jekyll-secinfo 0.1.1 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 40e46c1179460d5e0dd2a5be48fc399a2a1a536ccd8532249298823c68353626
4
- data.tar.gz: '079b18a5a5ef5970c12effe60545aad3c25a7d495d42b4cffa2da423c226eae8'
3
+ metadata.gz: b42c9fb47ecdc616942907528198f12fa11aef810c9faf2de279aa1966dc2f37
4
+ data.tar.gz: 65dc27e0c3accdc565444e94b9f9912e922e7490d24fac11abc170354dea3910
5
5
  SHA512:
6
- metadata.gz: 788656524aa4f0c7222d9a79b407875d5bab77f5ec217b2a843abfff7489e5099b45439d6d6fe2905c39b0ee1d6cd7f1202510d3cb1fa12a8724b3d9e66c7390
7
- data.tar.gz: 03c2cb2160d6e3b61827f446173aba84733bb8a4b0709817a0c53aa4cf6f7435e1453cca89988a949eebbc5660e46bd200e09ab10d3933e3f59f882998186498
6
+ metadata.gz: 624d7ce5cbea3b4bb58960efa53aeb56fb10f80f1ccad37ae0ef5d35bec7fb8f9d3e6fcad6b3ece64a8447dd149143aacd9ea665a6a39c38b5e4fe40dfc16f70
7
+ data.tar.gz: 2b5802638bb9b581e1f5f9a06bc086f31cbe062dad18a35de1d3d22edb6422be424d57a7dd50ecba9f92e4f0c1b63a91a0328bda3c1231300f8afb9f93d352aa
data/.gitignore CHANGED
@@ -10,3 +10,4 @@
10
10
  .DS_Store
11
11
  /spec/fixtures/.jekyll-cache
12
12
  *.gem
13
+ *.bak
data/.rspec CHANGED
@@ -1,3 +1,3 @@
1
1
  --color
2
2
  --require spec_helper
3
- #--order random
3
+ --order random
data/README.md CHANGED
@@ -1,7 +1,13 @@
1
1
  # Jekyll Secinfo
2
2
 
3
- This Jekyll pluging provides a tag and filter that turns references to security related info (currently only CVEs) into clickable links.
3
+ This Jekyll pluging provides a tag and filter that turns references to security related info (CVEs and CWEs) into clickable links.
4
4
 
5
+
6
+ [![Build Status](https://img.shields.io/circleci/build/github/MrSeccubus/jekyll-secinfo/main)](https://circleci.com/gh/MrSeccubus/jekyll-secinfo)
7
+ [![Maintainability](https://api.codeclimate.com/v1/badges/a99a88d28ad37a79dbf6/maintainability)](https://codeclimate.com/github/codeclimate/codeclimate/maintainability)
8
+ [![Test Coverage](https://api.codeclimate.com/v1/badges/a99a88d28ad37a79dbf6/test_coverage)](https://codeclimate.com/github/codeclimate/codeclimate/test_coverage)
9
+ [![MIT License](https://img.shields.io/badge/License-MIT-brightgreen.svg)](https://github.com/MrSeccubus/jekyll-secinfo/blob/main/LICENSE.txt)
10
+ [![Gem downloads](https://img.shields.io/gem/dt/jekyll-secinfo)](https://rubygems.org/gems/jekyll-secinfo)
5
11
  ## Installation
6
12
 
7
13
  Add this line to your Gemfile:
@@ -30,18 +36,24 @@ plugins:
30
36
 
31
37
  ## Usage
32
38
 
33
- As a tag `{% cve CVE-2019-19781 %}` or as a filter `{{ "cve-2019-19781" | cve }}`
39
+ As a tag `{% cve CVE-2019-19781 %}`/`{% cwe CWE-78 %}` or as a filter `{{ "cve-2019-19781" | cve }}`/`{{ "cwe-787" | cwe }}`
34
40
 
35
- For CVE multiple formats are accepted:
36
- * Full CVE in lower or upper case e.g. `CVE-2019-19781` or `cve-2019-19781`
37
- * Just the number e.g. `2019-19781`
41
+ For CVE and CWE filters an tags multiple formats are accepted:
42
+ * Full CVE in lower or upper case e.g. `CVE-2019-19781`, `CVE-787`, `cve-2019-19781` or `cve-787`
43
+ * Just the number e.g. `2019-19781` or `787`
38
44
 
39
45
  ## Result
40
46
 
41
47
  By default the plugin will output the following code
42
48
 
49
+ CVEs
50
+ ```markup
51
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781" class="cve secinfo">CVE-2019-19781</a>
52
+ ```
53
+
54
+ CWEs
43
55
  ```markup
44
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781" class="cve">CVE-2019-19781</a>
56
+ <a href="https://cwe.mitre.org/data/definitions/787.html" class="cwe secinfo">
45
57
  ```
46
58
 
