jekyll-secinfo 0.1.1 → 0.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 40e46c1179460d5e0dd2a5be48fc399a2a1a536ccd8532249298823c68353626
-  data.tar.gz: '079b18a5a5ef5970c12effe60545aad3c25a7d495d42b4cffa2da423c226eae8'
+  metadata.gz: 00760bb3e57e86281242eaa873a1b3951214d6a4a846ef8070c636a75def407d
+  data.tar.gz: d23874cd8f9b97fb43c445a5e441db42a827bb0aaf2dfc77c790b6239bf6f445
 SHA512:
-  metadata.gz: 788656524aa4f0c7222d9a79b407875d5bab77f5ec217b2a843abfff7489e5099b45439d6d6fe2905c39b0ee1d6cd7f1202510d3cb1fa12a8724b3d9e66c7390
-  data.tar.gz: 03c2cb2160d6e3b61827f446173aba84733bb8a4b0709817a0c53aa4cf6f7435e1453cca89988a949eebbc5660e46bd200e09ab10d3933e3f59f882998186498
+  metadata.gz: f6c9062e2dee6288c7f311ec0c49344c18561ed2763eb7650f430b216a3e0716c76aebc77a4a820c2bc161e8bfb973a2ca8b0c63db5d950432fec6a9079aea1b
+  data.tar.gz: 6aae313ff7251536886c117901402ef3adac29ad508816142fd0d9663daec265d4be5ead74aa7af35c95b6ab6ab7b5f61a7f75203cd1817563bc493b46cdeb27

data/.gitignore

@@ -10,3 +10,4 @@
 .DS_Store
 /spec/fixtures/.jekyll-cache
 *.gem
+*.bak

data/.rspec

@@ -1,3 +1,3 @@
 --color
 --require spec_helper
-#--order random
+--order random

data/README.md

@@ -1,6 +1,13 @@
 # Jekyll Secinfo
 
-This Jekyll pluging provides a tag and filter that turns references to security related info (currently only CVEs) into clickable links.
+This Jekyll pluging provides a tag and filter that turns references to security related info (CVEs, CWEs and DIVD case numbers) into clickable links.
+
+
+[![Build Status](https://img.shields.io/circleci/build/github/MrSeccubus/jekyll-secinfo/main)](https://circleci.com/gh/MrSeccubus/jekyll-secinfo)
+[![Maintainability](https://api.codeclimate.com/v1/badges/a99a88d28ad37a79dbf6/maintainability)](https://codeclimate.com/github/codeclimate/codeclimate/maintainability)
+[![Test Coverage](https://api.codeclimate.com/v1/badges/a99a88d28ad37a79dbf6/test_coverage)](https://codeclimate.com/github/codeclimate/codeclimate/test_coverage)
+[![MIT License](https://img.shields.io/badge/License-MIT-brightgreen.svg)](https://github.com/MrSeccubus/jekyll-secinfo/blob/main/LICENSE.txt)
+[![Gem downloads](https://img.shields.io/gem/dt/jekyll-secinfo)](https://rubygems.org/gems/jekyll-secinfo)
 
 ## Installation
 
@@ -30,18 +37,29 @@ plugins:
 
 ## Usage
 
-As a tag `{% cve CVE-2019-19781 %}` or as a filter `{{ "cve-2019-19781" | cve }}`
+As a tag `{% cve CVE-2019-19781 %}` / `{% cwe CWE-78 %}` / `{% divd DIVD-2020-00001 %}` or as a filter `{{ "cve-2019-19781" | cve }}` / `{{ "cwe-787" | cwe }}` / `{{ "divd-2020-0001" | divd }}`
 
-For CVE multiple formats are accepted:
-* Full CVE in lower or upper case e.g. `CVE-2019-19781` or `cve-2019-19781`
-* Just the number e.g. `2019-19781`
+For CVEs, CWEs and DIVD cas number filters an tags multiple formats are accepted:
+* Full CVE in lower or upper case e.g. `CVE-2019-19781`, `CVE-787`, `DIVD-2020-00001`, `cve-2019-19781`, `cve-787` or `divd-2020-00001`
+* Just the number e.g. `2019-19781`, `787` or `2020-00001`
 
 ## Result
 
 By default the plugin will output the following code
 
+CVEs
+```markup
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781" class="cve secinfo">CVE-2019-19781</a>
+```
+
+CWEs
+```markup
+<a href="https://cwe.mitre.org/data/definitions/787.html" class="cwe secinfo">
+```
+
+DIVD case
 ```markup
-<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781" class="cve">CVE-2019-19781</a>
+<a href="https://csirt.divd.nl/DIVD-2020-00001" class="divd secinfo">DIVD-2020-00001</a>
 ```
 
