diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
new file mode 100644
index 00000000..261abaae
--- /dev/null
+++ b/.github/FUNDING.yml
@@ -0,0 +1,3 @@
+github:
+ - reedloden
+ - postmodern
diff --git a/.github/workflows/advisories.yml b/.github/workflows/advisories.yml
new file mode 100644
index 00000000..f7c90125
--- /dev/null
+++ b/.github/workflows/advisories.yml
@@ -0,0 +1,38 @@
+name: Update advisories
+
+on:
+ repository_dispatch:
+ types: [ changed ]
+
+jobs:
+ update-advisories:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - name: Checkout ruby-advisory-db
+ uses: actions/checkout@v2
+ with:
+ repository: rubysec/ruby-advisory-db
+ path: _advisories
+ - name: Set up Ruby
+ uses: ruby/setup-ruby@v1
+ with:
+ ruby-version: ruby
+ - name: Install dependencies
+ run: bundle install --jobs 4 --retry 3
+ - name: Generate advisories
+ run: bundle exec rake advisories:generate
+ - name: Get latest advisory commit
+ id: git-commit
+ working-directory: _advisories
+ run: |
+ echo "::set-output name=author::$(git show -s --format='%an <%ae>')"
+ echo "::set-output name=hash::$(git rev-parse --short HEAD)"
+ - name: Commit any updates
+ uses: stefanzweifel/git-auto-commit-action@v4
+ with:
+ commit_message: "Updated advisory posts against rubysec/ruby-advisory-db@${{ steps.git-commit.outputs.hash }}"
+ file_pattern: advisories/_posts/*.md
+ commit_user_name: RubySec CI
+ commit_user_email: ci@rubysec.com
+ commit_author: ${{ steps.git-commit.outputs.author }}
diff --git a/404.md b/404.html
similarity index 100%
rename from 404.md
rename to 404.html
diff --git a/Gemfile b/Gemfile
index bd2fd82f..ed7bb3f0 100644
--- a/Gemfile
+++ b/Gemfile
@@ -3,6 +3,4 @@ source 'https://rubygems.org'
gem 'github-pages'
gem 'rake'
-group :jekyll_plugins do
- gem 'octopress-filters'
-end
+gem "webrick", "~> 1.7"
diff --git a/Rakefile b/Rakefile
index ec0a691e..a1f8f6f4 100644
--- a/Rakefile
+++ b/Rakefile
@@ -1,26 +1,25 @@
+require 'date'
require 'yaml'
namespace :advisories do
file '_advisories' do
- if ENV['CI']
- File.symlink('..', '_advisories')
- else
- system 'git clone --depth 1 https://github.com/rubysec/ruby-advisory-db _advisories'
- end
+ system 'git clone --depth 1 https://github.com/rubysec/ruby-advisory-db _advisories'
end
desc 'Updates the advisory db'
task :update => '_advisories' do
- Dir.chdir('_advisories') { sh 'git pull' } unless ENV['CI']
+ Dir.chdir('_advisories') { sh 'git pull --ff-only' } unless ENV['CI']
end
desc 'Regenerate the advisory posts'
task :generate => :update do
Rake::FileList['_advisories/gems/*/*.yml'].each do |advisory_path|
- advisory = YAML.load_file(advisory_path)
+ advisory = YAML.safe_load_file(advisory_path, permitted_classes: [Date])
id = if advisory['cve'] then "CVE-#{advisory['cve']}"
- else "OSVDB-#{advisory['osvdb']}"
+ elsif advisory['ghsa'] then "GHSA-#{advisory['ghsa']}"
+ elsif advisory['osvdb'] then "OSVDB-#{advisory['osvdb']}"
+ else File.basename(advisory_path, ".*")
end
slug = "#{advisory['date']}-#{id}"
post = File.join('advisories', '_posts', "#{slug}.md")
@@ -30,7 +29,7 @@ namespace :advisories do
'layout' => 'advisory',
'title' => "#{id} (#{advisory['gem']}): #{advisory['title']}",
'comments' => false,
- 'categories' => [advisory['gem'], advisory['framework']].compact,
+ 'categories' => [advisory['gem'], advisory['library'], advisory['framework'], advisory['platform']].compact,
'advisory' => advisory
}
diff --git a/_config.yml b/_config.yml
index ae33c8b0..3a3eb9cf 100644
--- a/_config.yml
+++ b/_config.yml
@@ -1,4 +1,4 @@
-url: http://rubysec.com
+url: https://rubysec.com
title: RubySec
subtitle: Providing security resources for the Ruby community
author: RubySec
@@ -6,19 +6,22 @@ simple_search: https://www.google.com/search
