summaryrefslogtreecommitdiff
path: root/pgweb/security/models.py
AgeCommit message (Collapse)Author
2021-05-24Add missing model changeMagnus Hagander
2021-03-28Add page with additional details about a CVEJonathan S. Katz
This page contains most information that may be found on 3rd party sites about a particular CVE, but with the benefit of being hosted on the PostgreSQL infrastructure. This does require inserting the CVE description into the website, which will include backporting the CVE descriptions throughout many existing CVEs, but the added benefit is that this information is available when we publish a release, vs. waiting for a 3rd party to publish the info. This patch also adds sitemap indexing for each of the CVE entries, and ensures the top-level CVE URL is in the sitemap.
2021-03-27Refactor generation of CVE number from CVE IDJonathan S. Katz
This allows the method to be repurposed in additional parts of the pgweb codebase.
2021-03-27Update CVE ID syntax validatorJonathan S. Katz
The current validator stopped after 5 digits, whereas there can be an aribtrary amount. However, the MITRE docs appear to stop at 7, so this seems like a sane cut-off, until it's not[1]. [1] https://cve.mitre.org/cve/identifiers/syntaxchange.html#new
2020-03-31Set on_delete=models.CASCADE on all ForeignKey fieldsMagnus Hagander
This is the bardware compatible value that will be needed once we upgrade django later.
2020-01-09Fix a number of incorrect escapesMagnus Hagander
Pointed out by newer versions of pep8, but they were never correct.
2019-01-26More generic changes from 2to3Magnus Hagander
2019-01-26Generic unicode updatesMagnus Hagander
2019-01-26Update to new style exception catchingMagnus Hagander
2019-01-17Fix deprecated comparison structsMagnus Hagander
2019-01-17Fix whitespace and indentation, per pep8Magnus Hagander
2019-01-17Tabs, meet your new overlords: spacesMagnus Hagander
In a quest to reach pep8, use spaces to indent rather than tabs.
2018-06-29Remove unused variable referencesMagnus Hagander
2018-02-25Allow unlinked CVEs and poll for valid linksMagnus Hagander
This way new CVEs that are added will start off being listed, but not with a link. When upstream (currently redhat) publishes the CVE, a cronjob will pick this up and update it with a link. Of course, we still only show CVEs that are listed as public, but this should hopefully get rid of some of the questions of why we link to a 404.
2018-01-25Database:ify the list of security patchesMagnus Hagander
This finally moves the patches into the db, which makes it a lot easier to filter patches in the views. It also adds the new way of categorising patches, which is assigning them a CVSSv3 score. For now, there are no public views to this, and the old static pages remain. This is so we can backfill all existing security patches before we make it public.