 ## Configuration
@@ -51,30 +69,53 @@ The behaviour of this plugin can be configured in `_config.yml`
 ```yml
 jekyll-secinfo: 
   cve: 
-    style: mitre    # Supported styles are mitre, nvd and cvedetails
-    url:            # Style is ignored if a custom URL is defined.
+     style: mitre   # Supported styles are mitre, nvd and cvedetails
+     url:           # Style is ignored if a custom URL is defined.
+   cwe
+     style: mitre   # Supported styles are mitre and cvedetails
+     url:           # Style is ignored if a custom URL is defined.
+   divd:
+     url:           # Custom URL for DIVD cases.
 ```
 
 You can also put these values in the front matter of a page to override the values in `_config.yml` for a specific page.
 
 ### Styles
 
-For CVE's the style influences the way a tag or filter is rendered. This is how this input `{% cve CVE-2019-19781 %}` or as a filter `{{ "CVE-2019-19781" | cve }}` will be rendered in different styles:
+For CVEs and CWEs the style influences the way a tag or filter is rendered. This is how the following input will be rendered in different styles
 
-mitre
+input as tags
 ```markup
-<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781" class="cve">CVE-2019-19781</a>
+CVE: {% cve CVE-2019-19781 %}
+CWE: {% cwe CWE-79 %}
 ```
 
-mitre
+input with filters:
+```markup
+CVE: {{ "CVE-2019-19781" | cve }}
+CWE: {{ "cwe-79" | cwe }}
+```
+
+
+Mitre
+```markup
+CVE: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781" class="cve secinfo">CVE-2019-19781</a>
+CWE: <a href="https://cwe.mitre.org/data/definitions/79.html" class="cwe secinfo">CWE-79</a>
+```
+
+
+CVE details
 ```markup
-<a href="https://nvd.nist.gov/vuln/detail/CVE-2019-19781" class="cve">CVE-2019-19781</a>
+CVE: <a href="https://www.cvedetails.com/cve/CVE-2019-19781/" class="cve secinfo">CVE-2019-19781</a>
+CWE: <a href="https://www.cvedetails.com/cwe-details/79" class="cwe secinfo">CWE-79</a>
 ```
 
-mitre
+NVD
 ```markup
-<a href="https://www.cvedetails.com/cve/CVE-2019-19781/" class="cve">CVE-2019-19781</a>
+CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-19781" class="cve secinfo">CVE-2019-19781</a>
+CWE: <a href="https://cwe.mitre.org/data/definitions/79.html" class="cwe secinfo">CWE-79</a>
 ```
+(Since CWE doesn;t support the style `nvd` it falls back tot he default `mitre` style)
 
