Bring back the old Jekyll site with a few new changes

Author: reedloden

Gemfile

@@ -2,7 +2,3 @@ source 'https://rubygems.org'
 
 gem 'github-pages'
 gem 'rake'
-
-group :jekyll_plugins do
-  gem 'octopress-filters'
-end

Rakefile

@@ -11,7 +11,7 @@ namespace :advisories do
 
   desc 'Updates the advisory db'
   task :update => '_advisories' do
-    Dir.chdir('_advisories') { sh 'git pull' } unless ENV['CI']
+    Dir.chdir('_advisories') { sh 'git pull --ff-only' } unless ENV['CI']
   end
 
   desc 'Regenerate the advisory posts'
@@ -20,7 +20,9 @@ namespace :advisories do
       advisory = YAML.load_file(advisory_path)
 
       id   = if advisory['cve'] then "CVE-#{advisory['cve']}"
-             else                    "OSVDB-#{advisory['osvdb']}"
+             elsif advisory['ghsa'] then "GHSA-#{advisory['ghsa']}"
+             elsif advisory['osvdb'] then "OSVDB-#{advisory['osvdb']}"
+             else File.basename(advisory_path, ".*")
              end
       slug = "#{advisory['date']}-#{id}"
       post = File.join('advisories', '_posts', "#{slug}.md")

_config.yml

@@ -1,21 +1,21 @@
-url: http://rubysec.com
+url: https://rubysec.com
 title: RubySec
 subtitle: Providing security resources for the Ruby community
 author: RubySec
 simple_search: https://www.google.com/search
 description: Advisory database of security vulnerabilities found in Ruby projects
 
 exclude:
-  - _advisories
-  - Gemfile
-  - Gemfile.lock
-  - Rakefile
-  - README.md
-  - vendor
-
-gems:
-  - octopress-filters
-  - jekyll-paginate
+  [
+    .bundle,
+    .github,
+    _advisories,
+    CNAME,
+    Gemfile,
+    Rakefile,
+    README.md,
+    vendor,
+  ]
 
 subscribe_rss: /atom.xml
 email: [email protected]
@@ -28,7 +28,7 @@ pagination_dir: advisories      # Directory base for pagination URLs eg. /blog/p
 recent_posts: 5                 # Posts in the sidebar Recent Posts section
 excerpt_link: "Read on →"  # "Continue reading" link text at the bottom of excerpted articles
 
-titlecase: true       # Converts page and post titles to titlecase
+titlecase: false       # Converts page and post titles to titlecase
 
 twitter_user: rubysec
 twitter_tweet_button: true

_includes/after_footer.html

@@ -1,3 +1,18 @@
-<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script>
+<script src="https://code.jquery.com/jquery-1.12.4.min.js"></script>
 <script src="{{ root_url }}/assets/bootstrap/js/bootstrap.min.js"></script>
-<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script>
+<script>window.twttr = (function(d, s, id) {
+  var js, fjs = d.getElementsByTagName(s)[0],
+    t = window.twttr || {};
+  if (d.getElementById(id)) return t;
+  js = d.createElement(s);
+  js.id = id;
+  js.src = "https://platform.twitter.com/widgets.js";
+  fjs.parentNode.insertBefore(js, fjs);
+
+  t._e = [];
+  t.ready = function(f) {
+    t._e.push(f);
+  };
+
+  return t;
+}(document, "script", "twitter-wjs"));</script>

_includes/archive_post.html

@@ -2,9 +2,8 @@
   <h3><small><time datetime="{{ post.date | datetime | date_to_xmlschema }}" pubdate>{{ post.date | date: "<span class='month'>%b</span> <span class='day'>%d</span>"}}</time></small></h3>
 </td>
 <td>
-  {% capture category %}{{ post.categories | size }}{% endcapture %}
   <h3><a href="{{ root_url }}{{ post.url }}">{{post.title}}</a></h3>
-  {% if category != '0' %}
-  <h3><small>posted in {{ post.categories | category_links }}</small></h3>
+  {% if post.categories != empty or post.tags != empty %}
+  <h3><small>posted in {% include category_links.html categories=post.categories tags=post.tags %}</small></h3>
   {% endif %}
 </td>

