securitytxt 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a94da8bb441d834511c0ee0a7109ec57b84e8319
+  data.tar.gz: 0db1beee347f72b1b8f82ba6f8f7b971c2f4e6be
+SHA512:
+  metadata.gz: de2bdfdded9bbb839b7cd8046c0b4e00e327dbf57d3ce816c5bd5b7b603491c1f3c215ca688a2f1f09b6ba0ba75d085c8a1961ff9a8e4717faf4ab233f6d1873
+  data.tar.gz: 1bb67af19bad0e1e09a057e44dec68e2861ae1c3fcdb3820abe85177edef2b36957547f75b62384c1018d8e594e018683e994c99b222ddd2fec7591875aa3615

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2018 Benoit Larroque
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,69 @@
+# Security.txt toolbox for your Ruby app
+
+This gem provides a Rack middleware and matching Rails engine
+that will provides a nicely formatted [security.txt](https://tools.ietf.org/html/draft-foudil-securitytxt-02) for your application.
+It also includes a generator and parser of security.txt files.
+
+References:
+* [security.txt rfc draft](https://tools.ietf.org/html/draft-foudil-securitytxt-02)
+* [security.txt project on github](https://github.com/securitytxt/security-txt)
+* [securitytxt.org](https://securitytxt.org/)
+
+
+## Installation
+Add this line to your application's Gemfile:
+```ruby
+  gem 'securitytxt'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+## Using the Rails engine
+Create an initializer with the policy you want to set:
+```ruby
+# config/initializers/securitytxt.rb
+SecurityTxt.contact = "me@organization.com"
+SecurityTxt.encryption = "https://www.mykey.com/pgp-key.txt"
+```
+
+## Using the Rack middleware
+Add the middleware to your chain in your config.ru
+
+```ruby
+require 'securitytxt'
+
+policy = {
+  "contact" => "me@organization.com",
+  "encryption" => "https://www.mykey.com/pgp-key.txt"
+}
+use SecurityTxt::Middleware, policy
+```
+
+## Parsing a Security.txt
+
+Simply passing a string should be enough to get data back
+
+```ruby
+require "securitytxt/parser"
+require "open-uri"
+SecurityTxt::Parser.new.parse(open("https://securitytxt.org/.well-known/security.txt").read)
+# Outputs {"contact"=>"https://hackerone.com/ed", "encryption"=>"https://keybase.pub/edoverflow/pgp_key.asc", "acknowledgements"=>"https://hackerone.com/ed/thanks"}
+```
+
+## Generating a Security.txt
+
+```ruby
+require 'securitytxt/generator'
+puts SecurityTxt::Generator.new({"contact"=>"https://hackerone.com/ed", "encryption"=>"https://keybase.pub/edoverflow/pgp_key.asc", "acknowledgements"=>"https://hackerone.com/ed/thanks"}).generate
+# Outputs
+#
+# Contact: https://hackerone.com/ed
+# Encryption: https://keybase.pub/edoverflow/pgp_key.asc
+# Acknowledgements: https://hackerone.com/ed/thanks
+```
+
+## License
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,36 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'SecurityTxt'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+load 'rails/tasks/statistics.rake'
+
+
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task default: :test

data/lib/securitytxt/generator.rb

@@ -0,0 +1,36 @@
+module SecurityTxt
+  # Generator of Security.txt
+  class Generator
+    attr_accessor :sections
+    def initialize(data = {})
+      @sections = data
+    end
+
+    def generate
+      ret = StringIO.new
+      sections.each do |name, value|
+        next if value.nil? || value.empty?
+        if value.is_a?(Array)
+          value.each { |subvalue| ret << "#{capitalize(name)}: #{subvalue}\n" }
+        else
+          ret << "#{capitalize(name)}: #{value}\n"
+        end
+      end
+      ret.string
+    end
+
+    protected
+
+    if ''.respond_to?(:capitalize)
+      def capitalize(w)
+        w.capitalize
+      end
+    else
+      # Stolen from rails
+      def capitalize(w)
+        (w.slice(0) || w.chars('')).upcase +
+          (w.slice(1..-1) || w.chars('')).downcase
+      end
+    end
+  end
+end

data/lib/securitytxt/middleware.rb

@@ -0,0 +1,21 @@
+module SecurityTxt
+  # Rack Middleware that generates a respond.txt
+  class Middleware
+    def initialize(app, sections = {})
+      @app = app
+      @sections = sections
+    end
+
+    def call(env)
+      req = Rack::Request.new(env)
+
+      sections = @sections
+      sections = @sections.call if @sections.respond_to?(:call)
+      if req.path == '/.well-known/security.txt' && !sections.empty?
+        return Rack::Response.new(Generator.new(sections).generate, 200,
+                                  'Content-Type' => 'text/plain')
+      end
+      @app.call(env)
+    end
+  end
+end

data/lib/securitytxt/parser.rb

@@ -0,0 +1,25 @@
+module SecurityTxt
+  # Parser of Security.txt
+  class Parser
+    def parse(str)
+      sections = {}
+      str.each_line do |line|
+        line.chomp!
+        l = line.to_s.gsub(/#.*$/, '')
+        next if l.index(': ').nil?
+        section, value = l.split(': ', 2)
+        key = section.to_s.downcase
+        current = sections[key]
+        case current
+        when NilClass
+          sections[key] = value
+        when Array
+          sections[key] << value.strip
+        else
+          sections[key] = [current, value]
+        end
+      end
+      sections
+    end
+  end
+end

data/lib/securitytxt/version.rb

@@ -0,0 +1,3 @@
+module SecurityTxt
+  VERSION = '0.1.0'
+end

data/lib/securitytxt.rb

@@ -0,0 +1,27 @@
+require 'securitytxt/generator'
+require 'securitytxt/middleware'
+
+# Rails SecurityTXT generator
+module SecurityTxt
+  SECTIONS = %i[acknowledgment contact encryption signature policy].freeze
+  SECTIONS.each do |section|
+    if defined?(Rails)
+      mattr_accessor section
+    else
+      attr_accessor section
+    end
+  end
+
+  if defined?(Rails)
+    # Rails engine that plugs middleware in application
+    class Application < Rails::Application
+      config = proc do
+        SecurityTxt::SECTIONS.inject({}) do |acc, v|
+          acc[v] = SecurityTxt.send(v)
+          acc
+        end
+      end
+      Rails.application.config.middleware.use SecurityTxt::Middleware, config
+    end
+  end
+end

data/lib/tasks/rails_security_txt_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :rails_security_txt do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,82 @@
+--- !ruby/object:Gem::Specification
+name: securitytxt
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Benoit Larroque
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-01-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.1.4
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.1.4
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 'This gems includes various tools about security.txt for Ruby: A rails
+  engine, A Rack MiddleWare, a simple parser and generator '
+email:
+- benoit@sqreen.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- lib/securitytxt.rb
+- lib/securitytxt/generator.rb
+- lib/securitytxt/middleware.rb
+- lib/securitytxt/parser.rb
+- lib/securitytxt/version.rb
+- lib/tasks/rails_security_txt_tasks.rake
+homepage: 
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.13
+signing_key: 
+specification_version: 4
+summary: Provides a tools about security.txt for Ruby
+test_files: []