
+	    		if page[CONFIG_NAME].key?("cve") && page[CONFIG_NAME]["cve"]
+	    			if page[CONFIG_NAME]["cve"].key?("style") && page[CONFIG_NAME]["cve"]["style"]
+	    				config["cve"]["style"]=page[CONFIG_NAME]["cve"]["style"]
+	    				config["cve"].delete("url")
+		    		end
+	    			if page[CONFIG_NAME]["cve"].key?("url") && page[CONFIG_NAME]["cve"]["url"]
+	    				config["cve"]["url"]=page[CONFIG_NAME]["cve"]["url"]
+	    				config["cve"].delete("style")
+		    		end
+		    	end
+	    		if page[CONFIG_NAME].key?("cwe") && page[CONFIG_NAME]["cwe"]
+	    			if page[CONFIG_NAME]["cwe"].key?("style") && page[CONFIG_NAME]["cwe"]["style"]
+	    				config["cwe"]["style"]=page[CONFIG_NAME]["cwe"]["style"]
+	    				config["cwe"].delete("url")
+		    		end
+	    			if page[CONFIG_NAME]["cwe"].key?("url") && page[CONFIG_NAME]["cwe"]["url"]
+	    				config["cwe"]["url"]=page[CONFIG_NAME]["cwe"]["url"]
+	    				config["cwe"].delete("style")
+		    		end
+		    	end
+			end			
+
+			if not config["cve"]["url"]  
+				case config["cve"]["style"]
 				when "mitre"
-					config[CONFIG_NAME]["cve"]["url"] = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
+					config["cve"]["url"] = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
 				when "cvedetails"
-					config[CONFIG_NAME]["cve"]["url"] = "https://www.cvedetails.com/cve/CVE-%s/"
+					config["cve"]["url"] = "https://www.cvedetails.com/cve/CVE-%s/"
 				when "nvd"
-					config[CONFIG_NAME]["cve"]["url"] = "https://nvd.nist.gov/vuln/detail/CVE-"
+					config["cve"]["url"] = "https://nvd.nist.gov/vuln/detail/CVE-"
 				else
-					# Unknown CVE style unsing 'mitre'-style instead
-					config[CONFIG_NAME]["cve"]["url"] = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
+					# Unknown CVE style using 'mitre'-style instead
+					config["cve"]["url"] = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
 				end
 			end
 
-			return config[CONFIG_NAME]
+			if not config["cwe"]["url"]  
+				case config["cwe"]["style"]
+				when "mitre", "nvd"
+					config["cwe"]["url"] = "https://cwe.mitre.org/data/definitions/%s.html"
+				when "cvedetails"
+					config["cwe"]["url"] = "https://www.cvedetails.com/cwe-details/"
+				else
+					# Unknown CWE style using 'mitre'-style instead
+					config["cwe"]["url"] = "https://cwe.mitre.org/data/definitions/%s.html"
+				end
+			end
+
+
+			return config
 		end #get_config
 
 	end #Config

data/lib/jekyll-secinfo/cve.rb

@@ -9,7 +9,7 @@ require "jekyll-secinfo/config"
 module Jekyll::Secinfo
   class Cve
     
-    def self.cve_to_link(text, site, page)
+    def self.to_link(text, site, page)
       #Logger.log(context)
       config = Jekyll::Secinfo::Config.get(site, page)
       m = text.match(/^(CVE-|cve-)?(\d{4}-\d{4,})/) # See https://cve.mitre.org/cve/identifiers/syntaxchange.html
@@ -19,7 +19,7 @@ module Jekyll::Secinfo
         else
           url="#{config["cve"]["url"]}#{m[2]}"
         end
-        return "<a href='#{url}' class='cve'>CVE-#{m[2]}</a>"
+        return "<a href='#{url}' class='cve secinfo'>CVE-#{m[2]}</a>"
       else
         return nil
       end
@@ -35,7 +35,7 @@ module Jekyll::Secinfo
 
     def render(context)
       cve_text = @text.strip
-      out = Cve.cve_to_link(cve_text, context["site"]["config"], context["page"])
+      out = Cve.to_link(cve_text, context["site"], context["page"])
       return out if out
       return @text
     end
@@ -45,7 +45,7 @@ module Jekyll::Secinfo
   module CveFilter
     def cve(cvetxt, niets = nil)
       if cvetxt
-        link = Cve.cve_to_link(cvetxt, @context.registers[:site].config, @context.registers[:page])
+        link = Cve.to_link(cvetxt, @context.registers[:site].config, @context.registers[:page])
         if link
           return link
         else

data/lib/jekyll-secinfo/cwe.rb

@@ -0,0 +1,63 @@
+# External
+require "jekyll"
+require "jekyll-secinfo/version"
+
+# Support
+require "jekyll-secinfo/logger" 
+require "jekyll-secinfo/config" 
+
+module Jekyll::Secinfo
+  class Cwe
+    
+    def self.to_link(text, site, page)
+      #Logger.log(context)
+      config = Jekyll::Secinfo::Config.get(site, page)
+      m = text.match(/^(CWE-|cwe-)?(\d+)/) 
+      if m
+        if config["cwe"]["url"] =~ /\%s/
+          url=config["cwe"]["url"] % m[2]
+        else
+          url="#{config["cwe"]["url"]}#{m[2]}"
+        end
+        return "<a href='#{url}' class='cwe secinfo'>CWE-#{m[2]}</a>"
+      else
+        return nil
+      end
+    end
+  end
+
+  class CweTag < Liquid::Tag
+
+    def initialize(tagName, text, tokens)
+      super
+      @text = text
+    end
+
+    def render(context)
+      cwe_text = @text.strip
+      out = Cwe.to_link(cwe_text, context["site"], context["page"])
+      return out if out
+      return @text
+    end
+
+  end
+
+  module CweFilter
+    def cwe(cwetxt, niets = nil)
+      if cwetxt
+        link = Cwe.to_link(cwetxt, @context.registers[:site].config, @context.registers[:page])
+        if link
+          return link
+        else
+          return cwetxt
+        end
+      else
+        return ""
+      end
+    end
+  end
+
+  Liquid::Template.register_tag("cwe", Jekyll::Secinfo::CweTag)
+  Liquid::Template.register_filter(CweFilter)
+
+end

data/lib/jekyll-secinfo/version.rb

@@ -1,5 +1,5 @@
 module Jekyll
   module Secinfo
-    VERSION = "0.1.1"
+    VERSION = "0.2.0"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jekyll-secinfo
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Frank Breedijk
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-29 00:00:00.000000000 Z
+date: 2021-02-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jekyll
@@ -114,6 +114,7 @@ files:
 - lib/jekyll-secinfo.rb
 - lib/jekyll-secinfo/config.rb
 - lib/jekyll-secinfo/cve.rb
+- lib/jekyll-secinfo/cwe.rb
 - lib/jekyll-secinfo/logger.rb
 - lib/jekyll-secinfo/version.rb
 homepage: https://github.com/MrSeccubus/jekyll-secinfo