Add a .well-known/security.txt

senekor · senekor · commit f49b8db36d32 · 2024-07-25T21:16:48.000+02:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -23,3 +23,6 @@ rust_team_data = { git = "https://github.com/rust-lang/team" }
 handlebars = "5.1.0"
 siphasher = "1.0.1"
 percent-encoding = "2.1.0"
+
+[dev-dependencies]
+time = { version = "0.3.36", features = ["parsing"] }
diff --git a/src/main.rs b/src/main.rs
@@ -249,6 +249,11 @@ fn redirect_bare_en_us() -> Redirect {
     Redirect::permanent("/")
 }
 
+#[get("/.well-known/security.txt")]
+fn well_known_security() -> &'static str {
+    include_str!("../static/text/well_known_security.txt")
+}
+
 #[catch(404)]
 #[allow(clippy::result_large_err)]
 fn not_found(req: &Request) -> Result<Template, Redirect> {
@@ -475,6 +480,7 @@ async fn rocket() -> _ {
                 team_locale,
                 subject_locale,
                 redirect_bare_en_us,
+                well_known_security,
             ],
         )
         .register(
diff --git a/static/text/well_known_security.txt b/static/text/well_known_security.txt
@@ -0,0 +1,2 @@
+Contact: https://www.rust-lang.org/policies/security
+Expires: 2024-05-15T00:00:00.000Z
diff --git a/tests/well_known_security.rs b/tests/well_known_security.rs
@@ -0,0 +1,25 @@
+use time::{format_description::well_known::Rfc3339, OffsetDateTime};
+
+#[test]
+fn well_known_security_is_not_expired() {
+    let text = include_str!("../static/text/well_known_security.txt");
+    let expires = text.split("Expires:").nth(1).unwrap().trim();
+    let expires = OffsetDateTime::parse(expires, &Rfc3339).unwrap();
+    let now = OffsetDateTime::now_utc();
+    assert!(
+        now < expires,
+        "
+        ┌────────────────────────────────────────────────────────────────┐
+        │                                                                │
+        │  I looks like the expiration date of the security policy has   │
+        │  passed. Before blindly updating it, please make sure the      │
+        │  pointed-to URL still refers to the source of truth of the     │
+        │  security policy of the Rust project. If all is well, you can  │
+        │  update the expiration date in the relevant file:              │
+        │                                                                │
+        │  static/text/well_known_security.txt                           │
+        │                                                                │
+        └────────────────────────────────────────────────────────────────┘
+        "
+    );
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+Contact: https://www.rust-lang.org/policies/security`
	`2`	`+Expires: 2024-05-15T00:00:00.000Z`