47
59
  ## Configuration
@@ -53,28 +65,49 @@ jekyll-secinfo:
53
65
  cve:
54
66
  style: mitre # Supported styles are mitre, nvd and cvedetails
55
67
  url: # Style is ignored if a custom URL is defined.
68
+ cwe
69
+ style: mitre # Supported styles are mitre and cvedetails
70
+ url: # Style is ignored if a custom URL is defined.
56
71
  ```
57
72
 
58
73
  You can also put these values in the front matter of a page to override the values in `_config.yml` for a specific page.
59
74
 
60
75
  ### Styles
61
76
 
62
- For CVE's the style influences the way a tag or filter is rendered. This is how this input `{% cve CVE-2019-19781 %}` or as a filter `{{ "CVE-2019-19781" | cve }}` will be rendered in different styles:
77
+ For CVEs and CWEs the style influences the way a tag or filter is rendered. This is how the following input will be rendered in different styles
78
+
79
+ input as tags
80
+ ```markup
81
+ CVE: {% cve CVE-2019-19781 %}
82
+ CWE: {% cwe CWE-79 %}
83
+ ```
84
+
85
+ input with filters:
86
+ ```markup
87
+ CVE: {{ "CVE-2019-19781" | cve }}
88
+ CWE: {{ "cwe-79" | cwe }}
89
+ ```
63
90
 
64
- mitre
91
+
92
+ Mitre
65
93
  ```markup
66
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781" class="cve">CVE-2019-19781</a>
94
+ CVE: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781" class="cve secinfo">CVE-2019-19781</a>
95
+ CWE: <a href="https://cwe.mitre.org/data/definitions/79.html" class="cwe secinfo">CWE-79</a>
67
96
  ```
68
97
 
69
- mitre
98
+
99
+ CVE details
70
100
  ```markup
71
- <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-19781" class="cve">CVE-2019-19781</a>
101
+ CVE: <a href="https://www.cvedetails.com/cve/CVE-2019-19781/" class="cve secinfo">CVE-2019-19781</a>
102
+ CWE: <a href="https://www.cvedetails.com/cwe-details/79" class="cwe secinfo">CWE-79</a>
72
103
  ```
73
104
 
74
- mitre
105
+ NVD
75
106
  ```markup
76
- <a href="https://www.cvedetails.com/cve/CVE-2019-19781/" class="cve">CVE-2019-19781</a>
107
+ CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-19781" class="cve secinfo">CVE-2019-19781</a>
108
+ CWE: <a href="https://cwe.mitre.org/data/definitions/79.html" class="cwe secinfo">CWE-79</a>
77
109
  ```
110
+ (Since CWE doesn;t support the style `nvd` it falls back tot he default `mitre` style)
78
111
 
79
112
  ### Using your own URL
80
113
 
@@ -84,12 +117,17 @@ You can specify a custom URL to be used as well. If the url includes `%s` this w
84
117
  jekyll-secinfo:
85
118
  cve:
86
119
  url: http://localhost:4500/CVE-%s.html
120
+ cwe:
121
+ url: http://localhost:4500/CWE-
87
122
  ---
88
123
  {% cve 1999-9999 %}
124
+ {% cve 79 %}
125
+
89
126
  ```
90
127
 
91
128
  Will reneder as
92
129
  ```markup
93
- <p><a href="http://localhost:4500/CVE-1999-99999.html" class="cve">CVE-1999-99999</a></p>
130
+ <p><a href="http://localhost:4500/CVE-1999-99999.html" class="cve secinfo">CVE-1999-99999</a>
131
+ <a href="http://localhost:4500/CWE-79" class="cwe secinfo">CVE-1999-99999</a></p>
94
132
  ```
95
133
 
@@ -8,6 +8,7 @@ require "jekyll-secinfo/logger"
8
8
 
9
9
  # Core
10
10
  require "jekyll-secinfo/cve"
11
+ require "jekyll-secinfo/cwe"
11
12
 
12
13
  module Jekyll::Secinfo
13
14
  Logger.display_info
@@ -4,43 +4,86 @@
4
4
  require "jekyll-secinfo/logger"
5
5
 
6
6
  CONFIG_NAME = 'jekyll-secinfo'
7
- DEFAULT_CONFIG = {
8
- CONFIG_NAME => {
9
- "cve" => {
10
- "style" => "mitre"
11
- }
12
- }
13
- }
14
-
15
7
 
