Index: openacs-4/packages/acs-tcl/lib/check-installed.adp =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/lib/check-installed.adp,v diff -u -r1.1.2.4 -r1.1.2.5 --- openacs-4/packages/acs-tcl/lib/check-installed.adp 24 Jul 2024 13:25:40 -0000 1.1.2.4 +++ openacs-4/packages/acs-tcl/lib/check-installed.adp 25 Jul 2024 14:24:26 -0000 1.1.2.5 @@ -1,7 +1,12 @@

The configured version of @resource_name@ is @version@ (newest on cdnjs: @newest_version@).
You might check for various versions available upstream. -For this package Snyk provides a vulnerability check. +
Snyk provides + a + vulnerability check for version @version@ and + + checks for all released versions of @resource_name@. +

The configured version of @resource_name@ is installed locally under @resources@. Index: openacs-4/packages/acs-tcl/lib/check-installed.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/lib/check-installed.tcl,v diff -u -r1.3.2.6 -r1.3.2.7 --- openacs-4/packages/acs-tcl/lib/check-installed.tcl 24 Jul 2024 13:25:40 -0000 1.3.2.6 +++ openacs-4/packages/acs-tcl/lib/check-installed.tcl 25 Jul 2024 14:24:26 -0000 1.3.2.7 @@ -27,7 +27,45 @@ set newest_version [::util::resources::cdnjs_get_newest_version -resource_info $resource_info] -foreach url {versionCheckURL vulnerabilityCheckURL} { +# +# In case, we have an explicit versionCheckURL, use this. +# Otherwise, try to derive it from the versionCheckAPI +# +if {[dict exists $resource_info versionCheckURL]} { + set versionCheckURL [dict get $resource_info versionCheckURL] +} elseif {[dict exists $resource_info versionCheckAPI]} { + set versionCheckAPI [dict get $resource_info versionCheckAPI] + dict with versionCheckAPI { + if {$cdn eq "cdnjs"} { + set versionCheckURL https://cdnjs.com/libraries/$library + } + } +} + +ns_log notice "vulnerabilityCheck: [dict exists $resource_info vulnerabilityCheck]" +if {[dict exists $resource_info vulnerabilityCheck]} { + set vulnerabilityCheck [dict get $resource_info vulnerabilityCheck] + dict with vulnerabilityCheck { + switch $service { + snyk { + set vulnerabilityCheckURL https://snyk.io/advisor/npm-package/$library + set vulnerabilityCheckVersionURL https://security.snyk.io/package/npm/$library/$version + set page [::util::resources::http_get_with_default \ + -url $vulnerabilityCheckVersionURL \ + -key snyk-$library/$version] + if {$page eq ""} { + unset vulnerabilityCheckVersionURL + ns_log notice "vulnerabilityCheck: request failed $vulnerabilityCheckVersionURL" + } else { + ns_log notice "vulnerabilityCheck: keep vulnerabilityCheckVersionURL $vulnerabilityCheckVersionURL" + } + } + default "vulnerabilityCheck: unknown service '$service'" + } + } +} + +foreach url {versionCheckURL vulnerabilityCheck} { if {[dict exists $resource_info $url]} { set $url [dict get $resource_info $url] } Index: openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl,v diff -u -r1.189.2.182 -r1.189.2.183 --- openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl 24 Jul 2024 13:25:40 -0000 1.189.2.182 +++ openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl 25 Jul 2024 14:24:26 -0000 1.189.2.183 @@ -4333,6 +4333,44 @@ }] } + ad_proc -private ::util::resources::http_get_with_default { + -url:required + -key:required + {-expires 5m} + {-default {}} + } { + + Run an HTTP request, which might not be always possible (e.g., + when the site has no Internet connection). Therefore, the call + will return a default value. This function is to be called for + non-essential calls, like e.g. obtaining the newest version of + library, etc. The result is cached by defailt for 5 minutes. + + @param url URL for the GET request + @param key cache key + @param expires time how long the entry is to be cached + @param default + @return body of the request + } { + try { + ::acs::misc_cache eval -expires $expires acs-tcl.get_with_default-$key { + set d [ns_http run $url] + if {[dict get $d status] ne 200} { + ns_log warning "request to $url led to unexpected status code: [dict get $d status]" + set result $default + break + } else { + set result [dict get $d body] + } + } + } on ok {result} { + } on error {errorMsg} { + ns_log warning "request to $url led to: $errorMsg" + set result $default + } + return $result + } + ad_proc -public ::util::resources::cdnjs_get_newest_version { {-resource_info:required} } { @@ -4351,14 +4389,14 @@ set library [dict get $versionCheckAPI library] #ns_log notice ... versionCheckAPI $versionCheckAPI installedVersion $installedVersion if {[dict get $versionCheckAPI cdn] eq "cdnjs"} { - set jsonDict [::acs::misc_cache eval -expires 3600 acs-tcl.version_from_cdnjs-$library { - set apiURL [::util::resources::cdnjs_version_API \ - -library $library \ - -count [dict get $versionCheckAPI count]] - ns_log notice "... $library get [dict get $versionCheckAPI count] entries from $apiURL" - set d [ns_http run $apiURL] - set jsonDict [util::json2dict [dict get $d body]] - }] + set url [::util::resources::cdnjs_version_API \ + -library $library \ + -count [dict get $versionCheckAPI count]] + set json [http_get_with_default \ + -url $url \ + -key versionCheck-$library \ + -default {{"results": ""}}] + set jsonDict [util::json2dict $json] #ns_log notice "=== jsonDict $library: $jsonDict" foreach entry [dict get $jsonDict results] { #ns_log notice "... $library compare with '[dict get $entry name]' -> [expr {[dict get $entry name] eq $library}]" @@ -4372,8 +4410,6 @@ return $version } - - ad_proc -public ::util::resources::cdnjs_version_API { {-library:required} {-count:int 1} Index: openacs-4/packages/bootstrap-icons/tcl/resource-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/bootstrap-icons/tcl/resource-procs.tcl,v diff -u -r1.1.2.11 -r1.1.2.12 --- openacs-4/packages/bootstrap-icons/tcl/resource-procs.tcl 23 Jul 2024 16:10:50 -0000 1.1.2.11 +++ openacs-4/packages/bootstrap-icons/tcl/resource-procs.tcl 25 Jul 2024 14:24:26 -0000 1.1.2.12 @@ -102,7 +102,6 @@ downloadURLs https://github.com/twbs/icons/releases/download/v${version}/bootstrap-icons-${version}.zip \ cspMap $cspMap \ urnMap {} \ - versionCheckURL "https://cdnjs.com/libraries?q=bootstrap-icons" \ versionCheckAPI {cdn cdnjs library bootstrap-icons count 1} \ installedVersion $version Index: openacs-4/packages/cookie-consent/tcl/cookie-consent-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/cookie-consent/tcl/cookie-consent-procs.tcl,v diff -u -r1.12.2.12 -r1.12.2.13 --- openacs-4/packages/cookie-consent/tcl/cookie-consent-procs.tcl 24 Jul 2024 16:34:48 -0000 1.12.2.12 +++ openacs-4/packages/cookie-consent/tcl/cookie-consent-procs.tcl 25 Jul 2024 14:24:26 -0000 1.12.2.13 @@ -331,9 +331,8 @@ cssFiles {cookieconsent.min.css} \ jsFiles {cookieconsent.min.js} \ extraFiles {} \ - versionCheckURL https://cdnjs.com/libraries/cookieconsent2 \ versionCheckAPI {cdn cdnjs library cookieconsent2 count 5} \ - vulnerabilityCheckURL https://snyk.io/advisor/npm-package/cookieconsent \ + vulnerabilityCheck {service snyk library cookieconsent2} \ installedVersion $version return $result Index: openacs-4/packages/fa-icons/tcl/resource-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/fa-icons/tcl/resource-procs.tcl,v diff -u -r1.1.2.7 -r1.1.2.8 --- openacs-4/packages/fa-icons/tcl/resource-procs.tcl 23 Jul 2024 16:10:50 -0000 1.1.2.7 +++ openacs-4/packages/fa-icons/tcl/resource-procs.tcl 25 Jul 2024 14:24:26 -0000 1.1.2.8 @@ -90,7 +90,6 @@ downloadURLs https://github.com/FortAwesome/Font-Awesome/releases/download/${version}/fontawesome-free-${version}-web.zip \ cspMap $cspMap \ urnMap {} \ - versionCheckURL https://cdnjs.com/libraries/font-awesome \ versionCheckAPI {cdn cdnjs library font-awesome count 5} \ installedVersion $version Index: openacs-4/packages/highcharts/tcl/resource-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/highcharts/tcl/resource-procs.tcl,v diff -u -r1.1.2.12 -r1.1.2.13 --- openacs-4/packages/highcharts/tcl/resource-procs.tcl 24 Jul 2024 16:31:45 -0000 1.1.2.12 +++ openacs-4/packages/highcharts/tcl/resource-procs.tcl 25 Jul 2024 14:24:26 -0000 1.1.2.13 @@ -93,9 +93,8 @@ }] \ cspMap $cspMap \ urnMap {} \ - versionCheckURL https://cdnjs.com/libraries/highcharts \ versionCheckAPI {cdn cdnjs library highcharts count 5} \ - vulnerabilityCheckURL https://snyk.io/advisor/npm-package/highcharts \ + vulnerabilityCheck {service snyk library highcharts} \ installedVersion $version return $result Index: openacs-4/packages/openacs-bootstrap3-theme/tcl/init-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/openacs-bootstrap3-theme/tcl/init-procs.tcl,v diff -u -r1.5.2.8 -r1.5.2.9 --- openacs-4/packages/openacs-bootstrap3-theme/tcl/init-procs.tcl 24 Jul 2024 16:31:45 -0000 1.5.2.8 +++ openacs-4/packages/openacs-bootstrap3-theme/tcl/init-procs.tcl 25 Jul 2024 14:24:26 -0000 1.5.2.9 @@ -45,7 +45,7 @@ urn:ad:css:bootstrap3 css/bootstrap.min.css urn:ad:js:bootstrap3 js/bootstrap.min.js } \ - vulnerabilityCheckURL https://snyk.io/advisor/npm-package/bootstrap \ + vulnerabilityCheck {service snyk library bootstrap} \ installedVersion $version if {$cdnHost ne ""} { Index: openacs-4/packages/openacs-bootstrap5-theme/tcl/resource-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/openacs-bootstrap5-theme/tcl/resource-procs.tcl,v diff -u -r1.1.2.13 -r1.1.2.14 --- openacs-4/packages/openacs-bootstrap5-theme/tcl/resource-procs.tcl 24 Jul 2024 16:31:45 -0000 1.1.2.13 +++ openacs-4/packages/openacs-bootstrap5-theme/tcl/resource-procs.tcl 25 Jul 2024 14:24:26 -0000 1.1.2.14 @@ -50,9 +50,8 @@ urn:ad:css:bootstrap5 css/bootstrap.min.css urn:ad:js:bootstrap5 js/bootstrap.bundle.min.js } \ - versionCheckURL https://cdnjs.com/libraries/bootstrap \ versionCheckAPI {cdn cdnjs library bootstrap count 1} \ - vulnerabilityCheckURL https://snyk.io/advisor/npm-package/bootstrap \ + vulnerabilityCheck {service snyk library bootstrap} \ installedVersion $version #urn:ad:js:popper2 dist/umd/popper.min.js Index: openacs-4/packages/richtext-ckeditor4/tcl/richtext-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/richtext-ckeditor4/tcl/richtext-procs.tcl,v diff -u -r1.14.2.28 -r1.14.2.29 --- openacs-4/packages/richtext-ckeditor4/tcl/richtext-procs.tcl 24 Jul 2024 17:15:25 -0000 1.14.2.28 +++ openacs-4/packages/richtext-ckeditor4/tcl/richtext-procs.tcl 25 Jul 2024 14:24:26 -0000 1.14.2.29 @@ -260,12 +260,12 @@ extraFiles {} \ downloadURLs http://download.cksource.com/CKEditor/CKEditor/CKEditor%20${version}/ckeditor_${version}_${ck_package}.zip \ urnMap {} \ - versionCheckURL https://cdn.ckeditor.com/ \ plugins { a11yhelp about clipboard dialog image link magicline pastefromgdocs pastefromlibreoffice pastefromword pastetools scayt specialchar table tableselection tabletools widget } \ versionCheckAPI {cdn cdnjs library ckeditor count 20} \ + vulnerabilityCheck {service snyk library ckeditor4} \ installedVersion $version \ return $result Index: openacs-4/packages/richtext-tinymce/tcl/richtext-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/richtext-tinymce/tcl/richtext-procs.tcl,v diff -u -r1.4.2.12 -r1.4.2.13 --- openacs-4/packages/richtext-tinymce/tcl/richtext-procs.tcl 24 Jul 2024 16:31:45 -0000 1.4.2.12 +++ openacs-4/packages/richtext-tinymce/tcl/richtext-procs.tcl 25 Jul 2024 14:24:26 -0000 1.4.2.13 @@ -123,9 +123,8 @@ [::richtext::tinymce::lang_download_url] \ ] \ urnMap {} \ - versionCheckURL https://cdnjs.com/libraries/tinymce \ versionCheckAPI {cdn cdnjs library tinymce count 5} \ - vulnerabilityCheckURL https://snyk.io/advisor/npm-package/tinymce \ + vulnerabilityCheck {service snyk library tinymce} \ installedVersion $version return $result Index: openacs-4/packages/xowiki/tcl/resource-info-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/xowiki/tcl/resource-info-procs.tcl,v diff -u -r1.1.2.6 -r1.1.2.7 --- openacs-4/packages/xowiki/tcl/resource-info-procs.tcl 24 Jul 2024 16:31:45 -0000 1.1.2.6 +++ openacs-4/packages/xowiki/tcl/resource-info-procs.tcl 25 Jul 2024 14:24:26 -0000 1.1.2.7 @@ -40,15 +40,13 @@ cdn $cdn \ cdnHost $cdnHost \ prefix $prefix \ - versionCheckURL https://cdnjs.com/libraries/bootstrap-treeview \ cssFiles {bootstrap-treeview.min.css} \ jsFiles {bootstrap-treeview.min.js} \ extraFiles {} \ urnMap { urn:ad:css:bootstrap3-treeview bootstrap-treeview.min.css urn:ad:js:bootstrap3-treeview bootstrap-treeview.min.js } \ - versionCheckURL https://cdnjs.com/libraries/bootstrap-treeview \ versionCheckAPI {cdn cdnjs library bootstrap-treeview count 1} \ installedVersion $version