Jekyll Secinfo
This Jekyll pluging provides a tag and filter that turns references to security related info (CVEs and CWEs) into clickable links.
Installation
Add this line to your Gemfile:
group :jekyll_plugins do
gem "jekyll-secinfo"
end
And then execute:
$ bundle
Alternatively install the gem yourself as:
$ gem install jekyll-secinfo
and put this in your _config.yml
plugins:
- jekyll-secinfo
# This will require each of these gems automatically.
Usage
As a tag {% cve CVE-2019-19781 %}
/{% cwe CWE-78 %}
or as a filter {{ "cve-2019-19781" | cve }}
/{{ "cwe-787" | cwe }}
For CVE and CWE filters an tags multiple formats are accepted:
- Full CVE in lower or upper case e.g.
CVE-2019-19781
,CVE-787
,cve-2019-19781
orcve-787
- Just the number e.g.
2019-19781
or787
Result
By default the plugin will output the following code
CVEs
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781" class="cve secinfo">CVE-2019-19781</a>
CWEs
<a href="https://cwe.mitre.org/data/definitions/787.html" class="cwe secinfo">
Configuration
The behaviour of this plugin can be configured in _config.yml
jekyll-secinfo:
cve:
style: mitre # Supported styles are mitre, nvd and cvedetails
url: # Style is ignored if a custom URL is defined.
cwe
style: mitre # Supported styles are mitre and cvedetails
url: # Style is ignored if a custom URL is defined.
You can also put these values in the front matter of a page to override the values in _config.yml
for a specific page.
Styles
For CVEs and CWEs the style influences the way a tag or filter is rendered. This is how the following input will be rendered in different styles
input as tags
CVE: {% cve CVE-2019-19781 %}
CWE: {% cwe CWE-79 %}
input with filters:
CVE: {{ "CVE-2019-19781" | cve }}
CWE: {{ "cwe-79" | cwe }}
Mitre
CVE: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781" class="cve secinfo">CVE-2019-19781</a>
CWE: <a href="https://cwe.mitre.org/data/definitions/79.html" class="cwe secinfo">CWE-79</a>
CVE details
CVE: <a href="https://www.cvedetails.com/cve/CVE-2019-19781/" class="cve secinfo">CVE-2019-19781</a>
CWE: <a href="https://www.cvedetails.com/cwe-details/79" class="cwe secinfo">CWE-79</a>
NVD
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-19781" class="cve secinfo">CVE-2019-19781</a>
CWE: <a href="https://cwe.mitre.org/data/definitions/79.html" class="cwe secinfo">CWE-79</a>
(Since CWE doesn;t support the style nvd
it falls back tot he default mitre
style)
Using your own URL
You can specify a custom URL to be used as well. If the url includes %s
this will be substituted with the number part of the CVE once. Otherwise the number part of the CVE will be appended to the url.
jekyll-secinfo:
cve:
url: http://localhost:4500/CVE-%s.html
cwe:
url: http://localhost:4500/CWE-
---
{% cve 1999-9999 %}
{% cve 79 %}
Will reneder as
<p><a href="http://localhost:4500/CVE-1999-99999.html" class="cve secinfo">CVE-1999-99999</a>
<a href="http://localhost:4500/CWE-79" class="cwe secinfo">CVE-1999-99999</a></p>