diff --git a/advisories/Hubot_Potential_command_injection_in_email.coffee.md b/advisories/Hubot_Potential_command_injection_in_email.coffee.md index 062234b..1b84db1 100644 --- a/advisories/Hubot_Potential_command_injection_in_email.coffee.md +++ b/advisories/Hubot_Potential_command_injection_in_email.coffee.md @@ -3,7 +3,7 @@ title: Hubot Scripts Potential command injection in email.coffee author: Neal Poole module_name: hubot-scripts publish_date: 2013-05-15T22:14:38.178Z -cve: CVE-temp +cves: "[]" vulnerable_versions: "<= 2.4.3" patched_versions: "> 2.4.3" severity: high diff --git a/advisories/JS-YAML_Deserialization_Code_Execution.md b/advisories/JS-YAML_Deserialization_Code_Execution.md index 05a2788..f9c609e 100644 --- a/advisories/JS-YAML_Deserialization_Code_Execution.md +++ b/advisories/JS-YAML_Deserialization_Code_Execution.md @@ -3,7 +3,7 @@ title: JS-YAML Deserialization Code Execution author: Neal Poole module_name: js-yaml publish_date: 2013-06-23T22:23:50.005Z -cve: CVE-2013-4660 +cves: "[{\"name\":\"CVE-2013-4660\",\"link\":\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4660\"}]" vulnerable_versions: "< 2.0.5" patched_versions: ">= 2.0.5" severity: high diff --git a/advisories/Tomato_API_Admin_Auth_Weakness.md b/advisories/Tomato_API_Admin_Auth_Weakness.md index 3d8792b..737603e 100644 --- a/advisories/Tomato_API_Admin_Auth_Weakness.md +++ b/advisories/Tomato_API_Admin_Auth_Weakness.md @@ -3,7 +3,7 @@ title: Tomato API Admin Auth Weakness author: Adam Baldwin module_name: tomato publish_date: 2013-03-07T21:52:30.192Z -cve: CVE-temp +cves: "[]" vulnerable_versions: "<= 0.0.5" patched_versions: ">= 0.0.6" ... diff --git a/advisories/codem-transcode_command_injection.md b/advisories/codem-transcode_command_injection.md index d3206bf..a980859 100644 --- a/advisories/codem-transcode_command_injection.md +++ b/advisories/codem-transcode_command_injection.md @@ -3,7 +3,7 @@ title: codem-transcode potential command injection in ffprobe functionality author: Neal Poole module_name: codem-transcode publish_date: Jul 07 2013 09:33:48 GMT-0800 (PST) -cve: CVE-temp +cves: "[]" vulnerable_versions: "<0.5.0" patched_versions: ">=0.5.0" ... diff --git a/advisories/ep_imageconvert_command_injection.md b/advisories/ep_imageconvert_command_injection.md index 546ee39..1c3776f 100644 --- a/advisories/ep_imageconvert_command_injection.md +++ b/advisories/ep_imageconvert_command_injection.md @@ -3,7 +3,7 @@ title: ep_imageconvert unauthenticated remote command injection author: Neal Poole module_name: ep_imageconvert publish_date: May 06 2013 09:33:48 GMT-0800 (PST) -cve: CVE-2013-3364 +cves: "[{\"name\":\"CVE-2013-3364\",\"link\":\"http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-3364\"}]" vulnerable_versions: "<=0.0.2" patched_versions: ">=0.0.3" ... diff --git a/advisories/hapi_File_descriptor_leak_DoS_vulnerability.md b/advisories/hapi_File_descriptor_leak_DoS_vulnerability.md index 6b23e6d..7b10b43 100644 --- a/advisories/hapi_File_descriptor_leak_DoS_vulnerability.md +++ b/advisories/hapi_File_descriptor_leak_DoS_vulnerability.md @@ -3,7 +3,7 @@ title: Hapi File descriptor leak can cause DoS vulnerability author: Jo Liss module_name: hapi publish_date: Feb 14 2014 09:33:48 GMT-0800 (PST) -cve: CVE-temp +cves: "[]" vulnerable_versions: "2.0.x || 2.1.x" patched_versions: ">= 2.2.x" ... diff --git a/advisories/libnotify_potential_command_injection_in_libnotify.notify.md b/advisories/libnotify_potential_command_injection_in_libnotify.notify.md index cd1f41c..70a967d 100644 --- a/advisories/libnotify_potential_command_injection_in_libnotify.notify.md +++ b/advisories/libnotify_potential_command_injection_in_libnotify.notify.md @@ -3,7 +3,7 @@ title: Potential command injection in libnotify.notify author: Adam Baldwin module_name: libnotify publish_date: 2013-05-15T22:30:05.853Z -cve: CVE-temp +cves: "[]" vulnerable_versions: "<= 1.0.3" patched_versions: ">= 1.0.4" ... diff --git