 ### Using your own URL
 
@@ -84,12 +125,20 @@ You can specify a custom URL to be used as well. If the url includes `%s` this w
 jekyll-secinfo: 
   cve: 
     url: http://localhost:4500/CVE-%s.html
+  cwe: 
+    url: http://localhost:4500/CWE-
+  divd:
+    url: https://localhost:4000/cases/DIVD-
 ---
 {% cve 1999-9999 %}
+{% cve 79 %}
+{{ "2020-00001" | divd }}
 ```
 
-Will reneder as
+Will reneder as:
 ```markup
-<p><a href="http://localhost:4500/CVE-1999-99999.html" class="cve">CVE-1999-99999</a></p>
+<p><a href="http://localhost:4500/CVE-1999-99999.html" class="cve secinfo">CVE-1999-99999</a>
+<a href="http://localhost:4500/CWE-79" class="cwe secinfo">CVE-1999-99999</a>
+<a href="https://localhost:4000/cases/DIVD-2020-00001" class="divd secinfo">DIVD-2020-00001</a></p>
 ```
 

data/jekyll-secinfo.gemspec

@@ -18,7 +18,6 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency 'jekyll'
-  spec.add_dependency "rainbow", "~> 3.0"
 
   spec.add_development_dependency "bundler", "~> 2.1"
   spec.add_development_dependency "rake", "~> 10.0"

data/lib/jekyll-secinfo/config.rb

@@ -4,43 +4,127 @@
 require "jekyll-secinfo/logger" 
 
 CONFIG_NAME = 'jekyll-secinfo'
-DEFAULT_CONFIG = {
-	CONFIG_NAME => {
-		"cve" => {
-			"style" => "mitre"
-		}
-	}
-}
-
 
 module Jekyll::Secinfo
 	class Config
-		
+				
 		def self.get(site_config, page)
-			config = DEFAULT_CONFIG
-			if site_config
-				config = config.merge(site_config) if site_config.key?(CONFIG_NAME)
-			end
-			if page.key?(CONFIG_NAME)
-				fromdoc = { CONFIG_NAME => page[CONFIG_NAME] }
-				config = config.merge(fromdoc)
+			config = { 
+				"cve" => {},
+				"cwe" => {},
+				"divd" => {}
+			}
+
+			# CVE
+
+			if site_config && site_config.key?(CONFIG_NAME) 
+				#config["site"] = site_config[CONFIG_NAME]
+				if site_config[CONFIG_NAME].key?("cve") && site_config[CONFIG_NAME]["cve"]
+					if site_config[CONFIG_NAME]["cve"].key?("style") && site_config[CONFIG_NAME]["cve"]["style"]
+						config["cve"]["style"] = site_config[CONFIG_NAME]["cve"]["style"]
+					end
+					if site_config[CONFIG_NAME]["cve"].key?("url") && site_config[CONFIG_NAME]["cve"]["url"]
+						config["cve"]["url"] = site_config[CONFIG_NAME]["cve"]["url"]
+					end
+				end
 			end
 
-			if not config[CONFIG_NAME]["cve"].key?("url")
-				case config[CONFIG_NAME]["cve"]["style"]
+			if page.key?(CONFIG_NAME) && page[CONFIG_NAME]
+	    		if page[CONFIG_NAME].key?("cve") && page[CONFIG_NAME]["cve"]
+	    			if page[CONFIG_NAME]["cve"].key?("style") && page[CONFIG_NAME]["cve"]["style"]
+	    				config["cve"]["style"]=page[CONFIG_NAME]["cve"]["style"]
+	    				config["cve"].delete("url")
+		    		end
+	    			if page[CONFIG_NAME]["cve"].key?("url") && page[CONFIG_NAME]["cve"]["url"]
+	    				config["cve"]["url"]=page[CONFIG_NAME]["cve"]["url"]
+	    				config["cve"].delete("style")
+		    		end
+		    	end
+			end			
+
+			if not config["cve"]["url"]  
+				case config["cve"]["style"]
 				when "mitre"
-					config[CONFIG_NAME]["cve"]["url"] = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
+					config["cve"]["url"] = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
 				when "cvedetails"
-					config[CONFIG_NAME]["cve"]["url"] = "https://www.cvedetails.com/cve/CVE-%s/"
+					config["cve"]["url"] = "https://www.cvedetails.com/cve/CVE-%s/"
 				when "nvd"
-					config[CONFIG_NAME]["cve"]["url"] = "https://nvd.nist.gov/vuln/detail/CVE-"
+					config["cve"]["url"] = "https://nvd.nist.gov/vuln/detail/CVE-"
+				else
+					# Unknown CVE style using 'mitre'-style instead
+					config["cve"]["url"] = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
+				end
+			end
+
+			# CWE
+
+			if site_config && site_config.key?(CONFIG_NAME) 
+				if site_config[CONFIG_NAME].key?("cwe") && site_config[CONFIG_NAME]["cwe"]
+					if site_config[CONFIG_NAME]["cwe"].key?("style") && site_config[CONFIG_NAME]["cwe"]["style"]
+						config["cwe"]["style"] = site_config[CONFIG_NAME]["cwe"]["style"]
+					end
+					if site_config[CONFIG_NAME]["cwe"].key?("url") && site_config[CONFIG_NAME]["cwe"]["url"]
+						config["cwe"]["url"] = site_config[CONFIG_NAME]["cwe"]["url"]
+					end
+				end
+			end
+
+			if page.key?(CONFIG_NAME) && page[CONFIG_NAME]
+	    		if page[CONFIG_NAME].key?("cwe") && page[CONFIG_NAME]["cwe"]
