Fix advisory template issue 8 Add a description

Rakefile

@@ -24,13 +24,41 @@ namespace :advisories do
       slug = "#{advisory['date']}-#{id}"
       post = File.join('advisories', '_posts', "#{slug}.md")
 
+      # Enhanced advisory processing with Rails Security format support
+      enhanced_advisory = advisory.dup
+
+      # Process description for better formatting
+      if enhanced_advisory['description']
+        enhanced_advisory['description'] = enhanced_advisory['description'].strip
+      end
+
+      # Add impact section if available
+      if advisory['impact']
+        enhanced_advisory['impact'] = advisory['impact'].strip
+      end
+
+      # Add workarounds section if available  
+      if advisory['workarounds']
+        enhanced_advisory['workarounds'] = advisory['workarounds'].strip
+      end
+
+      # Process patches if available
+      if advisory['patches']
+        enhanced_advisory['patches'] = advisory['patches']
+      end
+
+      # Process credits if available
+      if advisory['credits']
+        enhanced_advisory['credits'] = advisory['credits']
+      end
+
       File.open(post, 'w') do |file|
         header = {
           'layout'     => 'advisory',
           'title'      => "#{id} (#{advisory['gem']}): #{advisory['title']}",
           'comments'   => false,
           'categories' => [advisory['gem'], advisory['library'], advisory['framework'], advisory['platform']].compact,
-          'advisory'   => advisory
+          'advisory'   => enhanced_advisory
         }
 
         YAML.dump(header, file)

_includes/head.html

@@ -23,6 +23,7 @@
   <link href="{{ root_url }}/assets/bootstrap/css/bootstrap-responsive.min.css" rel="stylesheet" type="text/css">
   <link href="{{ root_url }}/assets/bootstrap/css/custom.css" rel="stylesheet" type="text/css">
   <link href="{{ root_url }}/assets/font-awesome/css/font-awesome.css" rel="stylesheet" type="text/css">
+  <link href="{{ root_url }}/assets/css/advisory.css" rel="stylesheet" type="text/css">
 
   <link href="{{ site.subscribe_rss }}" rel="alternate" title="{{ site.title }}" type="application/atom+xml">
 

_layouts/advisory.html

@@ -2,35 +2,44 @@
 layout: post
 ---
 
-<h3>ADVISORIES</h3>
+<div class="advisory-header">
+  <h2>{{ page.advisory.title }}</h2>
+  {% if page.advisory.date %}
+    <p class="advisory-date"><strong>Published:</strong> {{ page.advisory.date | date: "%B %d, %Y" }}</p>
+  {% endif %}
+</div>
 
-<ul>
+<h3>SECURITY IDENTIFIERS</h3>
+
+<ul class="advisory-identifiers">
 {% if page.advisory.cve %}
 <li>
-  <a href="https://www.cve.org/CVERecord?id=CVE-{{ page.advisory.cve }}">CVE-{{ page.advisory.cve }}</a>
+  <strong>CVE:</strong> <a href="https://www.cve.org/CVERecord?id=CVE-{{ page.advisory.cve }}">CVE-{{ page.advisory.cve }}</a>
   (<a href="https://nvd.nist.gov/vuln/detail/CVE-{{ page.advisory.cve }}">NVD</a>)
 </li>
 {% endif %}
 
 {% if page.advisory.ghsa %}
 <li>
-  <a href="https://github.com/advisories/GHSA-{{ page.advisory.ghsa }}">GHSA-{{ page.advisory.ghsa }}</a>
+  <strong>GHSA:</strong> <a href="https://github.com/advisories/GHSA-{{ page.advisory.ghsa }}">GHSA-{{ page.advisory.ghsa }}</a>
 </li>
 {% endif %}
 
 {% if page.advisory.osvdb %}
 <li>
-  OSVDB-{{ page.advisory.osvdb }}
+  <strong>OSVDB:</strong> OSVDB-{{ page.advisory.osvdb }}
 </li>
 {% endif %}
 
+{% if page.advisory.url %}
 {% unless page.advisory.url contains 'osvdb.org' or page.advisory.url contains 'nvd.nist.gov'
    or page.advisory.url contains 'cve.mitre.org' or page.advisory.url contains 'cve.org'
    or page.advisory.url contains 'github.com/advisories' %}
 <li>
-  <a href="{{ page.advisory.url }}">Vendor Advisory</a>
+  <strong>Vendor Advisory:</strong> <a href="{{ page.advisory.url }}">{{ page.advisory.url }}</a>
 </li>
 {% endunless %}
+{% endif %}
 </ul>
 
 <h3>GEM</h3>
@@ -90,61 +99,113 @@ <h3>PLATFORM</h3>
 {% if page.advisory.cvss_v2 or page.advisory.cvss_v3 %}
 <h3>SEVERITY</h3>
 
