diff --git a/Index.md b/Index.md index 7f6633c715..0ab3a2de0f 100644 --- a/Index.md +++ b/Index.md @@ -1,6 +1,6 @@ # Index Alphabetical -**91** cheat sheets available. +**94** cheat sheets available. *Icons beside the cheat sheet name indicate in which language(s) code snippet(s) are provided.* @@ -24,6 +24,8 @@ ## B +[Browser Extension Vulnerabilities Cheat Sheet](cheatsheets/Browser_Extension_Vulnerabilities_Cheat_Sheet.md) + [Bean Validation Cheat Sheet](cheatsheets/Bean_Validation_Cheat_Sheet.md) ![Java](assets/Index_Java.svg) ![Xml](assets/Index_Xml.svg) ## C @@ -120,10 +122,12 @@ [Laravel Cheat Sheet](cheatsheets/Laravel_Cheat_Sheet.md) ![Html](assets/Index_Html.svg) ![Php](assets/Index_Php.svg) ![Sql](assets/Index_Sql.svg) ![Bash](assets/Index_Bash.svg) -[LDAP Injection Prevention Cheat Sheet](cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.md) +[LDAP Injection Prevention Cheat Sheet](cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.md) ![Java](assets/Index_Java.svg) [Logging Vocabulary Cheat Sheet](cheatsheets/Logging_Vocabulary_Cheat_Sheet.md) +[Legacy Application Management Cheat Sheet](cheatsheets/Legacy_Application_Management_Cheat_Sheet.md) + ## M [Microservices Security Cheat Sheet](cheatsheets/Microservices_Security_Cheat_Sheet.md) @@ -190,6 +194,8 @@ [Session Management Cheat Sheet](cheatsheets/Session_Management_Cheat_Sheet.md) +[Software Supply Chain Security Cheat Sheet](cheatsheets/Software_Supply_Chain_Security_Cheat_Sheet.md) + [Secrets Management Cheat Sheet](cheatsheets/Secrets_Management_Cheat_Sheet.md) [Symfony Cheat Sheet](cheatsheets/Symfony_Cheat_Sheet.md) ![Php](assets/Index_Php.svg) ![Bash](assets/Index_Bash.svg) @@ -200,7 +206,7 @@ [TLS Cipher String Cheat Sheet](cheatsheets/TLS_Cipher_String_Cheat_Sheet.md) -[Transport Layer Security Cheat Sheet](cheatsheets/Transport_Layer_Security_Cheat_Sheet.md) ![Bash](assets/Index_Bash.svg) +[Transport Layer Security Cheat Sheet](cheatsheets/Transport_Layer_Security_Cheat_Sheet.md) [Transport Layer Protection Cheat Sheet](cheatsheets/Transport_Layer_Protection_Cheat_Sheet.md) diff --git a/scripts/Generate_Site_mkDocs.sh b/scripts/Generate_Site_mkDocs.sh index d88d0c3978..a2ee750f18 100755 --- a/scripts/Generate_Site_mkDocs.sh +++ b/scripts/Generate_Site_mkDocs.sh @@ -95,53 +95,107 @@ if ! python -m mkdocs build; then exit 1 fi -echo "Step 6/7: Handling redirect for files that have changed" -#Authorization_Testing_Automation.md -> Authorization_Testing_Automation_Cheat_Sheet.md -#Injection_Prevention_Cheat_Sheet_in_Java.md -> Injection_Prevention_in_Java_Cheat_Sheet.md -#JSON_WEB_Token_Cheat_Sheet_for_Java.md -> JSON_WEB_Token_for_Java_Cheat_Sheet.md -#Ruby_on_Rails_Cheatsheet.md -> Ruby_on_Rails_Cheat_Sheet.md -#Nodejs_security_cheat_sheet.html -> Nodejs_security_Cheat_Sheet.html +echo "Step 6/7: Generate URL shortcuts for all cheat sheets" -if [[ "$OSTYPE" == "darwin"* ]]; then - # MacOS - sed -i '' "1i\\ - ---\\ - redirect_from: \"/cheatsheets/Authorization_Testing_Automation.html\"\\ - ---\\ - " "$WORK/$GENERATED_SITE/cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.html" - sed -i '' "1i\\ - ---\\ - redirect_from: \"/cheatsheets/Injection_Prevention_Cheat_Sheet_in_Java.html\"\\ - ---\\ - " "$WORK/$GENERATED_SITE/cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.html" - sed -i '' "1i\\ - ---\\ - redirect_from: \"/cheatsheets/JSON_Web_Token_Cheat_Sheet_for_Java.html\"\\ - ---\\ - " "$WORK/$GENERATED_SITE/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html" - sed -i '' "1i\\ - ---\\ - redirect_from: \"/cheatsheets/Ruby_on_Rails_Cheatsheet.html\"\\ - ---\\ - " "$WORK/$GENERATED_SITE/cheatsheets/Ruby_on_Rails_Cheat_Sheet.html" - sed -i '' "1i\\ - ---\\ - redirect_from: \"/cheatsheets/Nodejs_security_cheat_sheet.html\"\\ - ---\\ - " "$WORK/$GENERATED_SITE/cheatsheets/Nodejs_Security_Cheat_Sheet.html" - sed -i '' "1i\\ - ---\\ - redirect_from: \"/cheatsheets/Application_Logging_Vocabulary_Cheat_Sheet.html\"\\ - ---\\ - " "$WORK/$GENERATED_SITE/cheatsheets/Logging_Vocabulary_Cheat_Sheet.html" -else - sed -i "1i---\nredirect_from: \"/cheatsheets/Authorization_Testing_Automation.