added the thing to make the CVE appear

advisories/Hubot_Potential_command_injection_in_email.coffee.md

@@ -3,7 +3,7 @@ title:  Hubot Scripts Potential command injection in email.coffee
 author:  Neal Poole
 module_name: hubot-scripts
 publish_date: 2013-05-15T22:14:38.178Z
-cve: CVE-temp 
+cves: "[]"
 vulnerable_versions: "<= 2.4.3"
 patched_versions: "> 2.4.3"
 severity: high

advisories/JS-YAML_Deserialization_Code_Execution.md

@@ -3,7 +3,7 @@ title:  JS-YAML Deserialization Code Execution
 author:  Neal Poole
 module_name: js-yaml
 publish_date: 2013-06-23T22:23:50.005Z
-cve: CVE-2013-4660
+cves: "[{\"name\":\"CVE-2013-4660\",\"link\":\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4660\"}]"
 vulnerable_versions: "<  2.0.5"
 patched_versions: ">= 2.0.5"
 severity: high

advisories/Tomato_API_Admin_Auth_Weakness.md

@@ -3,7 +3,7 @@ title:  Tomato API Admin Auth Weakness
 author:  Adam Baldwin
 module_name: tomato
 publish_date: 2013-03-07T21:52:30.192Z
-cve: CVE-temp
+cves: "[]"
 vulnerable_versions: "<= 0.0.5"
 patched_versions: ">= 0.0.6"
 ...

advisories/codem-transcode_command_injection.md

@@ -3,7 +3,7 @@ title:  codem-transcode potential command injection in ffprobe functionality
 author:  Neal Poole
 module_name: codem-transcode
 publish_date: Jul 07 2013 09:33:48 GMT-0800 (PST) 
-cve: CVE-temp
+cves: "[]"
 vulnerable_versions: "<0.5.0"
 patched_versions: ">=0.5.0"
 ...

advisories/ep_imageconvert_command_injection.md

@@ -3,7 +3,7 @@ title: ep_imageconvert unauthenticated remote command injection
 author:  Neal Poole
 module_name: ep_imageconvert
 publish_date: May 06 2013 09:33:48 GMT-0800 (PST) 
-cve: CVE-2013-3364
+cves: "[{\"name\":\"CVE-2013-3364\",\"link\":\"http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-3364\"}]"
 vulnerable_versions: "<=0.0.2"
 patched_versions: ">=0.0.3"
 ...

advisories/hapi_File_descriptor_leak_DoS_vulnerability.md

@@ -3,7 +3,7 @@ title:  Hapi File descriptor leak can cause DoS vulnerability
 author: Jo Liss
 module_name: hapi
 publish_date: Feb 14 2014 09:33:48 GMT-0800 (PST) 
-cve: CVE-temp
+cves: "[]"
 vulnerable_versions: "2.0.x || 2.1.x"
 patched_versions: ">= 2.2.x"
 ...

advisories/libnotify_potential_command_injection_in_libnotify.notify.md

@@ -3,7 +3,7 @@ title:  Potential command injection in libnotify.notify
 author:  Adam Baldwin
 module_name: libnotify
 publish_date: 2013-05-15T22:30:05.853Z
-cve: CVE-temp
+cves: "[]"
 vulnerable_versions: "<= 1.0.3"
 patched_versions: ">= 1.0.4"
 ...

advisories/libyaml_heap-based_buffer_overflow_when_parsing_YAML_tags.md

@@ -3,7 +3,7 @@ title:  libyaml - heap-based buffer overflow when parsing YAML tags
 author:  N/A
 module_name: libyaml
 publish_date: Tue Feb 04 2014 09:31:34 GMT-0800 (PST
-cve: CVE-2013-6393
+cves: "[{\"name\":\"CVE-2013-6393\",\"link\":\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6393\"}]"
 vulnerable_versions: "<0.2.3"
 patched_versions: ">=0.2.3"
 ...

advisories/marked_multiple_content_injection_vulnerabilities.md

@@ -3,7 +3,7 @@ title:  Marked multiple content injection vulnerabilities
 author:  Adam Baldwin
 module_name: marked
 publish_date: Fri Jan 31 2014 00:33:12 GMT-0800 (PST)
-cve: CVE-2014-1850
+cves: "[{\"name\":\"CVE-2014-1850\",\"link\":\"http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1850\"}]"
 vulnerable_versions: "<=0.3.0"
 patched_versions: ">=0.3.1"
 ...

advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting.md

@@ -3,7 +3,7 @@ title:  methodOverride Middleware Reflected Cross-Site Scripting
 author:  Sergio Arcos
 module_name: connect
 publish_date: 2013-07-01T01:08:59.630Z
-cve: CVE-temp
+cves: "[]"
 vulnerable_versions: "<=2.8.0"
 patched_versions: ">=2.8.1"
 ...

advisories/printer_potential_command_injection.md

@@ -3,7 +3,7 @@ title:  printer potential command injection on untrusted input
 author:  Adam Baldwin
 module_name: printer
 publish_date: Tue Mar 06 2014 09:33:48 GMT-0800 (PST) 
-cve: CVE-temp
+cves: "[]"
 vulnerable_versions: "<= 0.0.1"
 patched_versions: "> 0.0.1"
 ...