16
8
  module Jekyll::Secinfo
17
9
  class Config
18
-
10
+
19
11
  def self.get(site_config, page)
20
- config = DEFAULT_CONFIG
21
- if site_config
22
- config = config.merge(site_config) if site_config.key?(CONFIG_NAME)
23
- end
24
- if page.key?(CONFIG_NAME)
25
- fromdoc = { CONFIG_NAME => page[CONFIG_NAME] }
26
- config = config.merge(fromdoc)
12
+ config = {
13
+ "cve" => {},
14
+ "cwe" => {}
15
+ }
16
+ if site_config && site_config.key?(CONFIG_NAME)
17
+ #config["site"] = site_config[CONFIG_NAME]
18
+ if site_config[CONFIG_NAME].key?("cve") && site_config[CONFIG_NAME]["cve"]
19
+ if site_config[CONFIG_NAME]["cve"].key?("style") && site_config[CONFIG_NAME]["cve"]["style"]
20
+ config["cve"]["style"] = site_config[CONFIG_NAME]["cve"]["style"]
21
+ end
22
+ if site_config[CONFIG_NAME]["cve"].key?("url") && site_config[CONFIG_NAME]["cve"]["url"]
23
+ config["cve"]["url"] = site_config[CONFIG_NAME]["cve"]["url"]
24
+ end
25
+ end
26
+ if site_config[CONFIG_NAME].key?("cwe") && site_config[CONFIG_NAME]["cwe"]
27
+ if site_config[CONFIG_NAME]["cwe"].key?("style") && site_config[CONFIG_NAME]["cwe"]["style"]
28
+ config["cwe"]["style"] = site_config[CONFIG_NAME]["cwe"]["style"]
29
+ end
30
+ if site_config[CONFIG_NAME]["cwe"].key?("url") && site_config[CONFIG_NAME]["cwe"]["url"]
31
+ config["cwe"]["url"] = site_config[CONFIG_NAME]["cwe"]["url"]
32
+ end
33
+ end
27
34
  end
28
35
 
29
- if not config[CONFIG_NAME]["cve"].key?("url")
30
- case config[CONFIG_NAME]["cve"]["style"]
36
+ if page.key?(CONFIG_NAME) && page[CONFIG_NAME]
37
+ if page[CONFIG_NAME].key?("cve") && page[CONFIG_NAME]["cve"]
38
+ if page[CONFIG_NAME]["cve"].key?("style") && page[CONFIG_NAME]["cve"]["style"]
39
+ config["cve"]["style"]=page[CONFIG_NAME]["cve"]["style"]
40
+ config["cve"].delete("url")
41
+ end
42
+ if page[CONFIG_NAME]["cve"].key?("url") && page[CONFIG_NAME]["cve"]["url"]
43
+ config["cve"]["url"]=page[CONFIG_NAME]["cve"]["url"]
44
+ config["cve"].delete("style")
45
+ end
46
+ end
47
+ if page[CONFIG_NAME].key?("cwe") && page[CONFIG_NAME]["cwe"]
48
+ if page[CONFIG_NAME]["cwe"].key?("style") && page[CONFIG_NAME]["cwe"]["style"]
49
+ config["cwe"]["style"]=page[CONFIG_NAME]["cwe"]["style"]
50
+ config["cwe"].delete("url")
51
+ end
52
+ if page[CONFIG_NAME]["cwe"].key?("url") && page[CONFIG_NAME]["cwe"]["url"]
53
+ config["cwe"]["url"]=page[CONFIG_NAME]["cwe"]["url"]
54
+ config["cwe"].delete("style")
55
+ end
56
+ end
57
+ end
58
+
59
+ if not config["cve"]["url"]
60
+ case config["cve"]["style"]
31
61
  when "mitre"
32
- config[CONFIG_NAME]["cve"]["url"] = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
62
+ config["cve"]["url"] = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
33
63
  when "cvedetails"
34
- config[CONFIG_NAME]["cve"]["url"] = "https://www.cvedetails.com/cve/CVE-%s/"
64
+ config["cve"]["url"] = "https://www.cvedetails.com/cve/CVE-%s/"
35
65
  when "nvd"
36
- config[CONFIG_NAME]["cve"]["url"] = "https://nvd.nist.gov/vuln/detail/CVE-"
66
+ config["cve"]["url"] = "https://nvd.nist.gov/vuln/detail/CVE-"
37
67
  else
38
- # Unknown CVE style unsing 'mitre'-style instead
39
- config[CONFIG_NAME]["cve"]["url"] = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
68
+ # Unknown CVE style using 'mitre'-style instead
69
+ config["cve"]["url"] = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
40
70
  end
41
71
  end
42
72
 
43
- return config[CONFIG_NAME]
73
+ if not config["cwe"]["url"]
74
+ case config["cwe"]["style"]
75
+ when "mitre", "nvd"
76
+ config["cwe"]["url"] = "https://cwe.mitre.org/data/definitions/%s.html"
77
+ when "cvedetails"
78
+ config["cwe"]["url"] = "https://www.cvedetails.com/cwe-details/"
79
+ else
80
+ # Unknown CWE style using 'mitre'-style instead
81
+ config["cwe"]["url"] = "https://cwe.mitre.org/data/definitions/%s.html"
82
+ end
83
+ end
84
+
85
+
86
+ return config
44
87
  end #get_config
45
88
 
