Index: openacs-4/packages/acs-tcl/acs-tcl.info =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/acs-tcl.info,v diff -u -r1.95.2.70 -r1.95.2.71 --- openacs-4/packages/acs-tcl/acs-tcl.info 24 Jul 2024 13:25:40 -0000 1.95.2.70 +++ openacs-4/packages/acs-tcl/acs-tcl.info 5 Aug 2024 14:42:53 -0000 1.95.2.71 @@ -9,7 +9,7 @@ <implements-subsite-p>f</implements-subsite-p> <inherit-templates-p>t</inherit-templates-p> - <version name="5.10.1b6" url="http://openacs.org/repository/download/apm/acs-tcl-5.10.1b6.apm"> + <version name="5.10.1b7" url="http://openacs.org/repository/download/apm/acs-tcl-5.10.1b7.apm"> <owner url="http://openacs.org">OpenACS</owner> <summary>The Kernel Tcl API library.</summary> <release-date>2023-05-15</release-date> @@ -18,7 +18,7 @@ <license>GPL version 2</license> <maturity>3</maturity> - <provides url="acs-tcl" version="5.10.1b6"/> + <provides url="acs-tcl" version="5.10.1b7"/> <requires url="acs-bootstrap-installer" version="5.10.1b1"/> <requires url="acs-kernel" version="5.10.1b4"/> Index: openacs-4/packages/acs-tcl/lib/check-installed.adp =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/lib/check-installed.adp,v diff -u -r1.1.2.8 -r1.1.2.9 --- openacs-4/packages/acs-tcl/lib/check-installed.adp 1 Aug 2024 12:35:08 -0000 1.1.2.8 +++ openacs-4/packages/acs-tcl/lib/check-installed.adp 5 Aug 2024 14:42:53 -0000 1.1.2.9 @@ -1,7 +1,7 @@ <p> The configured version of @resource_name@ is -<strong>@version@</strong><small> <adp:icon title="Configured via @configured_via@" name="form-info-sign"></small> -(newest version on cdnjs: @newest_version@). +<i>@version@</i><small> <adp:icon title="Configured via @configured_via@" name="form-info-sign"></small> +(newest version on cdnjs: <i>@newest_version@</i>). <ul class="action-links ms-3"> <if @modifyPackageParameterURL@ not nil> <li>You might <a title="Change the value of the package parameter @parameter_name@" href="@modifyPackageParameterURL@">modify the parameter value</a> or @@ -18,8 +18,12 @@ </if> <if @vulnerabilityCheckURL@ not nil> <li>You might check on Synk the - <if @vulnerabilityCheckVersionURL@ not nil>a - vulnerability status for version <a href="@vulnerabilityCheckVersionURL@">@version@</a> and + <if @vulnerabilityCheckVersionURL@ not nil>a vulnerability status for version + <a href="@vulnerabilityCheckVersionURL@" title="Check includes only direct vulnerabilities">@version@<sup> + <if @vulnerabilityCheckResult@ true><span class="text-danger"><adp:icon name="warn"></span></if> + <else><span class="text-success"><adp:icon name="radio-checked"></span></else> + </sup> + </a> and </if> for <a href="@vulnerabilityCheckURL@">all released versions</a> of @resource_name@. </li> Index: openacs-4/packages/acs-tcl/lib/check-installed.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/lib/check-installed.tcl,v diff -u -r1.3.2.14 -r1.3.2.15 --- openacs-4/packages/acs-tcl/lib/check-installed.tcl 1 Aug 2024 12:35:08 -0000 1.3.2.14 +++ openacs-4/packages/acs-tcl/lib/check-installed.tcl 5 Aug 2024 14:42:53 -0000 1.3.2.15 @@ -106,29 +106,22 @@ } } -#ns_log notice "vulnerabilityCheck configured: [dict exists $resource_info vulnerabilityCheck]" if {[dict exists $resource_info vulnerabilityCheck]} { set vulnerabilityCheck [dict get $resource_info vulnerabilityCheck] dict with vulnerabilityCheck { - switch $service { - snyk { - set vulnerabilityCheckURL https://snyk.io/advisor/npm-package/$library - set vulnerabilityCheckVersionURL https://security.snyk.io/package/npm/$library/$version - set page [::util::resources::http_get_with_default \ - -url $vulnerabilityCheckVersionURL \ - -key snyk-$library/$version] - if {$page eq ""} { - unset vulnerabilityCheckVersionURL - ns_log notice "vulnerabilityCheck: request failed $vulnerabilityCheckVersionURL" - } else { - ns_log notice "vulnerabilityCheck: keep vulnerabilityCheckVersionURL $vulnerabilityCheckVersionURL" - } - } - default "vulnerabilityCheck: unknown service '$service'" + set result [::util::resources::check_vulnerability \ + -service $service \ + -library $library \ + -version $version] + if {[dict get $result hasVulnerability] ne "?"} { + set vulnerabilityCheckURL [dict get $result libraryURL] + set vulnerabilityCheckVersionURL [dict get $result versionURL] + set vulnerabilityCheckResult [dict get $result hasVulnerability] } } } + foreach url {versionCheckURL vulnerabilityCheck} { if {[dict exists $resource_info $url]} { set $url [dict get $resource_info $url] Index: openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl,v diff -u -r1.189.2.191 -r1.189.2.192 --- openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl 30 Jul 2024 17:53:44 -0000 1.189.2.191 +++ openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl 5 Aug 2024 14:42:53 -0000 1.189.2.192 @@ -4422,6 +4422,45 @@ } { return https://api.cdnjs.com/libraries?search=$library&search_fields=name&fields=filename,description,version&limit=$count } + + + ad_proc -public ::util::resources::check_vulnerability { + {-service:required} + {-library:required} + {-version:required} + } { + + Return a dict containing vulnerability info with the keys + "hasVulnerability", "libraryURL" and "versionURL" + + @param service name of the vulnerability checking service (currently only synk) + @param library name of the library as named by the vulnerability service + @param version version of the library to be checked + + } { + set hasVulnerability ? + switch $service { + snyk { + set vulnerabilityCheckURL https://security.snyk.io/package/npm/$library + set vulnerabilityCheckVersionURL https://security.snyk.io/package/npm/$library/$version + set page [::util::resources::http_get_with_default \ + -url $vulnerabilityCheckVersionURL \ + -key snyk-$library/$version] + if {$page eq ""} { + unset vulnerabilityCheckVersionURL + ns_log notice "check_vulnerability: request failed $vulnerabilityCheckVersionURL" + } else { + set hasVulnerability [string match "*PackageVulnerabilitiesTable*" $page] + #ns_log notice RESULT=$page + } + } + default { + error "check_vulnerability: unknown service '$service'" + } + } + ns_log notice "=== check_vulnerability for $library @$version -> $hasVulnerability" + return [list hasVulnerability $hasVulnerability libraryURL $vulnerabilityCheckURL versionURL $vulnerabilityCheckVersionURL] + } } ad_proc -deprecated ad_tcl_vars_to_ns_set {