Add security.txt. (#961)

* Add security.txt.

* Fix make task name.

Author: jezdez

Makefile

@@ -1,5 +1,3 @@
-.PHONY: bash npm-build npm-install build clean db-migrate db-upgrade redis-cli run shell start stop update test pytest image envvar ci cert trust pull
-
 bash:
 	docker-compose run --rm  web bash
 
@@ -62,3 +60,12 @@ trust:
 
 cert: trust
 	cd certs && mkcert jazzband.local "*.jazzband.local" jazzband.local localhost 127.0.0.1 ::1 && cd ..
+
+generate-securitytxt:
+	rm jazzband/static/security.txt
+	gpg --clearsign -u 02DE8F842900411ADD70B1374D87558AF652A00F -o jazzband/static/security.txt jazzband/static/security.txt.tpl
+
+verify-securitytxt:
+	gpg --verify jazzband/static/security.txt
+
+.PHONY: $(MAKECMDGOALS)

jazzband/content.py

@@ -57,6 +57,23 @@ def security():
     return redirect("/about/security")
 
 
+@content.route("/security.txt")
+def securitytxt_redirect():
+    return redirect(url_for("content.securitytxt_file"))
+
+
+@content.route("/.well-known/security.txt")
+def securitytxt_file():
+    filename = "security.txt"
+    return send_from_directory(
+        current_app.static_folder,
+        filename,
+        as_attachment=False,
+        mimetype="text/plain",
+        max_age=current_app.get_send_file_max_age(filename),
+    )
+
+
 @content.route("/donate")
 def donate():
     return redirect("https://psfmember.org/civicrm/contribute/transact?reset=1&id=34")
@@ -73,7 +90,8 @@ def docs(path):
 @content.route("/about/<path:path>")
 def about(path):
     page = about_pages.get_or_404(path)
-    template = "layouts/%s.html" % page.meta.get("layout", "about")
+    layout = page.meta.get("layout", "about")
+    template = f"layouts/{layout}.html"
     return render_template(template, page=page)
 
 
@@ -134,7 +152,8 @@ def news_feed():
 @content.route("/news/<path:path>")
 def news(path):
     page = news_pages.get_or_404(path)
-    template = "layouts/%s.html" % page.meta.get("layout", "news_detail")
+    layout = page.meta.get("layout", "news_detail")
+    template = f"layouts/{layout}.html"
     return render_template(template, page=page)
 
 

jazzband/static/security.txt

@@ -0,0 +1,35 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+# This is the Jazzband security.txt file.
+# More infos about the standard: https://securitytxt.org
+
+# Our security address
+Contact: mailto:security@jazzband.co
+# Our OpenPGP key
+Encryption: openpgp4fpr:02DE8F842900411ADD70B1374D87558AF652A00F
+# Our security policy
+Policy: https://jazzband.co/security
+# Canonical URIs
+Canonical: https://jazzband.co/.well-known/security.txt
+# Our preferred languages
+Preferred-Languages: en
+
+Expires: 2022-09-30T10:00:00.000Z
+# This file was clear-signed with: make generate-securitytxt
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEAt6PhCkAQRrdcLE3TYdVivZSoA8FAmFx2CMACgkQTYdVivZS
+oA+afQ/8C22qJeEOUY8eaNMJwo5SvoLw2sFPmhOjmTjtuULYHbZ/UWWUJhejdvVY
+TACzcUS+J6YM7yFjlwAFOPMTyuWqk5QimRWvXQhwRAMGwLGdFeza6wHcHH6TsOpd
+oiRvhYCFp/jwBzQAruG6z37LuNxP241rQvx/HJrKqHfN9UBPu3jkLB9WZVvoARGM
+bpFOshdn7BH3f19xC6Nd2+xQrenEJIRV5fJurB7UY2X3auTMA7GZZjVsaApJSzrv
+6QURag6E5KTW7kx+SNAh4xUINFI1YNHB8DGVKzab/se3qPMorLoNMFNzG0m+Ekfq
+8q9E8WGRBhXOXDjIeXP3gSLq5XYcMKHXsdYFFF+KQe8UmAizKjWs0z4IgBBbAZv5
+0iaZHa6htT+wF4WxbV/pgx5ECgkhy+CtUuxvXbdWsODZ7U7+qtY83cHGD6tlEGCS
+aV0GNIBvVM05fyaQLqUoeSwXvIrS7vU9P8YZ+KaubTmptsJIrShumLxE9fErU5uq
+ziMFAo0fAC0Xb8xGIfx/BN3GbzXIyQYbYEHZbGqug0mwhwqINdsVpfCleOCsZNxc
+mAhf9NZ19qH2L9l4P8N71w39bfH4BluGCWB3iPiRGqsidDag1205a9JeIKrqaM32
+FF7FSwNwnjmdrVYXuFsGYBiD5SnO1A+emPZ+PxjuFHSRvm37fpI=
+=U4DN
+-----END PGP SIGNATURE-----

jazzband/static/security.txt.tpl

@@ -0,0 +1,16 @@
+# This is the Jazzband security.txt file.
+# More infos about the standard: https://securitytxt.org
+
+# Our security address
+Contact: mailto:security@jazzband.co
+# Our OpenPGP key
+Encryption: openpgp4fpr:02DE8F842900411ADD70B1374D87558AF652A00F
+# Our security policy
+Policy: https://jazzband.co/security
+# Canonical URIs
+Canonical: https://jazzband.co/.well-known/security.txt
+# Our preferred languages
+Preferred-Languages: en
+
+Expires: 2022-09-30T10:00:00.000Z
+# This file was clear-signed with: make generate-securitytxt