From eed28c7525b23e6284981f724aeba86dee5a9673 Mon Sep 17 00:00:00 2001 From: Carsten Reitz <95033856+CREITZ25@users.noreply.github.com> Date: Tue, 28 Mar 2023 16:49:43 +0200 Subject: [PATCH] #1054: automated security warnings (#1083) --- documentation/functions.asciidoc | 9 +++ .../src/main/resources/scripts/command/ide | 3 + scripts/src/main/resources/scripts/functions | 70 +++++++++++++++++++ 3 files changed, 82 insertions(+) diff --git a/documentation/functions.asciidoc b/documentation/functions.asciidoc index e8f87da96..15f9af1ad 100644 --- a/documentation/functions.asciidoc +++ b/documentation/functions.asciidoc @@ -351,6 +351,12 @@ Updates the PATH variable according to the latest tools installed in the `softwa == Version handling +=== doCheckSoftwareSecurityVersion +Determines whether the actual version is contained in the security file for the corresponding tool and print out a message if so. + +=== doCheckVersionRange +Determines whether a version is in a version range. + === doGetNextVersion A version number is passed to the function doGetNextVersion as an argument and the next version number is generated from this by incrementing the last digit by one and outputs it. @@ -371,6 +377,9 @@ If this is the case, it ends with the return value `0` otherwise `1`. === doListSoftwareVersions Takes the name of the tool as a parameter and displays the available versions. +=== doReportVersionSecurityWarning +Prints out a message on version security alerts. + === doSetSoftwareVersion Used to set a specific version of a software tool, and requires 2 parameters: the name of the software tool and the desired version. The version is saved as `«tool»_VERSION` variable in `settings/devon.properties`. diff --git a/scripts/src/main/resources/scripts/command/ide b/scripts/src/main/resources/scripts/command/ide index 179e009ad..783b31a6b 100755 --- a/scripts/src/main/resources/scripts/command/ide +++ b/scripts/src/main/resources/scripts/command/ide @@ -492,6 +492,9 @@ case "${DEVON_IDE_HOME}" in ;; esac +git_version="$(git --version | sed -e 's/\.windows\..*$//' | awk '{print $3}')" +doCheckSoftwareSecurityVersion "git" "${git_version}" + # CLI if [ "${1}" = "-h" ] || [ "${1}" = "help" ] then diff --git a/scripts/src/main/resources/scripts/functions b/scripts/src/main/resources/scripts/functions index a8b6f675e..db3c40967 100644 --- a/scripts/src/main/resources/scripts/functions +++ b/scripts/src/main/resources/scripts/functions @@ -167,6 +167,74 @@ function doEchoInteraction() { echo -e "\033[96m${*}\033[39m" } +# $1: first_range_version +# $2: version +# $3: last_range_version +# returns 0 if first_range_version <= version <= last_range_version +function doCheckVersionRange() { + local first_range_version="${1}" + local version="${2}" + local last_range_version="${3}" + doVersionCompare "${first_range_version}" "${version}" + check1="${?}" + doVersionCompare "${version}" "${last_range_version}" + check2="${?}" + if [ "${check1}" != "1" ] && [ "${check2}" != "1" ] + then + return 0 + else + return 1 + fi +} + +# $1: software +# $2: version +# $3: edition +function doCheckSoftwareSecurityVersion() { + local software="${1}" + local version="${2}" + local edition="${3}" + local security_file + local check="0" + local line="" + local first_version + local last_version + local software_info="${software}" + if [ -z "${edition}" ] + then + edition="${software}" + fi + security_file="${DEVON_IDE_HOME}/urls/${software}/${edition}/security" + if [ -f "${security_file}" ] + then + while IFS= read -r line + do + first_version="$(echo "${line}" | cut -d'>' -f 1)" + last_version="$(echo "${line}" | cut -d'>' -f 2)" + doCheckVersionRange "${first_version}" "${version}" "${last_version}" + if [ "${?}" == "0" ] + then + check="1" + fi + done < "${security_file}" + if [ "${check}" == "1" ] + then + if [ "${edition}" != "${software}" ] + then + software_info="${software} with edition ${edition}" + fi + mymessage="You are using the tool ${software_info} in version ${version} that has vulnerabilities. Please update the tool to state safe and secure.\nFor further details and recent information have a look at the following webpage:\nhttps://github.com/devonfw/ide/blob/master/documentation/vulnerabilities.asciidoc\n\n" + doReportVersionSecurityWarning "${mymessage}" + fi + fi +} + +# $1: message +function doReportVersionSecurityWarning() { + local message="${1}" + doWarning "${message}" +} + function doDebug() { if ! doIsDebug then @@ -1418,6 +1486,8 @@ function doInstall() { then doRunCommand "${TOOL_VERSION_COMMAND}" "verify installation of ${software}" fi + + doCheckSoftwareSecurityVersion "${software}" "${version}" "${edition}" return ${result} }