_includes/category_links.html

@@ -0,0 +1,21 @@
+{% if include.categories != empty %} •
+  {% for category in include.categories %}
+    {% assign no_comma = forloop.last %}
+    {% for archive in site.archives %}
+      {% if archive.type == "category" and archive.title == category %}
+        <a href="{{ archive.url | relative_url }}">{{ archive.title | escape }}</a>{% unless no_comma %},{% endunless %}
+      {% endif %}
+    {% endfor %}
+  {% endfor %}
+{% endif %}
+
+{% if include.tags != empty %} •
+  {% for tag in include.tags %}
+    {% assign no_comma = forloop.last %}
+    {% for archive in site.archives %}
+      {% if archive.type == "tag" and archive.title == tag %}
+        <a href="{{ archive.url | relative_url }}">{{ archive.title | escape }}</a>{% unless no_comma %},{% endunless %}
+      {% endif %}
+    {% endfor %}
+  {% endfor %}
+{% endif %}

_includes/footer.html

@@ -1,3 +1,6 @@
-<p>
-  Copyright &copy; {{ site.time | date: "%Y" }} - {{ site.author }}
-</p>
+<section class="footer">
+  <div class="disclaimer">
+    <p>Copyright &copy; {{ site.time | date: "%Y" }} - {{ site.author }}</p>
+    <p class="acknowledgement">This domain was graciously donated by Jordi Massaguer.</p>
+  </div>
+</section>

_includes/head.html

@@ -18,7 +18,7 @@
 
   {% capture canonical %}{{ site.url }}{% if site.permalink contains '.html' %}{{ page.url }}{% else %}{{ page.url | remove:'index.html' | strip_slash }}{% endif %}{% endcapture %}
   <link rel="canonical" href="{{ canonical }}">
-  <link href="{{ root_url }}/favicon.ico" rel="icon">
+  <link href="{{ root_url }}/favicon.png" rel="icon">
 
   <link href="{{ root_url }}/assets/bootstrap/css/spacelab.min.css" rel="stylesheet" type="text/css">
   <link href="{{ root_url }}/assets/bootstrap/css/bootstrap-responsive.min.css" rel="stylesheet" type="text/css">

_includes/header.html

@@ -1,23 +1,29 @@
-<div class="subscribe">
-  <table>
-    <tr>
-      <td><span>Get Updates: &nbsp;</span></td>
-      {% if site.subscribe_rss %}
-      <td><a href="{{site.subscribe_rss}}" class="btn"><i class="icon-cog"></i> By ATOM</a></td>
-      {% endif %}
-      <td>&nbsp;</td>
-      {% if site.twitter_user %}
-      <td><a href="https://twitter.com/{{site.twitter_user}}" class="btn"><i class="icon-twitter-sign"></i> On Twitter</a></td>
-      {% endif %}
-      <td>&nbsp;</td>
-      {% if site.github_repo %}
-      <td><a href="https://github.com/{{site.github_repo}}" class="btn"><i class="icon-github-sign"></i> On GitHub</a></td>
-      {% endif %}
-    </tr>
-  </table>
-</div>
+<section class="header">
+  <div class="subscribe">
+    <table>
+      <tr>
+        <td><span>Get Updates: &nbsp;</span></td>
+        {% if site.subscribe_rss %}
+        <td><a href="{{site.subscribe_rss}}" class="btn"><i class="icon-cog"></i> By ATOM</a></td>
+        {% endif %}
+        <td>&nbsp;</td>
+        {% if site.twitter_user %}
+        <td><a href="https://twitter.com/{{site.twitter_user}}" class="btn"><i class="icon-twitter-sign"></i> On Twitter</a></td>
+        {% endif %}
+        <td>&nbsp;</td>
+        {% if site.github_repo %}
+        <td><a href="https://github.com/{{site.github_repo}}" class="btn"><i class="icon-github-sign"></i> On GitHub</a></td>
+        {% endif %}
+      </tr>
+    </table>
+  </div>
 
-<h1 class="title">{{ site.title }}</h1>
-{% if site.subtitle %}
-  <p class="lead">{{ site.subtitle }}</p>
-{% endif %}
+  <div>
+    <h1 class="title">
+      <a href="/"><img src="{{ site.url }}/images/rubysec-logo.png" width="80" height="80"></a>
+      {{ site.title }}
+    </h1>
+    {% if site.subtitle %}
+      <p class="lead">{{ site.subtitle }}</p>
+    {% endif %}
+  </div>

