This gem provides a Rack middleware and matching Rails engine that will provide a nicely formatted security.txt for your application. It also includes a generator and parser of security.txt files.
References:
Add this line to your application's Gemfile:
gem 'securitytxt'
And then execute:
$ bundle
Create an initializer with the policy you want to set:
# config/initializers/securitytxt.rb
SecurityTxt.contact = "[email protected]"
SecurityTxt.encryption = "https://www.mykey.com/pgp-key.txt"
Add the middleware to your chain in your config.ru
require 'securitytxt'
policy = {
"contact" => "[email protected]",
"encryption" => "https://www.mykey.com/pgp-key.txt"
}
use SecurityTxt::Middleware, policy
Simply passing a string should be enough to get data back
require "securitytxt/parser"
require "open-uri"
SecurityTxt::Parser.new.parse(open("https://securitytxt.org/.well-known/security.txt").read)
# Outputs {"contact"=>"https://hackerone.com/ed", "encryption"=>"https://keybase.pub/edoverflow/pgp_key.asc", "acknowledgements"=>"https://hackerone.com/ed/thanks"}
require 'securitytxt/generator'
puts SecurityTxt::Generator.new({"contact"=>"https://hackerone.com/ed", "encryption"=>"https://keybase.pub/edoverflow/pgp_key.asc", "acknowledgements"=>"https://hackerone.com/ed/thanks"}).generate
# Outputs
#
# Contact: https://hackerone.com/ed
# Encryption: https://keybase.pub/edoverflow/pgp_key.asc
# Acknowledgements: https://hackerone.com/ed/thanks
Securitytxt - A CLI tool to parse and generate securitytxt content.
Help menu:
-p, --parse FILE | URL Parse securitytxt file or URL
-g, --generate Generate a securitytxt string.
-c, --contact DETAILS List of contact details separated by comma(,) without spaces. (used with -g/--generate)
-e, --encryption URL Link to a page which contains your key.(used with -g/--generate)
-a, --acknowledgements URL Link to a page where security researchers are recognized for their reports.(used with -g/--generate)
-h, --help Show this help message
The gem is available as open source under the terms of the MIT License.