Index: openacs-4/packages/acs-tcl/lib/check-installed.adp
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/lib/check-installed.adp,v
diff -u -r1.1.2.4 -r1.1.2.5
--- openacs-4/packages/acs-tcl/lib/check-installed.adp 24 Jul 2024 13:25:40 -0000 1.1.2.4
+++ openacs-4/packages/acs-tcl/lib/check-installed.adp 25 Jul 2024 14:24:26 -0000 1.1.2.5
@@ -1,7 +1,12 @@
The configured version of @resource_name@ is @version@ (newest on cdnjs: @newest_version@).
You might check for various versions available upstream.
-For this package Snyk provides a vulnerability check.
+
Snyk provides
+ a
+ vulnerability check for version @version@ and
+
+ checks for all released versions of @resource_name@.
+
The configured version of @resource_name@ is installed locally
under @resources@.
Index: openacs-4/packages/acs-tcl/lib/check-installed.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/lib/check-installed.tcl,v
diff -u -r1.3.2.6 -r1.3.2.7
--- openacs-4/packages/acs-tcl/lib/check-installed.tcl 24 Jul 2024 13:25:40 -0000 1.3.2.6
+++ openacs-4/packages/acs-tcl/lib/check-installed.tcl 25 Jul 2024 14:24:26 -0000 1.3.2.7
@@ -27,7 +27,45 @@
set newest_version [::util::resources::cdnjs_get_newest_version -resource_info $resource_info]
-foreach url {versionCheckURL vulnerabilityCheckURL} {
+#
+# In case, we have an explicit versionCheckURL, use this.
+# Otherwise, try to derive it from the versionCheckAPI
+#
+if {[dict exists $resource_info versionCheckURL]} {
+ set versionCheckURL [dict get $resource_info versionCheckURL]
+} elseif {[dict exists $resource_info versionCheckAPI]} {
+ set versionCheckAPI [dict get $resource_info versionCheckAPI]
+ dict with versionCheckAPI {
+ if {$cdn eq "cdnjs"} {
+ set versionCheckURL https://cdnjs.com/libraries/$library
+ }
+ }
+}
+
+ns_log notice "vulnerabilityCheck: [dict exists $resource_info vulnerabilityCheck]"
+if {[dict exists $resource_info vulnerabilityCheck]} {
+ set vulnerabilityCheck [dict get $resource_info vulnerabilityCheck]
+ dict with vulnerabilityCheck {
+ switch $service {
+ snyk {
+ set vulnerabilityCheckURL https://snyk.io/advisor/npm-package/$library
+ set vulnerabilityCheckVersionURL https://security.snyk.io/package/npm/$library/$version
+ set page [::util::resources::http_get_with_default \
+ -url $vulnerabilityCheckVersionURL \
+ -key snyk-$library/$version]
+ if {$page eq ""} {
+ unset vulnerabilityCheckVersionURL
+ ns_log notice "vulnerabilityCheck: request failed $vulnerabilityCheckVersionURL"
+ } else {
+ ns_log notice "vulnerabilityCheck: keep vulnerabilityCheckVersionURL $vulnerabilityCheckVersionURL"
+ }
+ }
+ default "vulnerabilityCheck: unknown service '$service'"
+ }
+ }
+}
+
+foreach url {versionCheckURL vulnerabilityCheck} {
if {[dict exists $resource_info $url]} {
set $url [dict get $resource_info $url]
}
Index: openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl,v
diff -u -r1.189.2.182 -r1.189.2.183
--- openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl 24 Jul 2024 13:25:40 -0000 1.189.2.182
+++ openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl 25 Jul 2024 14:24:26 -0000 1.189.2.183
@@ -4333,6 +4333,44 @@
}]
}
+ ad_proc -private ::util::resources::http_get_with_default {
+ -url:required
+ -key:required
+ {-expires 5m}
+ {-default {}}
+ } {
+
+ Run an HTTP request, which might not be always possible (e.g.,
+ when the site has no Internet connection). Therefore, the call
+ will return a default value. This function is to be called for
+ non-essential calls, like e.g. obtaining the newest version of
+ library, etc. The result is cached by defailt for 5 minutes.
