From 68fa11ec60ff6d5349b9e7d4847d579dfce29fa2 Mon Sep 17 00:00:00 2001 From: creitz25 Date: Mon, 27 Mar 2023 16:24:52 +0200 Subject: [PATCH 1/9] #1054 automated security warnings #1054 automated security warnings --- documentation/functions.asciidoc | 15 +++ .../src/main/resources/scripts/command/ide | 3 + scripts/src/main/resources/scripts/functions | 98 +++++++++++++++++++ 3 files changed, 116 insertions(+) diff --git a/documentation/functions.asciidoc b/documentation/functions.asciidoc index e8f87da96..3029813bb 100644 --- a/documentation/functions.asciidoc +++ b/documentation/functions.asciidoc @@ -351,6 +351,15 @@ Updates the PATH variable according to the latest tools installed in the `softwa == Version handling +=== doCheckGitVersion +Determines whether there is an security issue with the active git version, listed in the security file. + +=== doCheckSoftwareSecurityVersion +Determines whether the actual version is contained in the security file for the corresponding tool and print out a message if so. + +=== doCheckVersionRange +Determines whether a version is in a version range. + === doGetNextVersion A version number is passed to the function doGetNextVersion as an argument and the next version number is generated from this by incrementing the last digit by one and outputs it. @@ -379,6 +388,9 @@ The version is saved as `«tool»_VERSION` variable in `settings/devon.propertie Two version numbers are passed to the doVersionCompare function as parameters. If the versions are equal, the function returns 0, if the first version is higher than the second, returns 1, and if the second version is higher than the first, the function returns 2. +=== doVersionWarning +Prints out a message on version security alerts + == Functions on workspaces === doConfigureWorkspace @@ -430,3 +442,6 @@ In this case, it does the handling to `list`, `get`, or `set` the version and ex If -- is passed, a variable is set that prevents further calls of this function and ends with the return value 0. If none of these options are passed, the return value is 255. +=== doTranslateMirrorOptionsToUrlOptions +Translate edition variables from mirrors environment to ide-urls environment. + diff --git a/scripts/src/main/resources/scripts/command/ide b/scripts/src/main/resources/scripts/command/ide index 179e009ad..783b31a6b 100755 --- a/scripts/src/main/resources/scripts/command/ide +++ b/scripts/src/main/resources/scripts/command/ide @@ -492,6 +492,9 @@ case "${DEVON_IDE_HOME}" in ;; esac +git_version="$(git --version | sed -e 's/\.windows\..*$//' | awk '{print $3}')" +doCheckSoftwareSecurityVersion "git" "${git_version}" + # CLI if [ "${1}" = "-h" ] || [ "${1}" = "help" ] then diff --git a/scripts/src/main/resources/scripts/functions b/scripts/src/main/resources/scripts/functions index a8b6f675e..28e166a4c 100644 --- a/scripts/src/main/resources/scripts/functions +++ b/scripts/src/main/resources/scripts/functions @@ -167,6 +167,102 @@ function doEchoInteraction() { echo -e "\033[96m${*}\033[39m" } +# $1: version_start +# $2: version_end +# $3: version +# returns 0 if version_start <= version <= version_end +function doCheckVersionRange() { + local version1="${1}" + local version2="${2}" + local version="${3}" + doVersionCompare "${version}" "${version1}" + check1="${?}" + doVersionCompare "${version2}" "${version}" + check2="${?}" + if [ "${check1}" == "2" ] || [ "${check2}" == "2" ] + then + return 1 + else + return 0 + fi +} + +# $1: software +# $2: version +# return 1 if version is found in tool's security file +function doCheckSoftwareSecurityVersion() { + local software="${1}" + local version="${2}" + local security_file + local check="0" + local line="" + local myfirst + local mylast + if [ -d "${DEVON_IDE_HOME}/ide-urls" ] + then + if [ "${software}" == "git" ] + then + edition="git" + else + if [ -z "${edition}" ] + then + edition="${software}" + fi + doTranslateMirrorOptionsToUrlOptions + fi + security_file="${DEVON_IDE_HOME}/ide-urls/${software}/${edition}/security" + else + security_file="${DEVON_IDE_HOME}/mirrors/${software}/security" + fi + if [ -f "${security_file}" ] + then + while IFS= read -r line + do + myfirst="$(echo "${line}" | cut -d'>' -f 1)" + mylast="$(echo "${line}" | cut -d'>' -f 2)" + doCheckVersionRange "${myfirst}" "${mylast}" "${version}" + if [ "${?