description: Advisory database of security vulnerabilities found in Ruby projects
exclude:
- - _advisories
- - Gemfile
- - Gemfile.lock
- - Rakefile
- - README.md
- - vendor
-
-gems:
- - octopress-filters
+ [
+ .bundle,
+ .github,
+ _advisories,
+ CNAME,
+ Gemfile,
+ Rakefile,
+ README.md,
+ vendor,
+ ]
+
+plugins:
- jekyll-paginate
+ - jekyll-sitemap
subscribe_rss: /atom.xml
-email: rubysec-announce@googlegroups.com
permalink: /advisories/:title/
category_dir: advisories/categories
@@ -28,9 +31,11 @@ pagination_dir: advisories # Directory base for pagination URLs eg. /blog/p
recent_posts: 5 # Posts in the sidebar Recent Posts section
excerpt_link: "Read on →" # "Continue reading" link text at the bottom of excerpted articles
-titlecase: true # Converts page and post titles to titlecase
+titlecase: false # Converts page and post titles to titlecase
twitter_user: rubysec
twitter_tweet_button: true
-github_repo: rubysec/rubysec.github.io
+github_repo: rubysec/ruby-advisory-db
+
+google_analytics: G-P90QEESFMF
diff --git a/_includes/after_footer.html b/_includes/after_footer.html
index af3d0cad..8d8a0434 100644
--- a/_includes/after_footer.html
+++ b/_includes/after_footer.html
@@ -1,3 +1,2 @@
-
+
-
diff --git a/_includes/archive_post.html b/_includes/archive_post.html
index 3bbf3e6f..ace2dc0c 100644
--- a/_includes/archive_post.html
+++ b/_includes/archive_post.html
@@ -1,10 +1,9 @@
|
-
+
|
- {% capture category %}{{ post.categories | size }}{% endcapture %}
- {% if category != '0' %}
- posted in {{ post.categories | category_links }}
+ {% if post.categories != empty or post.tags != empty %}
+ posted in {% include category_links.html categories=post.categories tags=post.tags %}
{% endif %}
|
diff --git a/_includes/category_links.html b/_includes/category_links.html
new file mode 100644
index 00000000..28cdcbf6
--- /dev/null
+++ b/_includes/category_links.html
@@ -0,0 +1,21 @@
+{% if include.categories != empty %} •
+ {% for category in include.categories %}
+ {% assign no_comma = forloop.last %}
+ {% for archive in site.archives %}
+ {% if archive.type == "category" and archive.title == category %}
+ {{ archive.title | escape }}{% unless no_comma %},{% endunless %}
+ {% endif %}
+ {% endfor %}
+ {% endfor %}
+{% endif %}
+
+{% if include.tags != empty %} •
+ {% for tag in include.tags %}
+ {% assign no_comma = forloop.last %}
+ {% for archive in site.archives %}
+ {% if archive.type == "tag" and archive.title == tag %}
+ {{ archive.title | escape }}{% unless no_comma %},{% endunless %}
+ {% endif %}
+ {% endfor %}
+ {% endfor %}
+{% endif %}
diff --git a/_includes/footer.html b/_includes/footer.html
index 4cfe1b7a..a2cbfa8b 100644
--- a/_includes/footer.html
+++ b/_includes/footer.html
@@ -1,3 +1,6 @@
-
- Copyright © {{ site.time | date: "%Y" }} - {{ site.author }}
-
+
diff --git a/_includes/head.html b/_includes/head.html
index bf6d2eda..2de27189 100644
--- a/_includes/head.html
+++ b/_includes/head.html
@@ -1,7 +1,5 @@
-
-
-
+
{% if page.title %}{{ page.title }} - {% endif %}{{ site.title }}
@@ -11,19 +9,30 @@
{% if page.keywords %}{% endif %}
-
{% capture canonical %}{{ site.url }}{% if site.permalink contains '.html' %}{{ page.url }}{% else %}{{ page.url | remove:'index.html' | strip_slash }}{% endif %}{% endcapture %}
-
+
+
+
-
+
+
+
+
+
diff --git a/_includes/header.html b/_includes/header.html
index 339c5681..c46c5e94 100644
--- a/_includes/header.html
+++ b/_includes/header.html
@@ -1,23 +1,30 @@
-
-
-
- | Get Updates: |
- {% if site.subscribe_rss %}
- By ATOM |
- {% endif %}
- |
- {% if site.twitter_user %}
- On Twitter |
- {% endif %}
- |
- {% if site.github_repo %}
- On GitHub |
- {% endif %}
-
-
-
+ {{ site.title }}
+