Add blogpost about pentest

monal-im · Apr 15, 2024 · da5e0d8 · da5e0d8
1 parent 0d34b3d
commit da5e0d8
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 0 deletions.
diff --git a/content/post/00011-security-audit-1/index.md b/content/post/00011-security-audit-1/index.md
@@ -0,0 +1,15 @@
+---
+title: "ROS Security Audit"
+date: 2024-04-15
+resources:
+- src: "pentest_1.pdf"
+  title: "Monal IM penetration test report 2024 1.0"
+
+tags: []
+author: "Thilo Molitor"
+---
+
+<a href="https://www.radicallyopensecurity.com/">Radically Open Security (ROS)</a> kindly performed a security audit of some parts of Monal.  
+Specifically they audited the usage of our XML query language and the implementations of <a href="https://xmpp.org/extensions/xep-0388.html">SASL2</a>, <a href="https://datatracker.ietf.org/doc/html/rfc5802">SCRAM</a> and <a href="https://xmpp.org/extensions/xep-0474.html">SSDP</a>.
+
+The results in a nutshell: *no security issues found*, read the full report here: {{< pdfLink "pentest_1.pdf" >}}.
diff --git a/content/post/00011-security-audit-1/pentest_1.pdf b/content/post/00011-security-audit-1/pentest_1.pdf
diff --git a/layouts/shortcodes/pdfLink.html b/layouts/shortcodes/pdfLink.html
@@ -0,0 +1,9 @@
+{{ if .IsNamedParams }}
+  {{ $pdf := $.Page.Resources.GetMatch (.Get "name") }}
+  {{ $title := cond (not (.Get "title")) $pdf.Title (.Get "title") }}
+  <a href="{{ $pdf.RelPermalink }}">{{ $title | safeHTML }}</a>
+{{ else }}
+  {{ $pdf := $.Page.Resources.GetMatch (.Get 0) }}
+  {{ $title := cond (not (.Get 1)) $pdf.Title (.Get 1) }}
+  <a href="{{ $pdf.RelPermalink }}">{{ $title | safeHTML }}</a>
+{{ end }}