advisories/st_directory_traversal.md

@@ -3,7 +3,7 @@ title:  st directory traversal
 author:  Isaac Schlueter
 module_name: st
 publish_date: Feb 06 2014 09:33:48 GMT-0800 (PST) 
-cve: CVE-temp
+cves: "[]"
 vulnerable_versions: "<0.2.5"
 patched_versions: ">=0.2.5"
 ...

advisories/template.md

@@ -3,7 +3,7 @@ title:  Template
 author:  Joe McPwnerson
 module_name: tomato
 publish_date: Tue Feb 04 2014 09:33:48 GMT-0800 (PST) 
-cve: CVE-temp
+cve: "[]"
 vulnerable_versions: ""
 patched_versions: ""
 ...

hapi-advisories/index.js

@@ -67,6 +67,11 @@ exports.register = function (plugin, options, next) {
                 var meta = metamarked(fs.readFileSync(path.resolve(settings.rootDir, fileStats.name), 'utf8'));
                 meta.meta.url = filename;
 
+                // console.log('META: ', meta.meta);
+                // console.log('parse:', JSON.parse(meta.meta.cve));
+                meta.meta.cves = JSON.parse(meta.meta.cves);
+
+
                 var currentDate;
                 if (meta.meta.publish_date) {
                     currentDate = new Date(meta.meta.publish_date);

server.js

@@ -48,7 +48,7 @@ server.pack.register(advisories, {}, function (err) {
         console.log('Loaded advisories');
         // Start the server
         server.start(function () {
-            console.log('Started Server');
+            console.log('Started Server on port: ', config.hapi.port);
         });
     }
 });

tests/advisories/Hubot_Potential_command_injection_in_email.coffee.md

@@ -3,7 +3,7 @@ title:  Hubot Scripts Potential command injection in email.coffee
 author:  Neal Poole
 module_name: hubot-scripts
 publish_date: 2013-05-15T22:14:38.178Z
-cve: CVE-temp 
+cves: "[]"
 vulnerable_versions: "<= 2.4.3"
 patched_versions: "> 2.4.3"
 severity: high

tests/advisories/JS-YAML_Deserialization_Code_Execution.md

@@ -3,7 +3,7 @@ title:  JS-YAML Deserialization Code Execution
 author:  Neal Poole
 module_name: js-yaml
 publish_date: 2013-06-23T22:23:50.005Z
-cve: CVE-2013-4660
+cves: "[{\"name\":\"CVE-2013-4660\",\"link\":\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4660\"}]"
 vulnerable_versions: "<  2.0.5"
 patched_versions: ">= 2.0.5"
 severity: high

tests/advisories/Tomato_API_Admin_Auth_Weakness.md

@@ -3,7 +3,7 @@ title:  Tomato API Admin Auth Weakness
 author:  Adam Baldwin
 module_name: tomato
 publish_date: 2013-03-07T21:52:30.192Z
-cve: CVE-temp
+cves: "[]"
 vulnerable_versions: "<= 0.0.5"
 patched_versions: ">= 0.0.6"
 ...

tests/advisories/libnotify_potential_command_injection_in_libnotify.notify.md

@@ -3,7 +3,7 @@ title:  Potential command injection in libnotify.notify
 author:  Adam Baldwin
 module_name: libnotify
 publish_date: 2013-05-15T22:30:05.853Z
-cve: CVE-temp
+cves: "[]"
 vulnerable_versions: "<= 1.0.3"
 patched_versions: ">= 1.0.4"
 ...

tests/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting.md

@@ -3,7 +3,7 @@ title:  methodOverride Middleware Reflected Cross-Site Scripting
 author:  Sergio Arcos
 module_name: connect
 publish_date: 2013-07-01T01:08:59.630Z
-cve: CVE-temp
+cves: "[]"
 vulnerable_versions: "<=2.8.0"
 patched_versions: ">=2.8.1"
 ...

tests/advisories/template.md

@@ -2,10 +2,14 @@
 title:  Template
 author:  Joe McPwnerson
 module_name: tomato
-publish_date: 
-cve: CVE-temp
+publish_date: Tue Feb 04 2014 09:33:48 GMT-0800 (PST) 
+cve: "[]"
 vulnerable_versions: ""
 patched_versions: ""
 ...
 
+## Overview
 
+## Recommendations
+
+## References

views/advisory.jade

@@ -10,9 +10,16 @@ block content
               h1= advisory.meta.title
             i.icon-calendar
             | #{advisory.meta.publish_date}
+            if advisory.meta.cves
+              .advisory-author
+                each cve in advisory.meta.cves
+                  .i.icon-tag
+                  |  <a href="#{cve.link}">#{cve.name}</a>&nbsp;
+                #{advisory.meta.cve} 
             .advisory-author
               i.icon-user
               | &nbsp;Credit: #{advisory.meta.author}
+
 
           .span4.advisory-right
             .module-name