}" == "0" ] + then + check="1" + fi + done < "${security_file}" + if [ "${check}" == "1" ] + then + mymessage="You are using the tool ${software} in version ${version} that has vulnerabilities. Please update the tool to state safe and secure.\nFor further details and recent information have a look at the following webpage:\nhttps://github.com/devonfw/ide/blob/master/documentation/vulnerabilities.asciidoc\n\n" + doVersionWarning "${mymessage}" + fi + fi +} + +# $1: message +function doVersionWarning() { + local message="${1}" + doWarning "${message}" +} + +function doTranslateMirrorOptionsToUrlOptions() { + if [ -n "${INTELLIJ_EDITION_TYPE}" ] + then + case "${INTELLIJ_EDITION_TYPE}" in + "c"|"C") # shellcheck disable=SC2034 + INTELLIJ_EDITION="community";; + + "u"|"U") # shellcheck disable=SC2034 + INTELLIJ_EDITION="ultimate";; + esac + fi + if [ -n "${ECLIPSE_EDITION_TYPE}" ] + then + # shellcheck disable=SC2034 + ECLIPSE_EDITION="${ECLIPSE_EDITION_TYPE}" + fi + if [ -n "${DOCKER_EDITION}" ] + then + # shellcheck disable=SC2034 + DOCKER_EDITION="docker" + fi +} + function doDebug() { if ! doIsDebug then @@ -1418,6 +1514,8 @@ function doInstall() { then doRunCommand "${TOOL_VERSION_COMMAND}" "verify installation of ${software}" fi + + doCheckSoftwareSecurityVersion "${software}" "${version}" return ${result} } From f9ce12cac4f1726dccdc1e14cf9c4f68c0ff4f75 Mon Sep 17 00:00:00 2001 From: creitz25 Date: Mon, 27 Mar 2023 16:34:03 +0200 Subject: [PATCH 2/9] #1054 automated security warnings #1054 automated security warnings --- documentation/functions.asciidoc | 3 --- 1 file changed, 3 deletions(-) diff --git a/documentation/functions.asciidoc b/documentation/functions.asciidoc index 3029813bb..b83df5a7f 100644 --- a/documentation/functions.asciidoc +++ b/documentation/functions.asciidoc @@ -351,9 +351,6 @@ Updates the PATH variable according to the latest tools installed in the `softwa == Version handling -=== doCheckGitVersion -Determines whether there is an security issue with the active git version, listed in the security file. - === doCheckSoftwareSecurityVersion Determines whether the actual version is contained in the security file for the corresponding tool and print out a message if so. From 541323c89f5825b4748255f85dfb5e6555f2a61e Mon Sep 17 00:00:00 2001 From: creitz25 Date: Mon, 27 Mar 2023 17:15:39 +0200 Subject: [PATCH 3/9] #1054 automated security warnings #1054 automated security warnings --- scripts/src/main/resources/scripts/functions | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/scripts/src/main/resources/scripts/functions b/scripts/src/main/resources/scripts/functions index 28e166a4c..0325dcdcb 100644 --- a/scripts/src/main/resources/scripts/functions +++ b/scripts/src/main/resources/scripts/functions @@ -193,6 +193,7 @@ function doCheckVersionRange() { function doCheckSoftwareSecurityVersion() { local software="${1}" local version="${2}" + local edition="${3}" local security_file local check="0" local line="" @@ -200,14 +201,10 @@ function doCheckSoftwareSecurityVersion() { local mylast if [ -d "${DEVON_IDE_HOME}/ide-urls" ] then - if [ "${software}" == "git" ] - then - edition="git" + if [ -z "${edition}" ] + then + edition="${software}" else - if [ -z "${edition}" ] - then - edition="${software}" - fi doTranslateMirrorOptionsToUrlOptions fi security_file="${DEVON_IDE_HOME}/ide-urls/${software}/${edition}/security" @@ -1515,7 +1512,7 @@ function doInstall() { doRunCommand "${TOOL_VERSION_COMMAND}" "verify installation of ${software}" fi - doCheckSoftwareSecurityVersion "${software}" "${version}" + doCheckSoftwareSecurityVersion "${software}" "${version}" "${edition}" return ${result} } From 107903d18706691aa7599851b81aeab04bb1ba43 Mon Sep 17 00:00:00 2001 From: creitz25 Date: Mon, 27 Mar 2023 19:00:31 +0200 Subject: [PATCH 4/9] #1054 automated security warnings #1054 automated security warnings --- documentation/functions.asciidoc | 6 +-- scripts/src/main/resources/scripts/functions | 51 +++++++++++--------- 2 files changed, 32 insertions(+), 25 deletions(-) diff --git a/documentation/functions.asciidoc b/documentation/functions.asciidoc index b83df5a7f..d10814c4c 100644 --- a/documentation/functions.asciidoc +++ b/documentation/functions.asciidoc @@ -377,6 +377,9 @@ If this is