+	    			if page[CONFIG_NAME]["cwe"].key?("style") && page[CONFIG_NAME]["cwe"]["style"]
+	    				config["cwe"]["style"]=page[CONFIG_NAME]["cwe"]["style"]
+	    				config["cwe"].delete("url")
+		    		end
+	    			if page[CONFIG_NAME]["cwe"].key?("url") && page[CONFIG_NAME]["cwe"]["url"]
+	    				config["cwe"]["url"]=page[CONFIG_NAME]["cwe"]["url"]
+	    				config["cwe"].delete("style")
+		    		end
+		    	end
+			end			
+
+			if not config["cwe"]["url"]  
+				case config["cwe"]["style"]
+				when "mitre", "nvd"
+					config["cwe"]["url"] = "https://cwe.mitre.org/data/definitions/%s.html"
+				when "cvedetails"
+					config["cwe"]["url"] = "https://www.cvedetails.com/cwe-details/"
 				else
-					# Unknown CVE style unsing 'mitre'-style instead
-					config[CONFIG_NAME]["cve"]["url"] = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
+					# Unknown CWE style using 'mitre'-style instead
+					config["cwe"]["url"] = "https://cwe.mitre.org/data/definitions/%s.html"
 				end
 			end
 
-			return config[CONFIG_NAME]
+			# DIVD
+
+			if site_config && site_config.key?(CONFIG_NAME) 
+				if site_config[CONFIG_NAME].key?("divd") && site_config[CONFIG_NAME]["divd"]
+					if site_config[CONFIG_NAME]["divd"].key?("url") && site_config[CONFIG_NAME]["divd"]["url"]
+						config["divd"]["url"] = site_config[CONFIG_NAME]["divd"]["url"]
+					end
+				end
+			end
+
+			if page.key?(CONFIG_NAME) && page[CONFIG_NAME]
+	    		if page[CONFIG_NAME].key?("divd")
+	    			if page[CONFIG_NAME]["divd"]
+		    			if page[CONFIG_NAME]["divd"].key?("url")
+		    				if page[CONFIG_NAME]["divd"]["url"]
+		    					config["divd"]["url"]=page[CONFIG_NAME]["divd"]["url"]
+			    			else
+			    				config["divd"].delete("url")
+			    			end
+			    		end
+			    	else
+			    		config["divd"] = {}
+			    	end
+		    	end
+			end			
+
+			if not config["divd"]["url"]  
+				config["divd"]["url"] = "https://csirt.divd.nl/DIVD-"
+			end      
+
+			return config
 		end #get_config
 
 	end #Config

data/lib/jekyll-secinfo/cve.rb

@@ -9,7 +9,7 @@ require "jekyll-secinfo/config"
 module Jekyll::Secinfo
   class Cve
     
-    def self.cve_to_link(text, site, page)
+    def self.to_link(text, site, page)
       #Logger.log(context)
       config = Jekyll::Secinfo::Config.get(site, page)
       m = text.match(/^(CVE-|cve-)?(\d{4}-\d{4,})/) # See https://cve.mitre.org/cve/identifiers/syntaxchange.html
@@ -19,7 +19,7 @@ module Jekyll::Secinfo
         else
           url="#{config["cve"]["url"]}#{m[2]}"
         end
-        return "<a href='#{url}' class='cve'>CVE-#{m[2]}</a>"
+        return "<a href='#{url}' class='cve secinfo'>CVE-#{m[2]}</a>"
       else
         return nil
       end
@@ -35,7 +35,7 @@ module Jekyll::Secinfo
 
     def render(context)
       cve_text = @text.strip
-      out = Cve.cve_to_link(cve_text, context["site"]["config"], context["page"])
+      out = Cve.to_link(cve_text, context["site"], context["page"])
       return out if out
       return @text
     end
@@ -45,7 +45,7 @@ module Jekyll::Secinfo
   module CveFilter
     def cve(cvetxt, niets = nil)
       if cvetxt
-        link = Cve.cve_to_link(cvetxt, @context.registers[:site].config, @context.registers[:page])
+        link = Cve.to_link(cvetxt, @context.registers[:site].config, @context.registers[:page])
         if link
           return link
         else

data/lib/jekyll-secinfo/cwe.rb

@@ -0,0 +1,63 @@
+# External
+require "jekyll"
+require "jekyll-secinfo/version"
+
+# Support
+require "jekyll-secinfo/logger" 
+require "jekyll-secinfo/config" 
+
+module Jekyll::Secinfo
+  class Cwe
+    
+    def self.to_link(text, site, page)
+      #Logger.log(context)
+      config = Jekyll::Secinfo::Config.get(site, page)
+      m = text.match(/^(CWE-|cwe-)?(\d+)/) 
+      if m
+        if config["cwe"]["url"] =~ /\%s/
+          url=config["cwe"]["url"] % m[2]
+        else
+          url="#{config["cwe"]["url"]}#{m[2]}"
+        end
+        return "<a href='#{url}' class='cwe secinfo'>CWE-#{m[2]}</a>"
+      else
+        return nil
+      end
+    end
+  end
+
+  class CweTag < Liquid::Tag
+
+    def initialize(tagName, text, tokens)
+      super
+      @text = text
+    end
+
+    def render(context)
+      cwe_text = @text.strip