_includes/post/categories.html

@@ -1,10 +1,9 @@
-{% capture category %}{% if post %}{{ post.categories | category_links | size }}{% else %}{{ page.categories | category_links | size }}{% endif %}{% endcapture %}
-{% unless category == '0' %}
+{% if post.categories != empty or post.tags != empty or page.categories != empty or page.tags != empty %}
 <span class="categories">
   {% if post %}
-    {{ post.categories | category_links }}
+    {% include category_links.html categories=post.categories tags=post.tags %}
   {% else %}
-    {{ page.categories | category_links }}
+    {% include category_links.html categories=page.categories tags=page.tags %}
   {% endif %}
 </span>
-{% endunless %}
+{% endif %}

_includes/sidebar.html

@@ -1,7 +1,7 @@
 {% unless page.sidebar == false %}
   <div class="span4 sidebar">
     <div class="well">
-      Contact us <a href="https://twitter.com/rubysec">@rubysec</a>, info at rubysec.com, or chat in #rubysec on freenode.
+      Contact us <a href="https://twitter.com/rubysec">@rubysec</a> or <a href="https://github.com/rubysec/ruby-advisory-db">open an issue on our GitHub repository</a>.
     </div>
     <div class="well">
       <section>

_layouts/advisory.html

@@ -11,14 +11,20 @@ <h3>ADVISORIES</h3>
 </li>
 {% endif %}
 
+{% if page.advisory.ghsa %}
+<li>
+  <a href="https://github.com/advisories/GHSA-{{ page.advisory.ghsa }}">GHSA-{{ page.advisory.ghsa }}</a>
+</li>
+{% endif %}
+
 {% if page.advisory.osvdb %}
 <li>
   OSVDB-{{ page.advisory.osvdb }}
 </li>
 {% endif %}
 
 {% unless page.advisory.url contains 'osvdb.org' or page.advisory.url contains 'web.nvd.nist.gov'
-   or page.advisory.url contains 'cve.mitre.org' %}
+   or page.advisory.url contains 'cve.mitre.org' or page.advisory.url contains 'github.com/advisories' %}
 <li>
   <a href="{{ page.advisory.url }}">Vendor Advisory</a>
 </li>
@@ -37,6 +43,17 @@ <h3>FRAMEWORK</h3>
 <p>{{ page.advisory.framework }}</p>
 {% endif %}
 
+{% if page.advisory.cvss_v2 or page.advisory.cvss_v3 %}
+<h3>SEVERITY</h3>
+
+{% if page.advisory.cvss_v3 %}
+<p><strong>CVSS v3</strong>: {{ page.advisory.cvss_v3 }}</p>
+{% endif %}
+{% if page.advisory.cvss_v2 %}
+<p><strong>CVSS v2</strong>: {{ page.advisory.cvss_v2 }}</p>
+{% endif %}
+{% endif %}
+
 {% if page.advisory.unaffected_versions %}
 <h3>UNAFFECTED VERSIONS</h3>
 

images/rubysec-logo.png

@@ -3,24 +3,24 @@
 title: Home
 ---
 
+<p>We help maintain the following projects:</p>
+
 <div class="row">
   <div class="span4">
-    <h2>Advisory Database</h2>
+    <h2><a href="https://github.com/rubysec/ruby-advisory-db" target="_blank">Ruby Advisory Database</a></h2>
+    <p>
+    The canonical, community-maintained, plain-text database of security vulnerability advisories affecting Ruby libraries and virtual machines.
+    </p>
     <p>
-    The Ruby advisory database seeks to serve as a canonical repository of vulnerabilities affecting ruby libraries.
+    Receive updates via atom or <a href="https://github.com/rubysec/ruby-advisory-db" target="_blank">browse the database</a>.
     </p>
     <p>
     We are always looking for contributors.
     </p>
-    <a class="btn btn-large btn-github" href="https://github.com/rubysec/ruby-advisory-db/" target="_blank">
-      <i class="icon-github icon-2x pull-left"></i>
-      View Project<br>on GitHub</a>
   </div>
   <div class="span4">
-    <h2>Mailing List</h2>
-    <p>The rubysec-announce google group is our primary means of distribution.</p>
-    <p>Join our free mailing list to receive notifications on published advisories and information regarding recent vulnerabilities.</p>
-    <p><a class="btn" href="https://groups.google.com/group/rubysec-announce" target="_blank">View details &raquo;</a></p>
+    <h2><a href="https://github.com/rubysec/bundler-audit" target="_blank">Bundler-Audit</a></h2>
+    <p>Free utility that audits your Gemfile.lock against the advisory database.</p>
   </div>
 
   {% include sidebar.html %}