a/advisories/libyaml_heap-based_buffer_overflow_when_parsing_YAML_tags.md b/advisories/libyaml_heap-based_buffer_overflow_when_parsing_YAML_tags.md index 2d0c613..e9f927f 100644 --- a/advisories/libyaml_heap-based_buffer_overflow_when_parsing_YAML_tags.md +++ b/advisories/libyaml_heap-based_buffer_overflow_when_parsing_YAML_tags.md @@ -3,7 +3,7 @@ title: libyaml - heap-based buffer overflow when parsing YAML tags author: N/A module_name: libyaml publish_date: Tue Feb 04 2014 09:31:34 GMT-0800 (PST -cve: CVE-2013-6393 +cves: "[{\"name\":\"CVE-2013-6393\",\"link\":\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6393\"}]" vulnerable_versions: "<0.2.3" patched_versions: ">=0.2.3" ... diff --git a/advisories/marked_multiple_content_injection_vulnerabilities.md b/advisories/marked_multiple_content_injection_vulnerabilities.md index f06caf5..01f043b 100644 --- a/advisories/marked_multiple_content_injection_vulnerabilities.md +++ b/advisories/marked_multiple_content_injection_vulnerabilities.md @@ -3,7 +3,7 @@ title: Marked multiple content injection vulnerabilities author: Adam Baldwin module_name: marked publish_date: Fri Jan 31 2014 00:33:12 GMT-0800 (PST) -cve: CVE-2014-1850 +cves: "[{\"name\":\"CVE-2014-1850\",\"link\":\"http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1850\"}]" vulnerable_versions: "<=0.3.0" patched_versions: ">=0.3.1" ... diff --git a/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting.md b/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting.md index dc91243..89dc455 100644 --- a/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting.md +++ b/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting.md @@ -3,7 +3,7 @@ title: methodOverride Middleware Reflected Cross-Site Scripting author: Sergio Arcos module_name: connect publish_date: 2013-07-01T01:08:59.630Z -cve: CVE-temp +cves: "[]" vulnerable_versions: "<=2.8.0" patched_versions: ">=2.8.1" ... diff --git a/advisories/printer_potential_command_injection.md b/advisories/printer_potential_command_injection.md index dfe9caf..21fa35b 100644 --- a/advisories/printer_potential_command_injection.md +++ b/advisories/printer_potential_command_injection.md @@ -3,7 +3,7 @@ title: printer potential command injection on untrusted input author: Adam Baldwin module_name: printer publish_date: Tue Mar 06 2014 09:33:48 GMT-0800 (PST) -cve: CVE-temp +cves: "[]" vulnerable_versions: "<= 0.0.1" patched_versions: "> 0.0.1" ... diff --git a/advisories/st_directory_traversal.md b/advisories/st_directory_traversal.md index 173e406..3ea6bb0 100644 --- a/advisories/st_directory_traversal.md +++ b/advisories/st_directory_traversal.md @@ -3,7 +3,7 @@ title: st directory traversal author: Isaac Schlueter module_name: st publish_date: Feb 06 2014 09:33:48 GMT-0800 (PST) -cve: CVE-temp +cves: "[]" vulnerable_versions: "<0.2.5" patched_versions: ">=0.2.5" ... diff --git a/advisories/template.md b/advisories/template.md index 83c9b36..42d85f1 100644 --- a/advisories/template.md +++ b/advisories/template.md @@ -3,7 +3,7 @@ title: Template author: Joe McPwnerson module_name: tomato publish_date: Tue Feb 04 2014 09:33:48 GMT-0800 (PST) -cve: CVE-temp +cve: "[]" vulnerable_versions: "" patched_versions: "" ... diff --git a/hapi-advisories/index.js b/hapi-advisories/index.js index f59cedc..b8e62d1 100644 --- a/hapi-advisories/index.js +++ b/hapi-advisories/index.js @@ -67,6 +67,11 @@ exports.register = function (plugin, options, next) { var meta = metamarked(fs.readFileSync(path.resolve(settings.rootDir, fileStats.name), 'utf8')); meta.meta.url = filename; + // console.log('META: ', meta.meta); + // console.log('parse:', JSON.parse(meta.meta.cve)); + meta.meta.cves = JSON.parse(meta.meta.cves); + + var currentDate; if (meta.meta.publish_date) { currentDate = new Date(meta.meta.publish_date); diff --git a/server.js b/server.js index b2ca7f8..17a9329 100644 --- a/server.js +++ b/server.js @@ -48,7 +48,7 @@ server.pack.register(advisories, {}, function (err) { console.log('Loaded