Add blogpost about pentest

monal-im · Apr 15, 2024 · f31ffc5 · f31ffc5
1 parent f95f639
commit f31ffc5
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 0 deletions.
diff --git a/content/post/00011-security-audit-1/index.md b/content/post/00011-security-audit-1/index.md
@@ -0,0 +1,19 @@
+---
+title: "ROS Security Audit"
+date: 2024-04-15
+resources:
+- src: "pentest_1.pdf"
+  title: "Monal IM penetration test report 2024 1.0"
+  params:
+    icon: pdf
+
+tags: []
+author: "Thilo Molitor"
+---
+
+<a href="https://www.radicallyopensecurity.com/">Radically Open Security (ROS)</a> kindly performed a security audit of some parts of Monal.  
+Specifically they audited the usage of our XML query language and the implementations of <a href="https://xmpp.org/extensions/xep-0388.html">SASL2</a>, <a href="https://datatracker.ietf.org/doc/html/rfc5802">SCRAM</a> and <a href="https://xmpp.org/extensions/xep-0474.html">SSDP</a>.
+
+**The results in a nutshell: *no security issues* found, read the full report here: {{< pdfLink "pentest_1.pdf" >}}**
+
+
diff --git a/content/post/00011-security-audit-1/pentest_1.pdf b/content/post/00011-security-audit-1/pentest_1.pdf
diff --git a/layouts/shortcodes/pdfLink.html b/layouts/shortcodes/pdfLink.html
@@ -0,0 +1,4 @@
+{{ $pdf := $.Page.Resources.GetMatch (.Get 0)}}
+{{ $title := cond (not (.Get "title")) (cond (not (.Get 1)) $pdf.Title (.Get 1)) (.Get "title") }}
+
+<a href="{{ $pdf.RelPermalink }}">{{ $title | safeHTML }}</a>.