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.html - sed -i "1i---\nredirect_from: \"/cheatsheets/Injection_Prevention_Cheat_Sheet_in_Java.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.html - sed -i "1i---\nredirect_from: \"/cheatsheets/JSON_Web_Token_Cheat_Sheet_for_Java.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html - sed -i "1i---\nredirect_from: \"/cheatsheets/Ruby_on_Rails_Cheatsheet.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/Ruby_on_Rails_Cheat_Sheet.html - sed -i "1i---\nredirect_from: \"/cheatsheets/Nodejs_security_cheat_sheet.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/Nodejs_Security_Cheat_Sheet.html - sed -i "1i---\nredirect_from: \"/cheatsheets/Application_Logging_Vocabulary_Cheat_Sheet.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/Logging_Vocabulary_Cheat_Sheet.html -fi +# Debug current location +echo "Current directory: $(pwd)" +echo "WORK directory: $WORK" + +# Function to create redirect file +create_redirect() { + local shortcut=$1 + local target=$2 + local redirect_file="$WORK/site/${shortcut}" + + echo "Creating redirect: /${shortcut} -> ${target}" + + # Create the redirect HTML file + cat > "$redirect_file" << EOF + + + + + + + Redirecting to ${target}... + + +EOF + + # Also create .html version + cp "$redirect_file" "${redirect_file}.html" + + # Verify creation and handle errors properly + if [ -f "$redirect_file" ] && [ -f "${redirect_file}.html" ]; then + echo "✅ Created shortcuts:" + echo " - /${shortcut}" + echo " - /${shortcut}.html" + else + echo "❌ Failed to create shortcuts for ${shortcut}" + return 1 + fi +} + +# Track used shortcuts to prevent duplicates +declare -A used_shortcuts + +# Process all cheat sheet files +echo "Processing all cheat sheet files..." +find "$WORK/site/cheatsheets" -type f -name "*_Cheat_Sheet.html" | while read -r file; do + filename=$(basename "$file") + filepath=${file#"$WORK/site/"} + + #echo "Processing: $filename" + + # First try to find a match in redirects.yml + shortcut="" + if [ -f "redirects.yml" ]; then + # Try to find a matching redirect in the YAML file + while IFS=': ' read -r key target || [ -n "$key" ]; do + # Skip comments and empty lines + [[ $key =~ ^#.*$ ]] && continue + [ -z "$key" ] && continue + + # Trim whitespace + key=$(echo "$key" | xargs) + target=$(echo "$target" | xargs) + + if [ "$target" = "$filepath" ]; then + shortcut=$key + break + fi + done < "redirects.yml" + fi + + # If no shortcut found in redirects.yml, generate one + if [ -z "$shortcut" ]; then + # Generate shortcut from filename + shortcut=$(echo "$filename" | awk -F'_' '{for(i=1;i<=NF;i++)printf "%s", substr($i,1,1)}' | tr '[:lower:]' '[:upper:]') + fi + + # Handle duplicate shortcuts + if [ "${used_shortcuts[$shortcut]}" ]; then + echo "⚠️ Warning: Duplicate shortcut '$shortcut' for '$filename'. Original was for '${used_shortcuts[$shortcut]}'" + # Append a number to make it unique + count=2 + while [ "${used_shortcuts[${shortcut}${count}]}" ]; do + ((count++)) + done + shortcut="${shortcut}${count}" + fi + + # Record this shortcut as used + used_shortcuts[$shortcut]=$filepath + + # Create redirect + create_redirect "$shortcut" "$filepath" +done + +# Print all available shortcuts +echo "Available