the case, it ends with the return value `0` otherwise `1`. === doListSoftwareVersions Takes the name of the tool as a parameter and displays the available versions. +=== doReportVersionSecurityWarning +Prints out a message on version security alerts. + === doSetSoftwareVersion Used to set a specific version of a software tool, and requires 2 parameters: the name of the software tool and the desired version. The version is saved as `«tool»_VERSION` variable in `settings/devon.properties`. @@ -385,9 +388,6 @@ The version is saved as `«tool»_VERSION` variable in `settings/devon.propertie Two version numbers are passed to the doVersionCompare function as parameters. If the versions are equal, the function returns 0, if the first version is higher than the second, returns 1, and if the second version is higher than the first, the function returns 2. -=== doVersionWarning -Prints out a message on version security alerts - == Functions on workspaces === doConfigureWorkspace diff --git a/scripts/src/main/resources/scripts/functions b/scripts/src/main/resources/scripts/functions index 0325dcdcb..efb058bbb 100644 --- a/scripts/src/main/resources/scripts/functions +++ b/scripts/src/main/resources/scripts/functions @@ -167,17 +167,17 @@ function doEchoInteraction() { echo -e "\033[96m${*}\033[39m" } -# $1: version_start -# $2: version_end -# $3: version -# returns 0 if version_start <= version <= version_end +# $1: first_range_version +# $2: version +# $3: last_range_version +# returns 0 if first_range_version <= version <= last_range_version function doCheckVersionRange() { - local version1="${1}" - local version2="${2}" - local version="${3}" - doVersionCompare "${version}" "${version1}" + local first_range_version="${1}" + local version="${2}" + local last_range_version="${3}" + doVersionCompare "${version}" "${first_range_version}" check1="${?}" - doVersionCompare "${version2}" "${version}" + doVersionCompare "${last_range_version}" "${version}" check2="${?}" if [ "${check1}" == "2" ] || [ "${check2}" == "2" ] then @@ -197,9 +197,9 @@ function doCheckSoftwareSecurityVersion() { local security_file local check="0" local line="" - local myfirst - local mylast - if [ -d "${DEVON_IDE_HOME}/ide-urls" ] + local first_version + local last_last + if [ -d "${DEVON_IDE_HOME}/urls" ] then if [ -z "${edition}" ] then @@ -207,17 +207,15 @@ function doCheckSoftwareSecurityVersion() { else doTranslateMirrorOptionsToUrlOptions fi - security_file="${DEVON_IDE_HOME}/ide-urls/${software}/${edition}/security" - else - security_file="${DEVON_IDE_HOME}/mirrors/${software}/security" + security_file="${DEVON_IDE_HOME}/urls/${software}/${edition}/security" fi if [ -f "${security_file}" ] then while IFS= read -r line do - myfirst="$(echo "${line}" | cut -d'>' -f 1)" - mylast="$(echo "${line}" | cut -d'>' -f 2)" - doCheckVersionRange "${myfirst}" "${mylast}" "${version}" + first_version="$(echo "${line}" | cut -d'>' -f 1)" + last_version="$(echo "${line}" | cut -d'>' -f 2)" + doCheckVersionRange "${first_version}" "${version}" "${last_version}" if [ "${?}" == "0" ] then check="1" @@ -225,14 +223,19 @@ function doCheckSoftwareSecurityVersion() { done < "${security_file}" if [ "${check}" == "1" ] then - mymessage="You are using the tool ${software} in version ${version} that has vulnerabilities. Please update the tool to state safe and secure.\nFor further details and recent information have a look at the following webpage:\nhttps://github.com/devonfw/ide/blob/master/documentation/vulnerabilities.asciidoc\n\n" - doVersionWarning "${mymessage}" + if [ -z "${edition}" ] + then + mymessage="You are using the tool ${software} in version ${version} that has vulnerabilities. Please update the tool to state safe and secure.\nFor further details and recent information have a look at the following webpage:\nhttps://github.com/devonfw/ide/blob/master/documentation/vulnerabilities.asciidoc\n\n" + else + mymessage="You are using the tool ${software}, edition ${edition} in version ${version} that has vulnerabilities. Please update the tool to state safe and secure.