#1054 automated security warnings

documentation/functions.asciidoc

@@ -351,6 +351,12 @@ Updates the PATH variable according to the latest tools installed in the `softwa
 
 == Version handling
 
+=== doCheckSoftwareSecurityVersion
+Determines whether the actual version is contained in the security file for the corresponding tool and print out a message if so.
+
+=== doCheckVersionRange
+Determines whether a version is in a version range.
+
 === doGetNextVersion
 A version number is passed to the function doGetNextVersion as an argument and the next version number is generated from this by incrementing the last digit by one and outputs it.
 
@@ -379,6 +385,9 @@ The version is saved as `«tool»_VERSION` variable in `settings/devon.propertie
 Two version numbers are passed to the doVersionCompare function as parameters.
 If the versions are equal, the function returns 0, if the first version is higher than the second, returns 1, and if the second version is higher than the first, the function returns 2.
 
+=== doVersionWarning
+Prints out a message on version security alerts
+
 == Functions on workspaces
 
 === doConfigureWorkspace
@@ -430,3 +439,6 @@ In this case, it does the handling to `list`, `get`, or `set` the version and ex
 If -- is passed, a variable is set that prevents further calls of this function and ends with the return value 0.
 If none of these options are passed, the return value is 255.
 
+=== doTranslateMirrorOptionsToUrlOptions
+Translate edition variables from mirrors environment to ide-urls environment.
+

scripts/src/main/resources/scripts/command/ide

@@ -492,6 +492,9 @@ case "${DEVON_IDE_HOME}" in
    ;;
 esac
 
+git_version="$(git --version | sed -e 's/\.windows\..*$//' | awk '{print $3}')"
+doCheckSoftwareSecurityVersion "git" "${git_version}"
+
 # CLI
 if [ "${1}" = "-h" ] || [ "${1}" = "help" ]
 then

scripts/src/main/resources/scripts/functions

@@ -167,6 +167,99 @@ function doEchoInteraction() {
   echo -e "\033[96m${*}\033[39m"
 }
 
+# $1: version_start
+# $2: version_end
+# $3: version
+# returns 0 if version_start <= version <= version_end
+function doCheckVersionRange() {
+  local version1="${1}"
+  local version2="${2}"
+  local version="${3}"
+  doVersionCompare "${version}" "${version1}"
+  check1="${?}"
+  doVersionCompare "${version2}" "${version}"
+  check2="${?}"
+  if [ "${check1}" == "2" ] || [ "${check2}" == "2" ] 
+  then
+    return 1
+  else 
+    return 0
+  fi
+}
+
+# $1: software
+# $2: version
+# return 1 if version is found in tool's security file
+function doCheckSoftwareSecurityVersion() {
+  local software="${1}"
+  local version="${2}"
+  local edition="${3}"
+  local security_file
+  local check="0"
+  local line=""
+  local myfirst
+  local mylast
+  if [ -d "${DEVON_IDE_HOME}/ide-urls" ]
+  then
+    if [ -z "${edition}" ]
+    then
+      edition="${software}"
+    else
+      doTranslateMirrorOptionsToUrlOptions
+    fi
+    security_file="${DEVON_IDE_HOME}/ide-urls/${software}/${edition}/security"
+  else
+    security_file="${DEVON_IDE_HOME}/mirrors/${software}/security"
+  fi
+  if [ -f "${security_file}" ]
+  then
+    while IFS= read -r line
+    do
+      myfirst="$(echo "${line}" | cut -d'>' -f 1)"
+      mylast="$(echo "${line}" | cut -d'>' -f 2)"
+      doCheckVersionRange "${myfirst}" "${mylast}" "${version}"
+      if [ "${?}" == "0" ]
+      then
+        check="1"
+      fi
+    done < "${security_file}"
+    if [ "${check}" == "1" ]
+    then
+      mymessage="You are using the tool ${software} in version ${version} that has vulnerabilities. Please update the tool to state safe and secure.\nFor further details and recent information have a look at the following webpage:\nhttps://github.com/devonfw/ide/blob/master/documentation/vulnerabilities.asciidoc\n\n"
+      doVersionWarning "${mymessage}"
+    fi
+  fi
+}
+
+# $1: message
+function doVersionWarning() {
+  local message="${1}"
+  doWarning "${message}"
+}
+
+function doTranslateMirrorOptionsToUrlOptions() {
+  if [ -n "${INTELLIJ_EDITION_TYPE}" ]
+  then
+    case "${INTELLIJ_EDITION_TYPE}" in
+      "c"|"C") # shellcheck disable=SC2034
+               INTELLIJ_EDITION="community";;
+
+      "u"|"U") # shellcheck disable=SC2034
+               INTELLIJ_EDITION="ultimate";;
+    esac
+  fi
+  if [ -n "${ECLIPSE_EDITION_TYPE}" ]
+  then
+    # shellcheck disable=SC2034
+    ECLIPSE_EDITION="${ECLIPSE_EDITION_TYPE}"
+  fi
+  if [ -n "${DOCKER_EDITION}" ]
+  then
+    # shellcheck disable=SC2034
+    DOCKER_EDITION="docker"
+  fi
+}
+
 function doDebug() {
   if ! doIsDebug
   then
@@ -1418,6 +1511,8 @@ function doInstall() {
   then
     doRunCommand "${TOOL_VERSION_COMMAND}" "verify installation of ${software}"
   fi
+
+  doCheckSoftwareSecurityVersion "${software}" "${version}" "${edition}"
   return ${result}
 }