shortcuts:" +for shortcut in "${!used_shortcuts[@]}"; do + echo "- /${shortcut} -> ${used_shortcuts[$shortcut]}" +done echo "Step 7/7 Cleanup." rm -rf cheatsheets @@ -149,3 +203,54 @@ rm -rf custom_theme rm mkdocs.yml echo "Generation finished to the folder: $WORK/$GENERATED_SITE" + +# Add redirect handling +echo "Generating redirect pages..." +mkdir -p $WORK/$GENERATED_SITE/redirects + +# Process redirects.yml and generate redirect HTML files +#SITE_DIR="$WORK/$GENERATED_SITE" +python3 - < + + + + + + + Redirecting to {target_url}... + + +""" + +def create_redirect_page(shortcut, target_url, output_dir): + # Handle relative URLs + if not target_url.startswith('http'): + target_url = f'/{target_url}' + + content = REDIRECT_TEMPLATE.format(target_url=target_url) + + # Create redirect file + with open(f'{output_dir}/{shortcut}.html', 'w') as f: + f.write(content) + +# Load redirects +with open('../scripts/redirects.yml', 'r') as f: + try: + redirects = yaml.safe_load(f) + except yaml.YAMLError as e: + print(f"Error parsing redirects.yml: {e}") + exit(1) + +# Create redirect pages +output_dir = '$WORK/$GENERATED_SITE' +for shortcut, target in redirects.items(): + create_redirect_page(shortcut, target, output_dir) + print(f"Created redirect: {shortcut} -> {target}") + +EOF + diff --git a/scripts/redirects.yml b/scripts/redirects.yml new file mode 100644 index 0000000000..e0f7f04565 --- /dev/null +++ b/scripts/redirects.yml @@ -0,0 +1,49 @@ +# Common cheatsheet shortcuts +xss: cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html +auth: cheatsheets/Authentication_Cheat_Sheet.html +injection: cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html +csrf: cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html + +# Common guide shortcuts +newdev: cheatsheets/Guide_for_New_Developers.html +secarch: cheatsheets/Security_Architecture_Cheat_Sheet.html + +# Tool shortcuts +webgoat: https://owasp.org/www-project-webgoat/ +juice: https://owasp.org/www-project-juice-shop/ + +# Legacy redirects +old_xss: cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html # Maintain backwards compatibility + +# Direct topic shortcuts +SSRF: cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html +XSS: cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html +SQLi: cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html +JWT: cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html +DOS: cheatsheets/Denial_of_Service_Cheat_Sheet.html +XSRF: cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html +Docker: cheatsheets/Docker_Security_Cheat_Sheet.html +GraphQL: cheatsheets/GraphQL_Cheat_Sheet.html +Kubernetes: cheatsheets/Kubernetes_Security_Cheat_Sheet.html +LDAP: cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html +OAuth: cheatsheets/OAuth_2.0_Cheat_Sheet.html +SAML: cheatsheets/SAML_Security_Cheat_Sheet.html +TLP: cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html + +# Language-specific shortcuts +Java: cheatsheets/Java_Security_Cheat_Sheet.html +NodeJS: cheatsheets/Nodejs_Security_Cheat_Sheet.html +PHP: cheatsheets/PHP_Security_Cheat_Sheet.html +Python: cheatsheets/Python_Security_Cheat_Sheet.html +Ruby: cheatsheets/Ruby_on_Rails_Cheat_Sheet.html +DotNet: cheatsheets/DotNet_Security_Cheat_Sheet.html + +# Category-based shortcuts +Mobile: cheatsheets/Mobile_Application_Security_Cheat_Sheet.html +REST: cheatsheets/REST_Security_Cheat_Sheet.html +Cloud: cheatsheets/Cloud_Security_Cheat_Sheet.html +Crypto: cheatsheets/Cryptographic_Storage_Cheat_Sheet.html +Password: cheatsheets/Password_Storage_Cheat_Sheet.html +Session: cheatsheets/Session_Management_Cheat_Sheet.html + +# Add more redirects as needed \ No newline at end of file