Skip to content

sqreen/rb-security-txt

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Security.txt toolbox for your Ruby app

This gem provides a Rack middleware and matching Rails engine that will provide a nicely formatted security.txt for your application. It also includes a generator and parser of security.txt files.

References:

Installation

Add this line to your application's Gemfile:

  gem 'securitytxt'

And then execute:

$ bundle

Using the Rails engine

Create an initializer with the policy you want to set:

# config/initializers/securitytxt.rb
SecurityTxt.contact = "[email protected]"
SecurityTxt.encryption = "https://www.mykey.com/pgp-key.txt"

Using the Rack middleware

Add the middleware to your chain in your config.ru

require 'securitytxt'

policy = {
  "contact" => "[email protected]",
  "encryption" => "https://www.mykey.com/pgp-key.txt"
}
use SecurityTxt::Middleware, policy

Parsing a Security.txt

Simply passing a string should be enough to get data back

require "securitytxt/parser"
require "open-uri"
SecurityTxt::Parser.new.parse(open("https://securitytxt.org/.well-known/security.txt").read)
# Outputs {"contact"=>"https://hackerone.com/ed", "encryption"=>"https://keybase.pub/edoverflow/pgp_key.asc", "acknowledgements"=>"https://hackerone.com/ed/thanks"}

Generating a Security.txt

require 'securitytxt/generator'
puts SecurityTxt::Generator.new({"contact"=>"https://hackerone.com/ed", "encryption"=>"https://keybase.pub/edoverflow/pgp_key.asc", "acknowledgements"=>"https://hackerone.com/ed/thanks"}).generate
# Outputs
#
# Contact: https://hackerone.com/ed
# Encryption: https://keybase.pub/edoverflow/pgp_key.asc
# Acknowledgements: https://hackerone.com/ed/thanks

CLI usage

Securitytxt - A CLI tool to parse and generate securitytxt content.

Help menu:
   -p, --parse FILE | URL           Parse securitytxt file or URL
   -g, --generate                   Generate a securitytxt string.
   -c, --contact DETAILS            List of contact details separated by comma(,) without spaces. (used with -g/--generate)
   -e, --encryption URL             Link to a page which contains your key.(used with -g/--generate)
   -a, --acknowledgements URL       Link to a page where security researchers are recognized for their reports.(used with -g/--generate)
   -h, --help                       Show this help message

License

The gem is available as open source under the terms of the MIT License.

About

Tools about security.txt for Ruby

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published