From b1369777a72294f46c78899678baa3fa958a6732 Mon Sep 17 00:00:00 2001 From: Farreeda <94711213+Farreeda@users.noreply.github.com> Date: Thu, 30 Jan 2025 20:41:45 +0200 Subject: [PATCH 1/3] URL shortcuts #1300 A Contribution for URL shortcut, now, Abbreviation .html directs to the exact page! --- Index.md | 12 ++- scripts/Generate_Site_mkDocs.sh | 130 +++++++++++++++++++++----------- scripts/redirects.yml | 33 ++++++++ 3 files changed, 126 insertions(+), 49 deletions(-) create mode 100644 scripts/redirects.yml diff --git a/Index.md b/Index.md index 7f6633c715..0ab3a2de0f 100644 --- a/Index.md +++ b/Index.md @@ -1,6 +1,6 @@ # Index Alphabetical -**91** cheat sheets available. +**94** cheat sheets available. *Icons beside the cheat sheet name indicate in which language(s) code snippet(s) are provided.* @@ -24,6 +24,8 @@ ## B +[Browser Extension Vulnerabilities Cheat Sheet](cheatsheets/Browser_Extension_Vulnerabilities_Cheat_Sheet.md) + [Bean Validation Cheat Sheet](cheatsheets/Bean_Validation_Cheat_Sheet.md) ![Java](assets/Index_Java.svg) ![Xml](assets/Index_Xml.svg) ## C @@ -120,10 +122,12 @@ [Laravel Cheat Sheet](cheatsheets/Laravel_Cheat_Sheet.md) ![Html](assets/Index_Html.svg) ![Php](assets/Index_Php.svg) ![Sql](assets/Index_Sql.svg) ![Bash](assets/Index_Bash.svg) -[LDAP Injection Prevention Cheat Sheet](cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.md) +[LDAP Injection Prevention Cheat Sheet](cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.md) ![Java](assets/Index_Java.svg) [Logging Vocabulary Cheat Sheet](cheatsheets/Logging_Vocabulary_Cheat_Sheet.md) +[Legacy Application Management Cheat Sheet](cheatsheets/Legacy_Application_Management_Cheat_Sheet.md) + ## M [Microservices Security Cheat Sheet](cheatsheets/Microservices_Security_Cheat_Sheet.md) @@ -190,6 +194,8 @@ [Session Management Cheat Sheet](cheatsheets/Session_Management_Cheat_Sheet.md) +[Software Supply Chain Security Cheat Sheet](cheatsheets/Software_Supply_Chain_Security_Cheat_Sheet.md) + [Secrets Management Cheat Sheet](cheatsheets/Secrets_Management_Cheat_Sheet.md) [Symfony Cheat Sheet](cheatsheets/Symfony_Cheat_Sheet.md) ![Php](assets/Index_Php.svg) ![Bash](assets/Index_Bash.svg) @@ -200,7 +206,7 @@ [TLS Cipher String Cheat Sheet](cheatsheets/TLS_Cipher_String_Cheat_Sheet.md) -[Transport Layer Security Cheat Sheet](cheatsheets/Transport_Layer_Security_Cheat_Sheet.md) ![Bash](assets/Index_Bash.svg) +[Transport Layer Security Cheat Sheet](cheatsheets/Transport_Layer_Security_Cheat_Sheet.md) [Transport Layer Protection Cheat Sheet](cheatsheets/Transport_Layer_Protection_Cheat_Sheet.md) diff --git a/scripts/Generate_Site_mkDocs.sh b/scripts/Generate_Site_mkDocs.sh index d88d0c3978..889d949ea4 100755 --- a/scripts/Generate_Site_mkDocs.sh +++ b/scripts/Generate_Site_mkDocs.sh @@ -95,53 +95,91 @@ if ! python -m mkdocs build; then exit 1 fi -echo "Step 6/7: Handling redirect for files that have changed" -#Authorization_Testing_Automation.md -> Authorization_Testing_Automation_Cheat_Sheet.md -#Injection_Prevention_Cheat_Sheet_in_Java.md -> Injection_Prevention_in_Java_Cheat_Sheet.md -#JSON_WEB_Token_Cheat_Sheet_for_Java.md -> JSON_WEB_Token_for_Java_Cheat_Sheet.md -#Ruby_on_Rails_Cheatsheet.md -> Ruby_on_Rails_Cheat_Sheet.md -#Nodejs_security_cheat_sheet.html -> Nodejs_security_Cheat_Sheet.html +echo "Step 6/7: Generate URL shortcuts for all cheat sheets" + +# Debug current location +echo "Current directory: $(pwd)" +echo "WORK directory: $WORK" + +# Function to generate shortcut name from filename +generate_shortcut() { + local filename=$1 + local shortcut="" + + # Remove file extension and common suffixes + local basename=${filename%%.html} + basename=${basename%%_Cheat_Sheet} + + # For cheat sheets, use first letters of each word + shortcut=$(echo "$basename" | awk -F'_' '{for(i=1;i<=NF;i++)printf "%s", substr($i,1,1)}') + + # echo "$shortcut" +} + +# Function to create redirect file +create_redirect() { + local shortcut=$1 + local target=$2 + local redirect_file="$WORK/site/${shortcut}" + + #echo "Creating redirect: /${shortcut} -> ${target}" + + # Create the redirect HTML file + cat > "$redirect_file" << EOF + + + + + + + Redirecting to ${target}... + + +EOF + + # Also create .html version + cp "$redirect_file" "${redirect_file}.html" + + # Verify creation + if [ -f "$redirect_file" ] && [ -f "${redirect_file}.html" ]; then + # echo "✅ Created shortcuts:" + echo " - /${shortcut}" + echo " - /${shortcut}.html" + else + #echo "❌ Failed to create shortcuts for ${shortcut}" + fi +} + +# Process all cheat sheet files +echo "Processing all cheat sheet files..." +find "$WORK/site/cheatsheets" -type f -name "*_Cheat_Sheet.html" | while read -r file; do + filename=$(basename "$file") + filepath=${file#"$WORK/site/"} + + #echo "Processing: $filename" + + # Generate shortcut name + shortcut=$(generate_shortcut "$filename") + + # Skip if no shortcut generated + [ -z "$shortcut" ] && continue + + # Convert to uppercase + #shortcut=$(echo "$shortcut" | tr '[:lower:]' '[:upper:]') + + # Create redirect + create_redirect "$shortcut" "$filepath" +done -if [[ "$OSTYPE" == "darwin"* ]]; then - # MacOS - sed -i '' "1i\\ - ---\\ - redirect_from: \"/cheatsheets/Authorization_Testing_Automation.html\"\\ - ---\\ - " "$WORK/$GENERATED_SITE/cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.html" - sed -i '' "1i\\ - ---\\ - redirect_from: \"/cheatsheets/Injection_Prevention_Cheat_Sheet_in_Java.html\"\\ - ---\\ - " "$WORK/$GENERATED_SITE/cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.html" - sed -i '' "1i\\ - ---\\ - redirect_from: \"/cheatsheets/JSON_Web_Token_Cheat_Sheet_for_Java.html\"\\ - ---\\ - " "$WORK/$GENERATED_SITE/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html" - sed -i '' "1i\\ - ---\\ - redirect_from: \"/cheatsheets/Ruby_on_Rails_Cheatsheet.html\"\\ - ---\\ - " "$WORK/$GENERATED_SITE/cheatsheets/Ruby_on_Rails_Cheat_Sheet.html" - sed -i '' "1i\\ - ---\\ - redirect_from: \"/cheatsheets/Nodejs_security_cheat_sheet.html\"\\ - ---\\ - " "$WORK/$GENERATED_SITE/cheatsheets/Nodejs_Security_Cheat_Sheet.html" - sed -i '' "1i\\ - ---\\ - redirect_from: \"/cheatsheets/Application_Logging_Vocabulary_Cheat_Sheet.html\"\\ - ---\\ - " "$WORK/$GENERATED_SITE/cheatsheets/Logging_Vocabulary_Cheat_Sheet.html" -else - sed -i "1i---\nredirect_from: \"/cheatsheets/Authorization_Testing_Automation.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.html - sed -i "1i---\nredirect_from: \"/cheatsheets/Injection_Prevention_Cheat_Sheet_in_Java.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.html - sed -i "1i---\nredirect_from: \"/cheatsheets/JSON_Web_Token_Cheat_Sheet_for_Java.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html - sed -i "1i---\nredirect_from: \"/cheatsheets/Ruby_on_Rails_Cheatsheet.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/Ruby_on_Rails_Cheat_Sheet.html - sed -i "1i---\nredirect_from: \"/cheatsheets/Nodejs_security_cheat_sheet.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/Nodejs_Security_Cheat_Sheet.html - sed -i "1i---\nredirect_from: \"/cheatsheets/Application_Logging_Vocabulary_Cheat_Sheet.