\nFor further details and recent information have a look at the following webpage:\nhttps://github.com/devonfw/ide/blob/master/documentation/vulnerabilities.asciidoc\n\n" + fi + doReportVersionSecurityWarning "${mymessage}" fi fi } # $1: message -function doVersionWarning() { +function doReportVersionSecurityWarning() { local message="${1}" doWarning "${message}" } @@ -256,7 +259,11 @@ function doTranslateMirrorOptionsToUrlOptions() { if [ -n "${DOCKER_EDITION}" ] then # shellcheck disable=SC2034 - DOCKER_EDITION="docker" + case ${DOCKER_EDITION} in + DOCKERDESKTOP) DOCKER_EDITION="docker";; + docker) DOCKER_EDITION="docker";; + *) DOCKER_EDITION="rancher";; + esac fi } From 1f154cbd1c1b2296cb0d30aa2ed11b26edd3f0fe Mon Sep 17 00:00:00 2001 From: creitz25 Date: Mon, 27 Mar 2023 19:17:49 +0200 Subject: [PATCH 5/9] #1054 automated security warnings #1054 automated security warnings --- scripts/src/main/resources/scripts/functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/src/main/resources/scripts/functions b/scripts/src/main/resources/scripts/functions index efb058bbb..b83384067 100644 --- a/scripts/src/main/resources/scripts/functions +++ b/scripts/src/main/resources/scripts/functions @@ -198,7 +198,7 @@ function doCheckSoftwareSecurityVersion() { local check="0" local line="" local first_version - local last_last + local last_version if [ -d "${DEVON_IDE_HOME}/urls" ] then if [ -z "${edition}" ] From afc8a490740107a49fa0b91d214225c6fbf6b2f3 Mon Sep 17 00:00:00 2001 From: creitz25 Date: Tue, 28 Mar 2023 09:00:00 +0200 Subject: [PATCH 6/9] #1054 automated security warnings #1054 automated security warnings --- documentation/functions.asciidoc | 3 -- scripts/src/main/resources/scripts/functions | 29 -------------------- 2 files changed, 32 deletions(-) diff --git a/documentation/functions.asciidoc b/documentation/functions.asciidoc index d10814c4c..15f9af1ad 100644 --- a/documentation/functions.asciidoc +++ b/documentation/functions.asciidoc @@ -439,6 +439,3 @@ In this case, it does the handling to `list`, `get`, or `set` the version and ex If -- is passed, a variable is set that prevents further calls of this function and ends with the return value 0. If none of these options are passed, the return value is 255. -=== doTranslateMirrorOptionsToUrlOptions -Translate edition variables from mirrors environment to ide-urls environment. - diff --git a/scripts/src/main/resources/scripts/functions b/scripts/src/main/resources/scripts/functions index b83384067..5e7c55e57 100644 --- a/scripts/src/main/resources/scripts/functions +++ b/scripts/src/main/resources/scripts/functions @@ -204,8 +204,6 @@ function doCheckSoftwareSecurityVersion() { if [ -z "${edition}" ] then edition="${software}" - else - doTranslateMirrorOptionsToUrlOptions fi security_file="${DEVON_IDE_HOME}/urls/${software}/${edition}/security" fi @@ -240,33 +238,6 @@ function doReportVersionSecurityWarning() { doWarning "${message}" } -function doTranslateMirrorOptionsToUrlOptions() { - if [ -n "${INTELLIJ_EDITION_TYPE}" ] - then - case "${INTELLIJ_EDITION_TYPE}" in - "c"|"C") # shellcheck disable=SC2034 - INTELLIJ_EDITION="community";; - - "u"|"U") # shellcheck disable=SC2034 - INTELLIJ_EDITION="ultimate";; - esac - fi - if [ -n "${ECLIPSE_EDITION_TYPE}" ] - then - # shellcheck disable=SC2034 - ECLIPSE_EDITION="${ECLIPSE_EDITION_TYPE}" - fi - if [ -n "${DOCKER_EDITION}" ] - then - # shellcheck disable=SC2034 - case ${DOCKER_EDITION} in - DOCKERDESKTOP) DOCKER_EDITION="docker";; - docker) DOCKER_EDITION="docker";; - *) DOCKER_EDITION="rancher";; - esac - fi -} - function doDebug() { if ! doIsDebug then From d8862cd224a73a823679bbf6b86eb6b252b69621 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Hohwiller?= Date: Tue, 28 Mar 2023 10:54:03 +0200 Subject: [PATCH 7/9] constructive review --- scripts/src/main/resources/scripts/functions | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/src/main/resources/scripts/functions b/scripts/src/main/resources/scripts/functions index 5e7c55e57..385c715b3 100644 --- a/scripts/src/main/resources/scripts/functions +++ b/scripts/src/main/resources/scripts/functions @@ -189,6 +189,7 @@ function doCheckVersionRange() { # $1: software # $2: version +# $3: edition # return 1 if version is found in tool's security file function doCheckSoftwareSecurityVersion() { local software="${1}" From dbb9018d1417647cfaca357b19daa82ec5dac23c Mon Sep 17 00:00:00 2001 From: creitz25 Date: Tue, 28 Mar 2023 15:18:22 +0200 Subject: [PATCH 8/9] #1054 automated