+<div class="severity-section">
 {% if page.advisory.cvss_v3 %}
 {% assign cvss_v3 = page.advisory.cvss_v3 %}
-<p><a href="https://www.first.org/cvss/">CVSS v3.x</a>: {{ cvss_v3 }} (
-  {%- if cvss_v3 == 0.0 -%}
-    None
-  {%- elsif cvss_v3 >= 0.1 and cvss_v3 <= 3.9 -%}
-    Low
-  {%- elsif cvss_v3 >= 4.0 and cvss_v3 <= 6.9 -%}
-    <span style="color: #FFB507;">Medium</span>
-  {%- elsif cvss_v3 >= 7.0 and cvss_v3 <= 8.9 -%}
-    <span style="color: #FF6900;"><strong>High</strong></span>
-  {%- elsif cvss_v3 >= 9.0 and cvss_v3 <= 10.0 -%}
-    <span style="color: #D5011B;"><strong>Critical</strong></span>
-  {%- endif -%}
-)</p>
+<div class="cvss-score">
+  <p><strong><a href="https://www.first.org/cvss/">CVSS v3.x</a>:</strong> {{ cvss_v3 }} (
+    {%- if cvss_v3 == 0.0 -%}
+      <span class="severity-none">None</span>
+    {%- elsif cvss_v3 >= 0.1 and cvss_v3 <= 3.9 -%}
+      <span class="severity-low">Low</span>
+    {%- elsif cvss_v3 >= 4.0 and cvss_v3 <= 6.9 -%}
+      <span class="severity-medium">Medium</span>
+    {%- elsif cvss_v3 >= 7.0 and cvss_v3 <= 8.9 -%}
+      <span class="severity-high">High</span>
+    {%- elsif cvss_v3 >= 9.0 and cvss_v3 <= 10.0 -%}
+      <span class="severity-critical">Critical</span>
+    {%- endif -%}
+  )</p>
+</div>
 {% endif %}
+
 {% if page.advisory.cvss_v2 %}
 {% assign cvss_v2 = page.advisory.cvss_v2 %}
-<p><a href="https://www.first.org/cvss/v2/">CVSS v2.0</a>: {{ cvss_v2 }} (
-  {%- if cvss_v2 >= 0.0 and cvss_v2 <= 3.9 -%}
-    Low
-  {%- elsif cvss_v2 >= 4.0 and cvss_v2 <= 6.9 -%}
-    <span style="color: #FFB507;">Medium</span>
-  {%- elsif cvss_v2 >= 7.0 and cvss_v2 <= 10.0 -%}
-    <span style="color: #D5011B;"><strong>High</strong></span>
-  {%- endif -%}
-)</p>
+<div class="cvss-score">
+  <p><strong><a href="https://www.first.org/cvss/v2/">CVSS v2.0</a>:</strong> {{ cvss_v2 }} (
+    {%- if cvss_v2 >= 0.0 and cvss_v2 <= 3.9 -%}
+      <span class="severity-low">Low</span>
+    {%- elsif cvss_v2 >= 4.0 and cvss_v2 <= 6.9 -%}
+      <span class="severity-medium">Medium</span>
+    {%- elsif cvss_v2 >= 7.0 and cvss_v2 <= 10.0 -%}
+      <span class="severity-high">High</span>
+    {%- endif -%}
+  )</p>
+</div>
 {% endif %}
+</div>
 {% endif %}
 
 {% if page.advisory.unaffected_versions %}
 <h3>UNAFFECTED VERSIONS</h3>
 
-<ul>
+<div class="version-list">
   {% for version in page.advisory.unaffected_versions %}
-  <li><kbd>{{ version | escape }}</kbd></li>
+  <span class="version-badge unaffected"><code>{{ version | escape }}</code></span>
   {% endfor %}
-</ul>
+</div>
 {% endif %}
 
 <h3>PATCHED VERSIONS</h3>
 
+<div class="version-list">
 {% if page.advisory.patched_versions %}
-<ul>
   {% for version in page.advisory.patched_versions %}
-  <li><kbd>{{ version | escape }}</kbd></li>
+  <span class="version-badge patched"><code>{{ version | escape }}</code></span>
   {% endfor %}
-</ul>
 {% else %}
-<p>None.</p>
+  <p class="no-patches">None available.</p>
 {% endif %}
+</div>
 
 <h3>DESCRIPTION</h3>
 
+<div class="advisory-description">
 {{ page.advisory.description | xml_escape | markdownify }}
+</div>
+
+{% if page.advisory.impact %}
+<h3>IMPACT</h3>
+
+<div class="advisory-impact">
+{{ page.advisory.impact | xml_escape | markdownify }}
+</div>
+{% endif %}
+
+{% if page.advisory.workarounds %}
+<h3>WORKAROUNDS</h3>
+
+<div class="advisory-workarounds">
+{{ page.advisory.workarounds | xml_escape | markdownify }}
+</div>
+{% endif %}
+
+{% if page.advisory.patches %}
+<h3>PATCHES</h3>
+
+<ul class="patch-list">
+{% for patch in page.advisory.patches %}
+  <li><a href="{{ patch.url }}">{{ patch.name | default: patch.url }}</a></li>
+{% endfor %}
+</ul>
+{% endif %}
+
+{% if page.advisory.credits %}
+<h3>CREDITS</h3>
+
+<div class="advisory-credits">
+{% if page.advisory.credits.size > 0 %}
+  <p>Thank you to the following security researchers:</p>
+  <ul>
+  {% for credit in page.advisory.credits %}
+    <li>{{ credit }}</li>
+  {% endfor %}
+  </ul>
+{% else %}
+  <p>{{ page.advisory.credits }}</p>
+{% endif %}
+</div>
+{% endif %}
 