+
+ @param url URL for the GET request
+ @param key cache key
+ @param expires time how long the entry is to be cached
+ @param default
+ @return body of the request
+ } {
+ try {
+ ::acs::misc_cache eval -expires $expires acs-tcl.get_with_default-$key {
+ set d [ns_http run $url]
+ if {[dict get $d status] ne 200} {
+ ns_log warning "request to $url led to unexpected status code: [dict get $d status]"
+ set result $default
+ break
+ } else {
+ set result [dict get $d body]
+ }
+ }
+ } on ok {result} {
+ } on error {errorMsg} {
+ ns_log warning "request to $url led to: $errorMsg"
+ set result $default
+ }
+ return $result
+ }
+
ad_proc -public ::util::resources::cdnjs_get_newest_version {
{-resource_info:required}
} {
@@ -4351,14 +4389,14 @@
set library [dict get $versionCheckAPI library]
#ns_log notice ... versionCheckAPI $versionCheckAPI installedVersion $installedVersion
if {[dict get $versionCheckAPI cdn] eq "cdnjs"} {
- set jsonDict [::acs::misc_cache eval -expires 3600 acs-tcl.version_from_cdnjs-$library {
- set apiURL [::util::resources::cdnjs_version_API \
- -library $library \
- -count [dict get $versionCheckAPI count]]
- ns_log notice "... $library get [dict get $versionCheckAPI count] entries from $apiURL"
- set d [ns_http run $apiURL]
- set jsonDict [util::json2dict [dict get $d body]]
- }]
+ set url [::util::resources::cdnjs_version_API \
+ -library $library \
+ -count [dict get $versionCheckAPI count]]
+ set json [http_get_with_default \
+ -url $url \
+ -key versionCheck-$library \
+ -default {{"results": ""}}]
+ set jsonDict [util::json2dict $json]
#ns_log notice "=== jsonDict $library: $jsonDict"
foreach entry [dict get $jsonDict results] {
#ns_log notice "... $library compare with '[dict get $entry name]' -> [expr {[dict get $entry name] eq $library}]"
@@ -4372,8 +4410,6 @@
return $version
}
-
-
ad_proc -public ::util::resources::cdnjs_version_API {
{-library:required}
{-count:int 1}
Index: openacs-4/packages/bootstrap-icons/tcl/resource-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/bootstrap-icons/tcl/resource-procs.tcl,v
diff -u -r1.1.2.11 -r1.1.2.12
--- openacs-4/packages/bootstrap-icons/tcl/resource-procs.tcl 23 Jul 2024 16:10:50 -0000 1.1.2.11
+++ openacs-4/packages/bootstrap-icons/tcl/resource-procs.tcl 25 Jul 2024 14:24:26 -0000 1.1.2.12
@@ -102,7 +102,6 @@
downloadURLs https://github.com/twbs/icons/releases/download/v${version}/bootstrap-icons-${version}.zip \
cspMap $cspMap \
urnMap {} \
- versionCheckURL "https://cdnjs.com/libraries?q=bootstrap-icons" \
versionCheckAPI {cdn cdnjs library bootstrap-icons count 1} \
installedVersion $version
Index: openacs-4/packages/cookie-consent/tcl/cookie-consent-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/cookie-consent/tcl/cookie-consent-procs.tcl,v
diff -u -r1.12.2.12 -r1.12.2.13
--- openacs-4/packages/cookie-consent/tcl/cookie-consent-procs.tcl 24 Jul 2024 16:34:48 -0000 1.12.2.12