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/Logging_Vocabulary_Cheat_Sheet.html -fi +# Print all available shortcuts +#echo "Available shortcuts:" +for file in "$WORK"/site/[A-Z]*; do + if [ -f "$file" ] && [[ ! "$file" =~ \.(html|xml|gz)$ ]]; then + shortcut=$(basename "$file") + target=$(grep -o 'url=/[^"]*' "$file" | cut -d'=' -f2) + #echo "- /${shortcut} -> ${target}" + fi +done echo "Step 7/7 Cleanup." rm -rf cheatsheets diff --git a/scripts/redirects.yml b/scripts/redirects.yml new file mode 100644 index 0000000000..ec484850bb --- /dev/null +++ b/scripts/redirects.yml @@ -0,0 +1,33 @@ +# Direct topic shortcuts +SSRF: cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html +XSS: cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html +SQLi: cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html +JWT: cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html +DOS: cheatsheets/Denial_of_Service_Cheat_Sheet.html +Auth: cheatsheets/Authentication_Cheat_Sheet.html +CSRF: cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html +Docker: cheatsheets/Docker_Security_Cheat_Sheet.html +GraphQL: cheatsheets/GraphQL_Cheat_Sheet.html +K8S: cheatsheets/Kubernetes_Security_Cheat_Sheet.html +LDAP: cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html +OAuth: cheatsheets/OAuth_2.0_Cheat_Sheet.html +SAML: cheatsheets/SAML_Security_Cheat_Sheet.html +TLS: cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html + +# Language-specific shortcuts +Java: cheatsheets/Java_Security_Cheat_Sheet.html +NodeJS: cheatsheets/Nodejs_Security_Cheat_Sheet.html +PHP: cheatsheets/PHP_Security_Cheat_Sheet.html +Python: cheatsheets/Python_Security_Cheat_Sheet.html +Ruby: cheatsheets/Ruby_on_Rails_Cheat_Sheet.html +DotNet: cheatsheets/DotNet_Security_Cheat_Sheet.html + +# Category-based shortcuts +Mobile: cheatsheets/Mobile_Application_Security_Cheat_Sheet.html +API: cheatsheets/REST_Security_Cheat_Sheet.html +Cloud: cheatsheets/Cloud_Security_Cheat_Sheet.html +Crypto: cheatsheets/Cryptographic_Storage_Cheat_Sheet.html +Password: cheatsheets/Password_Storage_Cheat_Sheet.html +Session: cheatsheets/Session_Management_Cheat_Sheet.html + +# Add more redirects as needed \ No newline at end of file From 365a3cc0f9e38a78796ac2204eea20bb2e5aecd6 Mon Sep 17 00:00:00 2001 From: Farreeda <94711213+Farreeda@users.noreply.github.com> Date: Sun, 9 Feb 2025 14:06:43 +0200 Subject: [PATCH 2/3] fixing issues. --- scripts/Generate_Site_mkDocs.sh | 131 ++++++++++++++++++++++++-------- scripts/redirects.yml | 20 ++++- 2 files changed, 117 insertions(+), 34 deletions(-) diff --git a/scripts/Generate_Site_mkDocs.sh b/scripts/Generate_Site_mkDocs.sh index 889d949ea4..a2ee750f18 100755 --- a/scripts/Generate_Site_mkDocs.sh +++ b/scripts/Generate_Site_mkDocs.sh @@ -101,28 +101,13 @@ echo "Step 6/7: Generate URL shortcuts for all cheat sheets" echo "Current directory: $(pwd)" echo "WORK directory: $WORK" -# Function to generate shortcut name from filename -generate_shortcut() { - local filename=$1 - local shortcut="" - - # Remove file extension and common suffixes - local basename=${filename%%.html} - basename=${basename%%_Cheat_Sheet} - - # For cheat sheets, use first letters of each word - shortcut=$(echo "$basename" | awk -F'_' '{for(i=1;i<=NF;i++)printf "%s", substr($i,1,1)}') - - # echo "$shortcut" -} - # Function to create redirect file create_redirect() { local shortcut=$1 local target=$2 local redirect_file="$WORK/site/${shortcut}" - #echo "Creating redirect: /${shortcut} -> ${target}" + echo "Creating redirect: /${shortcut} -> ${target}" # Create the redirect HTML file cat > "$redirect_file" << EOF @@ -140,16 +125,20 @@ EOF # Also create .html version cp "$redirect_file" "${redirect_file}.html" - # Verify creation + # Verify creation and handle errors properly if [ -f "$redirect_file" ] && [ -f "${redirect_file}.html" ]; then - # echo "✅ Created shortcuts:" + echo "✅ Created shortcuts:" echo " - /${shortcut}" echo " - /${shortcut}.html" else - #echo "❌ Failed to create shortcuts for ${shortcut}" + echo "❌ Failed to create shortcuts for ${shortcut}" + return 1 fi } +# Track used shortcuts to prevent duplicates +declare -A used_shortcuts + # Process all cheat sheet files echo "Processing all cheat sheet files..." find "$WORK/site/cheatsheets" -type f -name "*_Cheat_Sheet.html" | while read -r file; do @@ -158,27 +147,54 @@ find "$WORK/site/cheatsheets" -type f -name "*_Cheat_Sheet.html" | while read -r #echo "Processing: $filename" - # Generate shortcut name - shortcut=$(generate_shortcut "$filename") + # First try to find a match in redirects.yml + shortcut="" + if [ -f "redirects.yml" ]; then + # Try to find a matching redirect in the YAML file + while IFS=': ' read -r key target || [ -n "$key" ]; do + # Skip comments and empty lines + [[ $key =~ ^#.*$ ]] && continue + [ -z "$key" ] && continue + + # Trim whitespace + key=$(echo "$key" | xargs) + target=$(echo "$target" | xargs) + + if [ "$target" = "$filepath" ]; then + shortcut=$key + break + fi + done < "redirects.yml" + fi - # Skip if no shortcut generated - [ -z "$shortcut" ] && continue + # If no shortcut found in redirects.yml, generate one + if [ -z "$shortcut" ]; then + # Generate shortcut from filename + shortcut=$(echo "$filename" | awk -F'_' '{for(i=1;i<=NF;i++)printf "%s", substr($i,1,1)}' | tr '[:lower:]' '[:upper:]') + fi - # Convert to uppercase - #shortcut=$(echo "$shortcut" | tr '[:lower:]' '[:upper:]') + # Handle duplicate shortcuts + if [ "${used_shortcuts[$shortcut]}" ]; then + echo "⚠️ Warning: Duplicate shortcut '$shortcut' for '$filename'. Original was for '${used_shortcuts[$shortcut]}'" + # Append a number to make it unique + count=2 + while [ "${used_shortcuts[${shortcut}${count}]}" ]; do + ((count++)) + done + shortcut="${shortcut}${count}" + fi + + # Record this shortcut as used + used_shortcuts[$shortcut]=$filepath # Create redirect create_redirect "$shortcut" "$filepath" done # Print all available shortcuts -#echo "Available shortcuts:" -for file in "$WORK"/site/[A-Z]*; do - if [ -f "$file" ] && [[ ! "$file" =~ \.(html|xml|gz)$ ]]; then - shortcut=$(basename "$file") - target=$(grep -o 'url=/[^"]*' "$file" | cut -d'=' -f2) - #echo "- /${shortcut} -> ${target}" - fi +echo "Available shortcuts:" +for shortcut in "${!used_shortcuts[@]}"; do + echo "- /${shortcut} -> ${used_shortcuts[$shortcut]}" done echo "Step 7/7 Cleanup." @@ -187,3 +203,54 @@ rm -rf custom_theme rm mkdocs.yml echo "Generation finished to the folder: $WORK/$GENERATED_SITE" + +# Add redirect handling +echo "Generating redirect pages..." +mkdir -p $WORK/$GENERATED_SITE/redirects + +# Process redirects.yml and generate redirect HTML files +#SITE_DIR="$WORK/$GENERATED_SITE" +python3 - < + + + + + + + Redirecting to {target_url}... + + +""" + +def create_redirect_page(shortcut, target_url, output_dir): + # Handle relative URLs + if not target_url.startswith('http'): + target_url = f'/{target_url}' + + content = REDIRECT_TEMPLATE.format(target_url=target_url) + + # Create redirect file + with