Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

#1054 automated security warnings #1083

Merged
merged 10 commits into from
Mar 28, 2023
Merged
9 changes: 9 additions & 0 deletions documentation/functions.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -351,6 +351,12 @@ Updates the PATH variable according to the latest tools installed in the `softwa

== Version handling

=== doCheckSoftwareSecurityVersion
Determines whether the actual version is contained in the security file for the corresponding tool and print out a message if so.

=== doCheckVersionRange
Determines whether a version is in a version range.
CREITZ25 marked this conversation as resolved.
Show resolved Hide resolved

=== doGetNextVersion
A version number is passed to the function doGetNextVersion as an argument and the next version number is generated from this by incrementing the last digit by one and outputs it.

Expand All @@ -371,6 +377,9 @@ If this is the case, it ends with the return value `0` otherwise `1`.
=== doListSoftwareVersions
Takes the name of the tool as a parameter and displays the available versions.

=== doReportVersionSecurityWarning
Prints out a message on version security alerts.

=== doSetSoftwareVersion
Used to set a specific version of a software tool, and requires 2 parameters: the name of the software tool and the desired version.
The version is saved as `«tool»_VERSION` variable in `settings/devon.properties`.
Expand Down
3 changes: 3 additions & 0 deletions scripts/src/main/resources/scripts/command/ide
Original file line number Diff line number Diff line change
Expand Up @@ -492,6 +492,9 @@ case "${DEVON_IDE_HOME}" in
;;
esac

git_version="$(git --version | sed -e 's/\.windows\..*$//' | awk '{print $3}')"
doCheckSoftwareSecurityVersion "git" "${git_version}"

# CLI
if [ "${1}" = "-h" ] || [ "${1}" = "help" ]
then
Expand Down
70 changes: 70 additions & 0 deletions scripts/src/main/resources/scripts/functions
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,74 @@ function doEchoInteraction() {
echo -e "\033[96m${*}\033[39m"
}

# $1: first_range_version
# $2: version
# $3: last_range_version
# returns 0 if first_range_version <= version <= last_range_version
function doCheckVersionRange() {
local first_range_version="${1}"
local version="${2}"
local last_range_version="${3}"
doVersionCompare "${first_range_version}" "${version}"
check1="${?}"
doVersionCompare "${version}" "${last_range_version}"
check2="${?}"
if [ "${check1}" != "1" ] && [ "${check2}" != "1" ]
then
return 0
else
return 1
fi
}

# $1: software
# $2: version
# $3: edition
function doCheckSoftwareSecurityVersion() {
local software="${1}"
local version="${2}"
local edition="${3}"
local security_file
local check="0"
local line=""
local first_version
local last_version
local software_info="${software}"
if [ -z "${edition}" ]
then
edition="${software}"
fi
security_file="${DEVON_IDE_HOME}/urls/${software}/${edition}/security"
if [ -f "${security_file}" ]
then
while IFS= read -r line
do
first_version="$(echo "${line}" | cut -d'>' -f 1)"
last_version="$(echo "${line}" | cut -d'>' -f 2)"
doCheckVersionRange "${first_version}" "${version}" "${last_version}"
if [ "${?}" == "0" ]
then
check="1"
fi
done < "${security_file}"
if [ "${check}" == "1" ]
then
if [ "${edition}" != "${software}" ]
then
software_info="${software} with edition ${edition}"
fi
mymessage="You are using the tool ${software_info} in version ${version} that has vulnerabilities. Please update the tool to state safe and secure.\nFor further details and recent information have a look at the following webpage:\nhttps://github.com/devonfw/ide/blob/master/documentation/vulnerabilities.asciidoc\n\n"
doReportVersionSecurityWarning "${mymessage}"
fi
fi
}

# $1: message
function doReportVersionSecurityWarning() {
local message="${1}"
doWarning "${message}"
}

function doDebug() {
if ! doIsDebug
then
Expand Down Expand Up @@ -1418,6 +1486,8 @@ function doInstall() {
then
doRunCommand "${TOOL_VERSION_COMMAND}" "verify installation of ${software}"
fi

doCheckSoftwareSecurityVersion "${software}" "${version}" "${edition}"
return ${result}
}

Expand Down