+++ openacs-4/packages/cookie-consent/tcl/cookie-consent-procs.tcl 25 Jul 2024 14:24:26 -0000 1.12.2.13
@@ -331,9 +331,8 @@
cssFiles {cookieconsent.min.css} \
jsFiles {cookieconsent.min.js} \
extraFiles {} \
- versionCheckURL https://cdnjs.com/libraries/cookieconsent2 \
versionCheckAPI {cdn cdnjs library cookieconsent2 count 5} \
- vulnerabilityCheckURL https://snyk.io/advisor/npm-package/cookieconsent \
+ vulnerabilityCheck {service snyk library cookieconsent2} \
installedVersion $version
return $result
Index: openacs-4/packages/fa-icons/tcl/resource-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/fa-icons/tcl/resource-procs.tcl,v
diff -u -r1.1.2.7 -r1.1.2.8
--- openacs-4/packages/fa-icons/tcl/resource-procs.tcl 23 Jul 2024 16:10:50 -0000 1.1.2.7
+++ openacs-4/packages/fa-icons/tcl/resource-procs.tcl 25 Jul 2024 14:24:26 -0000 1.1.2.8
@@ -90,7 +90,6 @@
downloadURLs https://github.com/FortAwesome/Font-Awesome/releases/download/${version}/fontawesome-free-${version}-web.zip \
cspMap $cspMap \
urnMap {} \
- versionCheckURL https://cdnjs.com/libraries/font-awesome \
versionCheckAPI {cdn cdnjs library font-awesome count 5} \
installedVersion $version
Index: openacs-4/packages/highcharts/tcl/resource-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/highcharts/tcl/resource-procs.tcl,v
diff -u -r1.1.2.12 -r1.1.2.13
--- openacs-4/packages/highcharts/tcl/resource-procs.tcl 24 Jul 2024 16:31:45 -0000 1.1.2.12
+++ openacs-4/packages/highcharts/tcl/resource-procs.tcl 25 Jul 2024 14:24:26 -0000 1.1.2.13
@@ -93,9 +93,8 @@
}] \
cspMap $cspMap \
urnMap {} \
- versionCheckURL https://cdnjs.com/libraries/highcharts \
versionCheckAPI {cdn cdnjs library highcharts count 5} \
- vulnerabilityCheckURL https://snyk.io/advisor/npm-package/highcharts \
+ vulnerabilityCheck {service snyk library highcharts} \
installedVersion $version
return $result
Index: openacs-4/packages/openacs-bootstrap3-theme/tcl/init-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/openacs-bootstrap3-theme/tcl/init-procs.tcl,v
diff -u -r1.5.2.8 -r1.5.2.9
--- openacs-4/packages/openacs-bootstrap3-theme/tcl/init-procs.tcl 24 Jul 2024 16:31:45 -0000 1.5.2.8
+++ openacs-4/packages/openacs-bootstrap3-theme/tcl/init-procs.tcl 25 Jul 2024 14:24:26 -0000 1.5.2.9
@@ -45,7 +45,7 @@
urn:ad:css:bootstrap3 css/bootstrap.min.css
urn:ad:js:bootstrap3 js/bootstrap.min.js
} \
- vulnerabilityCheckURL https://snyk.io/advisor/npm-package/bootstrap \
+ vulnerabilityCheck {service snyk library bootstrap} \
installedVersion $version
if {$cdnHost ne ""} {
Index: openacs-4/packages/openacs-bootstrap5-theme/tcl/resource-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/openacs-bootstrap5-theme/tcl/resource-procs.tcl,v
diff -u -r1.1.2.13 -r1.1.2.14
--- openacs-4/packages/openacs-bootstrap5-theme/tcl/resource-procs.tcl 24 Jul 2024 16:31:45 -0000 1.1.2.13
+++ openacs-4/packages/openacs-bootstrap5-theme/tcl/resource-procs.tcl 25 Jul 2024 14:24:26 -0000 1.1.2.14
@@ -50,9 +50,8 @@