security warnings #1054 automated security warnings --- scripts/src/main/resources/scripts/functions | 31 +++++++++----------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/scripts/src/main/resources/scripts/functions b/scripts/src/main/resources/scripts/functions index 5e7c55e57..687636e06 100644 --- a/scripts/src/main/resources/scripts/functions +++ b/scripts/src/main/resources/scripts/functions @@ -175,21 +175,21 @@ function doCheckVersionRange() { local first_range_version="${1}" local version="${2}" local last_range_version="${3}" - doVersionCompare "${version}" "${first_range_version}" + doVersionCompare "${first_range_version}" "${version}" check1="${?}" - doVersionCompare "${last_range_version}" "${version}" + doVersionCompare "${version}" "${last_range_version}" check2="${?}" - if [ "${check1}" == "2" ] || [ "${check2}" == "2" ] + if [ "${check1}" != "1" ] && [ "${check2}" != "1" ] then - return 1 - else return 0 + else + return 1 fi } # $1: software # $2: version -# return 1 if version is found in tool's security file +# $3: edition function doCheckSoftwareSecurityVersion() { local software="${1}" local version="${2}" @@ -199,14 +199,12 @@ function doCheckSoftwareSecurityVersion() { local line="" local first_version local last_version - if [ -d "${DEVON_IDE_HOME}/urls" ] + local software_info=${software} + if [ -z "${edition}" ] then - if [ -z "${edition}" ] - then - edition="${software}" - fi - security_file="${DEVON_IDE_HOME}/urls/${software}/${edition}/security" + edition="${software}" fi + security_file="${DEVON_IDE_HOME}/urls/${software}/${edition}/security" if [ -f "${security_file}" ] then while IFS= read -r line @@ -221,12 +219,11 @@ function doCheckSoftwareSecurityVersion() { done < "${security_file}" if [ "${check}" == "1" ] then - if [ -z "${edition}" ] + if [ "${edition}" != "${software}" ] then - mymessage="You are using the tool ${software} in version ${version} that has vulnerabilities. Please update the tool to state safe and secure.\nFor further details and recent information have a look at the following webpage:\nhttps://github.com/devonfw/ide/blob/master/documentation/vulnerabilities.asciidoc\n\n" - else - mymessage="You are using the tool ${software}, edition ${edition} in version ${version} that has vulnerabilities. Please update the tool to state safe and secure.\nFor further details and recent information have a look at the following webpage:\nhttps://github.com/devonfw/ide/blob/master/documentation/vulnerabilities.asciidoc\n\n" - fi +   software_info = "${software} with edition ${edition}" + fi + mymessage="You are using the tool ${software_info} in version ${version} that has vulnerabilities. Please update the tool to state safe and secure.\nFor further details and recent information have a look at the following webpage:\nhttps://github.com/devonfw/ide/blob/master/documentation/vulnerabilities.asciidoc\n\n" doReportVersionSecurityWarning "${mymessage}" fi fi From ca1a09cbabbfccd12b40b4757fa92d81ef02fbbb Mon Sep 17 00:00:00 2001 From: creitz25 Date: Tue, 28 Mar 2023 15:29:05 +0200 Subject: [PATCH 9/9] #1054 automated security warnings #1054 automated security warnings --- scripts/src/main/resources/scripts/functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/src/main/resources/scripts/functions b/scripts/src/main/resources/scripts/functions index 687636e06..db3c40967 100644 --- a/scripts/src/main/resources/scripts/functions +++ b/scripts/src/main/resources/scripts/functions @@ -199,7 +199,7 @@ function doCheckSoftwareSecurityVersion() { local line="" local first_version local last_version - local software_info=${software} + local software_info="${software}" if [ -z "${edition}" ] then edition="${software}" @@ -221,7 +221,7 @@ function doCheckSoftwareSecurityVersion() { then if [ "${edition}" != "${software}" ] then -   software_info = "${software} with edition ${edition}" + software_info="${software} with edition ${edition}" fi mymessage="You are using the tool ${software_info} in version ${version} that has vulnerabilities. Please update the tool to state safe and secure.\nFor further details and recent information have a look at the following webpage:\nhttps://github.com/devonfw/ide/blob/master/documentation/vulnerabilities.asciidoc\n\n" doReportVersionSecurityWarning "${mymessage}"