advisories'); // Start the server server.start(function () { - console.log('Started Server'); + console.log('Started Server on port: ', config.hapi.port); }); } }); diff --git a/tests/advisories/Hubot_Potential_command_injection_in_email.coffee.md b/tests/advisories/Hubot_Potential_command_injection_in_email.coffee.md index 062234b..1b84db1 100644 --- a/tests/advisories/Hubot_Potential_command_injection_in_email.coffee.md +++ b/tests/advisories/Hubot_Potential_command_injection_in_email.coffee.md @@ -3,7 +3,7 @@ title: Hubot Scripts Potential command injection in email.coffee author: Neal Poole module_name: hubot-scripts publish_date: 2013-05-15T22:14:38.178Z -cve: CVE-temp +cves: "[]" vulnerable_versions: "<= 2.4.3" patched_versions: "> 2.4.3" severity: high diff --git a/tests/advisories/JS-YAML_Deserialization_Code_Execution.md b/tests/advisories/JS-YAML_Deserialization_Code_Execution.md index 05a2788..f9c609e 100644 --- a/tests/advisories/JS-YAML_Deserialization_Code_Execution.md +++ b/tests/advisories/JS-YAML_Deserialization_Code_Execution.md @@ -3,7 +3,7 @@ title: JS-YAML Deserialization Code Execution author: Neal Poole module_name: js-yaml publish_date: 2013-06-23T22:23:50.005Z -cve: CVE-2013-4660 +cves: "[{\"name\":\"CVE-2013-4660\",\"link\":\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4660\"}]" vulnerable_versions: "< 2.0.5" patched_versions: ">= 2.0.5" severity: high diff --git a/tests/advisories/Tomato_API_Admin_Auth_Weakness.md b/tests/advisories/Tomato_API_Admin_Auth_Weakness.md index 3d8792b..737603e 100644 --- a/tests/advisories/Tomato_API_Admin_Auth_Weakness.md +++ b/tests/advisories/Tomato_API_Admin_Auth_Weakness.md @@ -3,7 +3,7 @@ title: Tomato API Admin Auth Weakness author: Adam Baldwin module_name: tomato publish_date: 2013-03-07T21:52:30.192Z -cve: CVE-temp +cves: "[]" vulnerable_versions: "<= 0.0.5" patched_versions: ">= 0.0.6" ... diff --git a/tests/advisories/libnotify_potential_command_injection_in_libnotify.notify.md b/tests/advisories/libnotify_potential_command_injection_in_libnotify.notify.md index cd1f41c..70a967d 100644 --- a/tests/advisories/libnotify_potential_command_injection_in_libnotify.notify.md +++ b/tests/advisories/libnotify_potential_command_injection_in_libnotify.notify.md @@ -3,7 +3,7 @@ title: Potential command injection in libnotify.notify author: Adam Baldwin module_name: libnotify publish_date: 2013-05-15T22:30:05.853Z -cve: CVE-temp +cves: "[]" vulnerable_versions: "<= 1.0.3" patched_versions: ">= 1.0.4" ... diff --git a/tests/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting.md b/tests/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting.md index dc91243..89dc455 100644 --- a/tests/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting.md +++ b/tests/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting.md @@ -3,7 +3,7 @@ title: methodOverride Middleware Reflected Cross-Site Scripting author: Sergio Arcos module_name: connect publish_date: 2013-07-01T01:08:59.630Z -cve: CVE-temp +cves: "[]" vulnerable_versions: "<=2.8.0" patched_versions: ">=2.8.1" ... diff --git a/tests/advisories/template.md b/tests/advisories/template.md index 7d2fa97..42d85f1 100644 --- a/tests/advisories/template.md +++ b/tests/advisories/template.md @@ -2,10 +2,14 @@ title: Template author: Joe McPwnerson module_name: tomato -publish_date: -cve: CVE-temp +publish_date: Tue Feb 04 2014 09:33:48 GMT-0800 (PST) +cve: "[]" vulnerable_versions: "" patched_versions: "" ... +## Overview +## Recommendations + +## References diff --git a/views/advisory.jade b/views/advisory.jade index fa4d06f..31418a5 100644 --- a/views/advisory.jade +++ b/views/advisory.jade @@ -10,9 +10,16 @@ block content h1= advisory.meta.title i.icon-calendar | #{advisory.meta.publish_date} + if advisory.meta.cves + .advisory-author + each cve in advisory.meta.cves + .i.icon-tag + | #{cve.name}  + #{advisory.meta.cve} .advisory-author i.icon-user |  Credit: #{advisory.meta.author} + .span4.advisory-right .module-name