urn:ad:css:bootstrap5 css/bootstrap.min.css
urn:ad:js:bootstrap5 js/bootstrap.bundle.min.js
} \
- versionCheckURL https://cdnjs.com/libraries/bootstrap \
versionCheckAPI {cdn cdnjs library bootstrap count 1} \
- vulnerabilityCheckURL https://snyk.io/advisor/npm-package/bootstrap \
+ vulnerabilityCheck {service snyk library bootstrap} \
installedVersion $version
#urn:ad:js:popper2 dist/umd/popper.min.js
Index: openacs-4/packages/richtext-ckeditor4/tcl/richtext-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/richtext-ckeditor4/tcl/richtext-procs.tcl,v
diff -u -r1.14.2.28 -r1.14.2.29
--- openacs-4/packages/richtext-ckeditor4/tcl/richtext-procs.tcl 24 Jul 2024 17:15:25 -0000 1.14.2.28
+++ openacs-4/packages/richtext-ckeditor4/tcl/richtext-procs.tcl 25 Jul 2024 14:24:26 -0000 1.14.2.29
@@ -260,12 +260,12 @@
extraFiles {} \
downloadURLs http://download.cksource.com/CKEditor/CKEditor/CKEditor%20${version}/ckeditor_${version}_${ck_package}.zip \
urnMap {} \
- versionCheckURL https://cdn.ckeditor.com/ \
plugins {
a11yhelp about clipboard dialog image link magicline pastefromgdocs pastefromlibreoffice
pastefromword pastetools scayt specialchar table tableselection tabletools widget
} \
versionCheckAPI {cdn cdnjs library ckeditor count 20} \
+ vulnerabilityCheck {service snyk library ckeditor4} \
installedVersion $version \
return $result
Index: openacs-4/packages/richtext-tinymce/tcl/richtext-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/richtext-tinymce/tcl/richtext-procs.tcl,v
diff -u -r1.4.2.12 -r1.4.2.13
--- openacs-4/packages/richtext-tinymce/tcl/richtext-procs.tcl 24 Jul 2024 16:31:45 -0000 1.4.2.12
+++ openacs-4/packages/richtext-tinymce/tcl/richtext-procs.tcl 25 Jul 2024 14:24:26 -0000 1.4.2.13
@@ -123,9 +123,8 @@
[::richtext::tinymce::lang_download_url] \
] \
urnMap {} \
- versionCheckURL https://cdnjs.com/libraries/tinymce \
versionCheckAPI {cdn cdnjs library tinymce count 5} \
- vulnerabilityCheckURL https://snyk.io/advisor/npm-package/tinymce \
+ vulnerabilityCheck {service snyk library tinymce} \
installedVersion $version
return $result
Index: openacs-4/packages/xowiki/tcl/resource-info-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/xowiki/tcl/resource-info-procs.tcl,v
diff -u -r1.1.2.6 -r1.1.2.7
--- openacs-4/packages/xowiki/tcl/resource-info-procs.tcl 24 Jul 2024 16:31:45 -0000 1.1.2.6
+++ openacs-4/packages/xowiki/tcl/resource-info-procs.tcl 25 Jul 2024 14:24:26 -0000 1.1.2.7
@@ -40,15 +40,13 @@
cdn $cdn \
cdnHost $cdnHost \
prefix $prefix \
- versionCheckURL https://cdnjs.com/libraries/bootstrap-treeview \
cssFiles {bootstrap-treeview.min.css} \
jsFiles {bootstrap-treeview.min.js} \
extraFiles {} \
urnMap {
urn:ad:css:bootstrap3-treeview bootstrap-treeview.min.css
urn:ad:js:bootstrap3-treeview bootstrap-treeview.min.js
} \
- versionCheckURL https://cdnjs.com/libraries/bootstrap-treeview \
versionCheckAPI {cdn cdnjs library bootstrap-treeview count 1} \
installedVersion $version