| Age | Commit message (Collapse) | Author |
|---|
|
This has probably not worked since 0cb56d93, but this patch will
allow for the warning to appear.
|
|
|
|
Since we are not relying on external services for linking to security
patch information anymore, instead providing our own pages, this is no
longer used for anything. So get rid of it along with the cronjob to
update it.
|
|
Otherwise we're instructing google and others to index pages that don't
exist.
|
|
Across other parts of pgweb we display things from newest to
oldest version, so this brings the CVE display to match this
convention.
|
|
This page contains most information that may be found on 3rd party
sites about a particular CVE, but with the benefit of being hosted
on the PostgreSQL infrastructure.
This does require inserting the CVE description into the website,
which will include backporting the CVE descriptions throughout
many existing CVEs, but the added benefit is that this information
is available when we publish a release, vs. waiting for a 3rd party
to publish the info.
This patch also adds sitemap indexing for each of the CVE entries,
and ensures the top-level CVE URL is in the sitemap.
|
|
This allows the method to be repurposed in additional parts of
the pgweb codebase.
|
|
The current validator stopped after 5 digits, whereas there can
be an aribtrary amount. However, the MITRE docs appear to stop at
7, so this seems like a sane cut-off, until it's not[1].
[1] https://cve.mitre.org/cve/identifiers/syntaxchange.html#new
|
|
|
|
|
|
This is the place to load them to make sure they always load. This means
we can also now remove a hardcoded special varnish purging in the CVE
crawler script, because all saves including those from cron jobs will
now fire the signals and thus the automatic varnish purges.
|
|
And dumb as it is they return "200 OK" on the CVE *page* even if the CVE
doesn't exist. So we have to poll both the page and the API call in
order to figure out if it's actually there.
|
|
This is the bardware compatible value that will be needed once we
upgrade django later.
|
|
Pointed out by newer versions of pep8, but they were never correct.
|
|
A lot of strings in the migrations needed a change from b' to ' to work
after the migration to py3, but this was forgotten in the big patch.
No actual changes included in this patch.
A lot of strings in the migrations needed a change from b' to ' to work
after the migration to py3, but this was forgotten in the big patch.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
In a quest to reach pep8, use spaces to indent rather than tabs.
|
|
|
|
|
|
render_to_response does not work on newer django, so it needs to be
replaced. And using a speicfic context actually overcomplicates things,
it's easier to just use a wrapper function. For those cases where we
don't need NavContext, just use render() (the new shortcut function from
django), which also removes the need to use RequestContext.
|
|
This way new CVEs that are added will start off being listed, but not
with a link. When upstream (currently redhat) publishes the CVE, a
cronjob will pick this up and update it with a link.
Of course, we still only show CVEs that are listed as public, but this
should hopefully get rid of some of the questions of why we link to a
404.
|
|
|
|
That just generates a completely empty page in the output, so remove the
link completely instead.
For supported versions we list all of them, including if they have no
patches.
|
|
|
|
When asking for version x, we should still list all versions the patch
in question applies to, not limit it to the current one.
|
|
Makes the code easier to use in future feed support
|
|
The actual field was already removed, but references in admin.py were
accidentally left around. Oops.
|
|
This finally moves the patches into the db, which makes it a lot easier
to filter patches in the views.
It also adds the new way of categorising patches, which is assigning
them a CVSSv3 score.
For now, there are no public views to this, and the old static pages
remain. This is so we can backfill all existing security patches before
we make it public.
|
