rubysec.github.io/Rakefile at 338776c42039ea3c460966e3fec8def25655534f · rubysec/rubysec.github.io · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
require 'date'
require 'yaml'

namespace :advisories do
  file '_advisories' do
    system 'git clone --depth 1 https://github.com/rubysec/ruby-advisory-db _advisories'
  end

  desc 'Updates the advisory db'
  task :update => '_advisories' do
    Dir.chdir('_advisories') { sh 'git pull --ff-only' } unless ENV['CI']
  end

  desc 'Regenerate the advisory posts'
  task :generate => :update do
    Rake::FileList['_advisories/gems/*/*.yml'].each do |advisory_path|
      advisory = YAML.safe_load_file(advisory_path, permitted_classes: [Date])

      id   = if advisory['cve'] then "CVE-#{advisory['cve']}"
             elsif advisory['ghsa'] then "GHSA-#{advisory['ghsa']}"
             elsif advisory['osvdb'] then "OSVDB-#{advisory['osvdb']}"
             else File.basename(advisory_path, ".*")
             end
      slug = "#{advisory['date']}-#{id}"
      post = File.join('advisories', '_posts', "#{slug}.md")

      # Enhanced advisory processing with Rails Security format support
      enhanced_advisory = advisory.dup

      # Process description for better formatting
      if enhanced_advisory['description']
        enhanced_advisory['description'] = enhanced_advisory['description'].strip
      end

      # Add impact section if available
      if advisory['impact']
        enhanced_advisory['impact'] = advisory['impact'].strip
      end

      # Add workarounds section if available
      if advisory['workarounds']
        enhanced_advisory['workarounds'] = advisory['workarounds'].strip
      end

      # Process patches if available
      if advisory['patches']
        enhanced_advisory['patches'] = advisory['patches']
      end

      # Process credits if available
      if advisory['credits']
        enhanced_advisory['credits'] = advisory['credits']
      end

      File.open(post, 'w') do |file|
        header = {
          'layout'     => 'advisory',
          'title'      => "#{id} (#{advisory['gem']}): #{advisory['title']}",
          'comments'   => false,
          'categories' => [advisory['gem'], advisory['library'], advisory['framework'], advisory['platform']].compact,
          'advisory'   => enhanced_advisory
        }

        YAML.dump(header, file)
        file.puts '---'
      end
    end
  end

  desc 'Commits changes to advisories/_posts/'
  task :commit do
    rev = Dir.chdir('_advisories') { %x(git rev-parse --short HEAD).strip }
    message = "Updated advisory posts against rubysec/ruby-advisory-db@#{rev}"

    sh "git add advisories/_posts/*.md"
    sh "git commit --allow-empty -m #{message.dump} advisories/_posts/"
  end
end

task :advisories => ['advisories:generate', 'advisories:commit']