46
89
  end #Config
@@ -9,7 +9,7 @@ require "jekyll-secinfo/config"
9
9
  module Jekyll::Secinfo
10
10
  class Cve
11
11
 
12
- def self.cve_to_link(text, site, page)
12
+ def self.to_link(text, site, page)
13
13
  #Logger.log(context)
14
14
  config = Jekyll::Secinfo::Config.get(site, page)
15
15
  m = text.match(/^(CVE-|cve-)?(\d{4}-\d{4,})/) # See https://cve.mitre.org/cve/identifiers/syntaxchange.html
@@ -19,7 +19,7 @@ module Jekyll::Secinfo
19
19
  else
20
20
  url="#{config["cve"]["url"]}#{m[2]}"
21
21
  end
22
- return "<a href='#{url}' class='cve'>CVE-#{m[2]}</a>"
22
+ return "<a href='#{url}' class='cve secinfo'>CVE-#{m[2]}</a>"
23
23
  else
24
24
  return nil
25
25
  end
@@ -35,7 +35,7 @@ module Jekyll::Secinfo
35
35
 
36
36
  def render(context)
37
37
  cve_text = @text.strip
38
- out = Cve.cve_to_link(cve_text, context["site"]["config"], context["page"])
38
+ out = Cve.to_link(cve_text, context["site"], context["page"])
39
39
  return out if out
40
40
  return @text
41
41
  end
@@ -45,7 +45,7 @@ module Jekyll::Secinfo
45
45
  module CveFilter
46
46
  def cve(cvetxt, niets = nil)
47
47
  if cvetxt
48
- link = Cve.cve_to_link(cvetxt, @context.registers[:site].config, @context.registers[:page])
48
+ link = Cve.to_link(cvetxt, @context.registers[:site].config, @context.registers[:page])
49
49
  if link
50
50
  return link
51
51
  else
@@ -0,0 +1,63 @@
1
+ # External
2
+ require "jekyll"
3
+ require "jekyll-secinfo/version"
4
+
5
+ # Support
6
+ require "jekyll-secinfo/logger"
7
+ require "jekyll-secinfo/config"
8
+
9
+ module Jekyll::Secinfo
10
+ class Cwe
11
+
12
+ def self.to_link(text, site, page)
13
+ #Logger.log(context)
14
+ config = Jekyll::Secinfo::Config.get(site, page)
15
+ m = text.match(/^(CWE-|cwe-)?(\d+)/)
16
+ if m
17
+ if config["cwe"]["url"] =~ /\%s/
18
+ url=config["cwe"]["url"] % m[2]
19
+ else
20
+ url="#{config["cwe"]["url"]}#{m[2]}"
21
+ end
22
+ return "<a href='#{url}' class='cwe secinfo'>CWE-#{m[2]}</a>"
23
+ else
24
+ return nil
25
+ end
26
+ end
27
+ end
28
+
29
+ class CweTag < Liquid::Tag
30
+
31
+ def initialize(tagName, text, tokens)
32
+ super
33
+ @text = text
34
+ end
35
+
36
+ def render(context)
37
+ cwe_text = @text.strip
38
+ out = Cwe.to_link(cwe_text, context["site"], context["page"])
39
+ return out if out
40
+ return @text
41
+ end
42
+
43
+ end
44
+
45
+ module CweFilter
46
+ def cwe(cwetxt, niets = nil)
47
+ if cwetxt
48
+ link = Cwe.to_link(cwetxt, @context.registers[:site].config, @context.registers[:page])
49
+ if link
50
+ return link
51
+ else
52
+ return cwetxt
53
+ end
54
+ else
55
+ return ""
56
+ end
57
+ end
58
+ end
59
+
60
+ Liquid::Template.register_tag("cwe", Jekyll::Secinfo::CweTag)
61
+ Liquid::Template.register_filter(CweFilter)
62
+
63
+ end
@@ -1,5 +1,5 @@
1
1
  module Jekyll
2
2
  module Secinfo
3
- VERSION = "0.1.1"
3
+ VERSION = "0.2.0"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jekyll-secinfo
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Frank Breedijk
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-01-29 00:00:00.000000000 Z
11
+ date: 2021-02-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jekyll
@@ -114,6 +114,7 @@ files:
114
114
  - lib/jekyll-secinfo.rb
115
115
  - lib/jekyll-secinfo/config.rb
116
116
  - lib/jekyll-secinfo/cve.rb
117
+ - lib/jekyll-secinfo/cwe.rb
117
118
  - lib/jekyll-secinfo/logger.rb
118
119
  - lib/jekyll-secinfo/version.rb
119
120
  homepage: https://github.com/MrSeccubus/jekyll-secinfo