 {% if page.advisory.related %}
 <h3>RELATED</h3>

advisories/_posts/2006-05-14-CVE-2006-2581.md

@@ -1,46 +1,46 @@
----
-layout: advisory
-title: 'CVE-2006-2581 (rwiki): RWiki before 2.1.1 has cross-site scripting vulnerability'
-comments: false
-categories:
-- rwiki
-advisory:
-  gem: rwiki
-  cve: 2006-2581
-  ghsa: gvhx-gj42-m28v
-  url: https://web.archive.org/web/20090501134922/http://www2a.biglobe.ne.jp/~seki/ruby/rwiki.html
-  title: RWiki before 2.1.1 has cross-site scripting vulnerability
-  date: 2006-05-14
-  description: |
-    Cross-site scripting (XSS) vulnerability in Wiki content in
-    RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to inject
-    arbitrary web script or HTML via unknown attack vectors.
-  cvss_v2: 4.3
-  unaffected_versions:
-  - "< 2.1.0pre1"
-  patched_versions:
-  - ">= 2.1.1"
-  related:
-    cve:
-    - 2006-2582
-    ghsa:
-    - wwmf-6p58-6vj2
-    url:
-    - https://nvd.nist.gov/vuln/detail/CVE-2006-2581
-    - https://exchange.xforce.ibmcloud.com/vulnerabilities/26664
-    - https://github.com/advisories/GHSA-wwmf-6p58-6vj2
-    - https://github.com/advisories/GHSA-gvhx-gj42-m28v
-    - https://rubygems.org/gems/rwiki
-    - https://web.archive.org/web/20090501134922/http://www2a.biglobe.ne.jp/~seki/ruby/rwiki.html
-    - https://web.archive.org/web/20090504061152/http://pub.cozmixng.org/~the-rwiki/rw-cgi.rb?cmd=view;name=top
-    - https://web.archive.org/web/20081201080215/http://secunia.com/advisories/20264
-    - https://web.archive.org/web/20090524010623/http://www.vupen.com/english/advisories/2006/1949
-  notes: |
-    - Best references are in Japanese.
-    - Source code link on rubygems.org goes to
-      lucassus/rwiki (last version 0.2.5, not 2.1.1).
-    - Found two other repos:
-      - https://github.com/rwiki/rwiki
-      - https://github.com/ytakhs/rwiki
-    - CWE: [NVD-CWE-Other] MODERATE
----
+---
+layout: advisory
+title: 'CVE-2006-2581 (rwiki): RWiki before 2.1.1 has cross-site scripting vulnerability'
+comments: false
+categories:
+- rwiki
+advisory:
+  gem: rwiki
+  cve: 2006-2581
+  ghsa: gvhx-gj42-m28v
+  url: https://web.archive.org/web/20090501134922/http://www2a.biglobe.ne.jp/~seki/ruby/rwiki.html
+  title: RWiki before 2.1.1 has cross-site scripting vulnerability
+  date: 2006-05-14
+  description: |
+    Cross-site scripting (XSS) vulnerability in Wiki content in
+    RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to inject
+    arbitrary web script or HTML via unknown attack vectors.
+  cvss_v2: 4.3
+  unaffected_versions:
+  - "< 2.1.0pre1"
+  patched_versions:
+  - ">= 2.1.1"
+  related:
+    cve:
+    - 2006-2582
+    ghsa:
+    - wwmf-6p58-6vj2
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2006-2581
+    - https://exchange.xforce.ibmcloud.com/vulnerabilities/26664
+    - https://github.com/advisories/GHSA-wwmf-6p58-6vj2
+    - https://github.com/advisories/GHSA-gvhx-gj42-m28v
+    - https://rubygems.org/gems/rwiki
+    - https://web.archive.org/web/20090501134922/http://www2a.biglobe.ne.jp/~seki/ruby/rwiki.html
+    - https://web.archive.org/web/20090504061152/http://pub.cozmixng.org/~the-rwiki/rw-cgi.rb?cmd=view;name=top
+    - https://web.archive.org/web/20081201080215/http://secunia.com/advisories/20264
+    - https://web.archive.org/web/20090524010623/http://www.vupen.com/english/advisories/2006/1949
+  notes: |
+    - Best references are in Japanese.
+    - Source code link on rubygems.org goes to
+      lucassus/rwiki (last version 0.2.5, not 2.1.1).
+    - Found two other repos:
+      - https://github.com/rwiki/rwiki
+      - https://github.com/ytakhs/rwiki
+    - CWE: [NVD-CWE-Other] MODERATE
+---