-
Notifications
You must be signed in to change notification settings - Fork 14.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Pull JSON blob from queried issues - Use layout output formats + templates to generate HTML table and JSON blob - Add localized strings and caption for CVE feed - Add a new page to describe details about CVE feed and how to use it - Update existing pages and link the official CVE feed from it Co-authored-by: Neha Lohia <nehapithadiya444@gmail.com> Co-authored-by: Tim Bannister <tim@scalefactory.com>
- Loading branch information
1 parent
acdef19
commit cafe6d2
Showing
6 changed files
with
122 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
44 changes: 44 additions & 0 deletions
44
content/en/docs/reference/issues-security/official-cve-feed.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
--- | ||
title: Official CVE Feed | ||
weight: 25 | ||
outputs: | ||
- json | ||
- html | ||
layout: cve-feed | ||
--- | ||
|
||
{{< feature-state for_k8s_version="v1.25" state="alpha" >}} | ||
|
||
This is a community maintained list of official CVEs announced by | ||
the Kubernetes Security Response Committee. See | ||
[Kubernetes Security and Disclosure Information](/docs/reference/issues-security/security/) | ||
for more details. | ||
|
||
The Kubernetes project publishes a programmatically accessible | ||
[JSON Feed](/docs/reference/issues-security/official-cve-feed/index.json) of | ||
published security issues. You can access it by executing the following command: | ||
|
||
{{< comment >}} | ||
`replace` is used to bypass known issue with rendering ">" | ||
: https://github.com/gohugoio/hugo/issues/7229 in JSON layouts template | ||
`layouts/_default/cve-feed.json` | ||
{{< /comment >}} | ||
|
||
```shell | ||
curl -v https://k8s.io/docs/reference/issues-security/official-cve-feed/index.json | ||
``` | ||
|
||
{{< cve-feed >}} | ||
|
||
<!-- | CVE ID | Issue Summary | CVE GitHub Issue URL | | ||
| ----------- | ----------- | --------- | | ||
| [CVE-2021-25741](https://www.cve.org/CVERecord?id=CVE-2021-25741) | Symlink Exchange Can Allow Host Filesystem Access | [#104980](https://github.com/kubernetes/kubernetes/issues/104980) | | ||
| [CVE-2020-8565](https://www.cve.org/CVERecord?id=CVE-2020-8565) | Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9 | [#95623](https://github.com/kubernetes/kubernetes/issues/95623) | --> | ||
|
||
This feed is auto-refreshing with a noticeable but small lag (minutes to hours) | ||
from the time a CVE is announced to the time it is accessible in this feed. | ||
|
||
The source of truth of this feed is a set of GitHub Issues, filtered by a controlled and | ||
restricted label `official-cve-feed`. The raw data is stored in a Google Cloud | ||
Bucket which is writable only by a small number of trusted members of the | ||
Community. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
{ | ||
"version": "https://jsonfeed.org/version/1.1", | ||
"title": "Auto-refreshing Official CVE Feed", | ||
"home_page_url": "https://kubernetes.io", | ||
"feed_url": "https://kubernetes.io/docs/reference/issues-security/official-cve-feed/index.json", | ||
"description": "Auto-refreshing official CVE feed for Kubernetes repository", | ||
"authors": [ | ||
{ | ||
"name": "Kubernetes Community", | ||
"url": "https://www.kubernetes.dev" | ||
} | ||
], | ||
"items": [ | ||
{{ range $i, $e := getJSON .Site.Params.cveFeedBucket }} | ||
{{ if $i }}, {{ end }} | ||
{ | ||
{{ T "cve_json_id" | jsonify }}: {{ .cve_id | jsonify }}, | ||
{{ T "cve_json_url" | jsonify }}: {{ .issue_url | jsonify }}, | ||
{{ T "cve_json_external_url" | jsonify }}: {{ .cve_url | jsonify}}, | ||
{{ T "cve_json_summary" | jsonify }}: {{ replace (.summary | jsonify ) "\\u003e" ">" }} | ||
}{{ end }} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
<table class="security-cves"> | ||
<caption>{{ T "cve_table" }}</caption> | ||
<thead> | ||
<tr> | ||
<th>{{ T "cve_id" }}</th> | ||
<th>{{ T "cve_summary"}}</th> | ||
<th>{{ T "cve_issue_url" }}</th> | ||
</tr> | ||
</thead> | ||
<tbody> | ||
{{ range $issues := getJSON .Site.Params.cveFeedBucket }} | ||
<tr> | ||
<td><a href="{{ .cve_url }}">{{ .cve_id | htmlEscape | safeHTML }}</a></td> | ||
<td>{{ .summary | htmlEscape | safeHTML }}</td> | ||
<td><a href="{{ .issue_url }}">#{{ .number }}</a></td> | ||
</tr> | ||
{{ end }} | ||
</tbody> | ||
</table> |