open(f'{output_dir}/{shortcut}.html', 'w') as f: + f.write(content) + +# Load redirects +with open('../scripts/redirects.yml', 'r') as f: + try: + redirects = yaml.safe_load(f) + except yaml.YAMLError as e: + print(f"Error parsing redirects.yml: {e}") + exit(1) + +# Create redirect pages +output_dir = '$WORK/$GENERATED_SITE' +for shortcut, target in redirects.items(): + create_redirect_page(shortcut, target, output_dir) + print(f"Created redirect: {shortcut} -> {target}") + +EOF + diff --git a/scripts/redirects.yml b/scripts/redirects.yml index ec484850bb..75a0a644c5 100644 --- a/scripts/redirects.yml +++ b/scripts/redirects.yml @@ -1,11 +1,27 @@ +# Common cheatsheet shortcuts +xss: cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html +auth: cheatsheets/Authentication_Cheat_Sheet.html +injection: cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html +csrf: cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html + +# Common guide shortcuts +newdev: cheatsheets/Guide_for_New_Developers.html +secarch: cheatsheets/Security_Architecture_Cheat_Sheet.html + +# Tool shortcuts +webgoat: https://owasp.org/www-project-webgoat/ +juice: https://owasp.org/www-project-juice-shop/ + +# Legacy redirects +old_xss: cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html # Maintain backwards compatibility + # Direct topic shortcuts SSRF: cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html XSS: cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html SQLi: cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html JWT: cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html DOS: cheatsheets/Denial_of_Service_Cheat_Sheet.html -Auth: cheatsheets/Authentication_Cheat_Sheet.html -CSRF: cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html +XSRF: cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html Docker: cheatsheets/Docker_Security_Cheat_Sheet.html GraphQL: cheatsheets/GraphQL_Cheat_Sheet.html K8S: cheatsheets/Kubernetes_Security_Cheat_Sheet.html From 62002c839bf07d9b0432148c4602f8ad1c09be39 Mon Sep 17 00:00:00 2001 From: Farreeda <94711213+Farreeda@users.noreply.github.com> Date: Sun, 9 Feb 2025 15:25:11 +0200 Subject: [PATCH 3/3] updates to yml file --- scripts/redirects.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/redirects.yml b/scripts/redirects.yml index 75a0a644c5..e0f7f04565 100644 --- a/scripts/redirects.yml +++ b/scripts/redirects.yml @@ -24,11 +24,11 @@ DOS: cheatsheets/Denial_of_Service_Cheat_Sheet.html XSRF: cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html Docker: cheatsheets/Docker_Security_Cheat_Sheet.html GraphQL: cheatsheets/GraphQL_Cheat_Sheet.html -K8S: cheatsheets/Kubernetes_Security_Cheat_Sheet.html +Kubernetes: cheatsheets/Kubernetes_Security_Cheat_Sheet.html LDAP: cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html OAuth: cheatsheets/OAuth_2.0_Cheat_Sheet.html SAML: cheatsheets/SAML_Security_Cheat_Sheet.html -TLS: cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html +TLP: cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html # Language-specific shortcuts Java: cheatsheets/Java_Security_Cheat_Sheet.html @@ -40,7 +40,7 @@ DotNet: cheatsheets/DotNet_Security_Cheat_Sheet.html # Category-based shortcuts Mobile: cheatsheets/Mobile_Application_Security_Cheat_Sheet.html -API: cheatsheets/REST_Security_Cheat_Sheet.html +REST: cheatsheets/REST_Security_Cheat_Sheet.html Cloud: cheatsheets/Cloud_Security_Cheat_Sheet.html Crypto: cheatsheets/Cryptographic_Storage_Cheat_Sheet.html Password: cheatsheets/Password_Storage_Cheat_Sheet.html