+      out = Cwe.to_link(cwe_text, context["site"], context["page"])
+      return out if out
+      return @text
+    end
+
+  end
+
+  module CweFilter
+    def cwe(cwetxt, niets = nil)
+      if cwetxt
+        link = Cwe.to_link(cwetxt, @context.registers[:site].config, @context.registers[:page])
+        if link
+          return link
+        else
+          return cwetxt
+        end
+      else
+        return ""
+      end
+    end
+  end
+
+  Liquid::Template.register_tag("cwe", Jekyll::Secinfo::CweTag)
+  Liquid::Template.register_filter(CweFilter)
+
+end

data/lib/jekyll-secinfo/divd.rb

@@ -0,0 +1,64 @@
+# External
+require "jekyll"
+require "jekyll-secinfo/version"
+
+# Support
+require "jekyll-secinfo/logger" 
+require "jekyll-secinfo/config" 
+
+module Jekyll::Secinfo
+  class Divd
+    
+    def self.to_link(text, site, page)
+      #Logger.log(context)
+      config = Jekyll::Secinfo::Config.get(site, page)
+
+      m = text.match(/^(DIVD-|divd-)?(\d{4}\-\d+)/) 
+      if m
+        if config["divd"]["url"] =~ /\%s/
+          url=config["divd"]["url"] % m[2]
+        else
+          url="#{config["divd"]["url"]}#{m[2]}"
+        end
+        return "<a href='#{url}' class='divd secinfo'>DIVD-#{m[2]}</a>"
+      else
+        return nil
+      end
+    end
+  end
+
+  class DivdTag < Liquid::Tag
+
+    def initialize(tagName, text, tokens)
+      super
+      @text = text
+    end
+
+    def render(context)
+      divd_text = @text.strip
+      out = Divd.to_link(divd_text, context["site"], context["page"])
+      return out if out
+      return @text
+    end
+
+  end
+
+  module DivdFilter
+    def divd(divdtxt, niets = nil)
+      if divdtxt
+        link = Divd.to_link(divdtxt, @context.registers[:site].config, @context.registers[:page])
+        if link
+          return link
+        else
+          return divdtxt
+        end
+      else
+        return ""
+      end
+    end
+  end
+
+  Liquid::Template.register_tag("divd", Jekyll::Secinfo::DivdTag)
+  Liquid::Template.register_filter(DivdFilter)
+
+end

data/lib/jekyll-secinfo/logger.rb

@@ -1,10 +1,6 @@
 # frozen_string_literal: true
 
 require 'jekyll-secinfo/version'
-require 'rainbow/refinement'
-
-using Rainbow
-
 
 module Jekyll::Secinfo
   class Logger
@@ -15,14 +11,14 @@ module Jekyll::Secinfo
     def self.display_info
       self.log "Jekyll-Secinfo #{Jekyll::Secinfo::VERSION}"
       self.log 'A Jekyll plugin to provide clickability to security info like CVEs and CWEs.'
-      self.log 'https://github.com/MrSeccubus/jekyll-secinfo'.underline
+      self.log 'https://github.com/MrSeccubus/jekyll-secinfo'
     end
 
     def self.log(content)
       if (content.is_a? String)
-        self.output 'Jekyll Secinfo', content.bright
+        self.output 'Jekyll Secinfo', content
       else
-        self.output 'Jekyll Secinfo', content.inspect.bright
+        self.output 'Jekyll Secinfo', content.inspect
       end
     end
 

data/lib/jekyll-secinfo/version.rb

@@ -1,5 +1,5 @@
 module Jekyll
   module Secinfo
-    VERSION = "0.1.1"
+    VERSION = "0.3.2"
   end
 end

data/lib/jekyll-secinfo.rb

@@ -8,6 +8,8 @@ require "jekyll-secinfo/logger"
 
 # Core
 require "jekyll-secinfo/cve" 
+require "jekyll-secinfo/cwe" 
+require "jekyll-secinfo/divd" 
 
 module Jekyll::Secinfo
   Logger.display_info

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jekyll-secinfo
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.3.2
 platform: ruby
 authors:
 - Frank Breedijk
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-29 00:00:00.000000000 Z
+date: 2022-01-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jekyll
@@ -24,20 +24,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: rainbow
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -114,6 +100,8 @@ files:
 - lib/jekyll-secinfo.rb
 - lib/jekyll-secinfo/config.rb
 - lib/jekyll-secinfo/cve.rb
+- lib/jekyll-secinfo/cwe.rb
+- lib/jekyll-secinfo/divd.rb
 - lib/jekyll-secinfo/logger.rb
 - lib/jekyll-secinfo/version.rb
 homepage: https://github.com/MrSeccubus/jekyll-secinfo
@@ -135,7 +123,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.3.3
 signing_key: 
 specification_version: 4
 summary: jekyll plugin to generate html snippets various security info