kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-09-06 12:45:30 +00:00
Code Issues Projects Releases Wiki Activity

Security alert thing.

Browse Source
This commit is contained in:
James Cole
2021-06-11 20:19:59 +02:00
parent fdf379b88b
commit 0d7d3f45f0
5 changed files with 66 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/Console/Commands/Upgrade/UpgradeDatabase.php
View File

@@ -105,6 +105,7 @@ class UpgradeDatabase extends Command
// instructions
'firefly:instructions update',
'firefly-iii:verify-security-alerts'
];
$args = [];
if ($this->option('force')) {

8
app/Console/Commands/VerifySecurityAlerts.php
View File

@@ -4,6 +4,7 @@ namespace FireflyIII\Console\Commands;
use Illuminate\Console\Command;
use Storage;
use Log;
/**
* Class VerifySecurityAlerts
@@ -49,6 +50,7 @@ class VerifySecurityAlerts extends Command
$version = config('firefly.version');
$disk = Storage::disk('resources');
if (!$disk->has('alerts.json')) {
Log::debug('No alerts.json file present.');
return 0;
}
$content = $disk->get('alerts.json');
@@ -56,24 +58,27 @@ class VerifySecurityAlerts extends Command
/** @var array $array */
foreach ($json as $array) {
// overrule array:
if ($version === $array['version'] && true === $array['advisory']) {
Log::debug(sprintf('Version %s has an alert!', $array['version']));
// add advisory to configuration.
app('fireflyconfig')->set('upgrade_security_message', $array['message']);
app('fireflyconfig')->set('upgrade_security_level', $array['level']);
// depends on level
if ('info' === $array['level']) {
Log::debug('INFO level alert');
$this->info($array['message']);
return 0;
}
if ('warning' === $array['level']) {
Log::debug('WARNING level alert');
$this->warn('------------------------ :o');
$this->warn($array['message']);
$this->warn('------------------------ :o');
return 0;
}
if ('danger' === $array['level']) {
Log::debug('DANGER level alert');
$this->error('------------------------ :-(');
$this->error($array['message']);
$this->error('------------------------ :-(');
@@ -83,6 +88,7 @@ class VerifySecurityAlerts extends Command
return 0;
}
}
Log::debug('This version is not mentioned.');
return 0;
}

1
app/Http/Controllers/System/InstallController.php
View File

@@ -111,6 +111,7 @@ class InstallController extends Controller
// final command to set latest version in DB
'firefly-iii:set-latest-version' => ['--james-is-cool' => true],
'firefly-iii:verify-security-alerts' => [],
];
$this->lastError = '';

4
composer.json
View File

@@ -200,10 +200,12 @@
"@php artisan firefly-iii:restore-oauth-keys",
"@php artisan firefly-iii:set-latest-version --james-is-cool",
"@php artisan firefly:instructions update",
"@php artisan firefly-iii:verify-security-alerts",
"@php artisan passport:install"
],
"post-install-cmd": [
"@php artisan firefly:instructions install"
"@php artisan firefly:instructions install",
"@php artisan firefly-iii:verify-security-alerts"
]
},
"config": {

98
composer.lock generated
View File

@@ -1680,16 +1680,16 @@
},
{
"name": "laravel/framework",
"version": "v8.45.1",
"version": "v8.46.0",
"source": {
"type": "git",
"url": "https://github.com/laravel/framework.git",
"reference": "dc2f0bb02c3eb4b27669d626bb3e810db8e7749d"
"reference": "a18266c612e0e6aba5e0174b3c873d2d217dccfb"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/laravel/framework/zipball/dc2f0bb02c3eb4b27669d626bb3e810db8e7749d",
"reference": "dc2f0bb02c3eb4b27669d626bb3e810db8e7749d",
"url": "https://api.github.com/repos/laravel/framework/zipball/a18266c612e0e6aba5e0174b3c873d2d217dccfb",
"reference": "a18266c612e0e6aba5e0174b3c873d2d217dccfb",
"shasum": ""
},
"require": {
@@ -1844,7 +1844,7 @@
"issues": "https://github.com/laravel/framework/issues",
"source": "https://github.com/laravel/framework"
},
"time": "2021-06-03T16:39:17+00:00"
"time": "2021-06-08T13:36:46+00:00"
},
{
"name": "laravel/passport",
@@ -2831,16 +2831,16 @@
},
{
"name": "nesbot/carbon",
"version": "2.48.1",
"version": "2.49.0",
"source": {
"type": "git",
"url": "https://github.com/briannesbitt/Carbon.git",
"reference": "8d1f50f1436fb4b05e7127360483dd9c6e73da16"
"reference": "93d9db91c0235c486875d22f1e08b50bdf3e6eee"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/briannesbitt/Carbon/zipball/8d1f50f1436fb4b05e7127360483dd9c6e73da16",
"reference": "8d1f50f1436fb4b05e7127360483dd9c6e73da16",
"url": "https://api.github.com/repos/briannesbitt/Carbon/zipball/93d9db91c0235c486875d22f1e08b50bdf3e6eee",
"reference": "93d9db91c0235c486875d22f1e08b50bdf3e6eee",
"shasum": ""
},
"require": {
@@ -2920,7 +2920,7 @@
"type": "tidelift"
}
],
"time": "2021-05-26T22:08:38+00:00"
"time": "2021-06-02T07:31:40+00:00"
},
{
"name": "nyholm/psr7",
@@ -7285,16 +7285,16 @@
},
{
"name": "composer/ca-bundle",
"version": "1.2.9",
"version": "1.2.10",
"source": {
"type": "git",
"url": "https://github.com/composer/ca-bundle.git",
"reference": "78a0e288fdcebf92aa2318a8d3656168da6ac1a5"
"reference": "9fdb22c2e97a614657716178093cd1da90a64aa8"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/composer/ca-bundle/zipball/78a0e288fdcebf92aa2318a8d3656168da6ac1a5",
"reference": "78a0e288fdcebf92aa2318a8d3656168da6ac1a5",
"url": "https://api.github.com/repos/composer/ca-bundle/zipball/9fdb22c2e97a614657716178093cd1da90a64aa8",
"reference": "9fdb22c2e97a614657716178093cd1da90a64aa8",
"shasum": ""
},
"require": {
@@ -7341,7 +7341,7 @@
"support": {
"irc": "irc://irc.freenode.org/composer",
"issues": "https://github.com/composer/ca-bundle/issues",
"source": "https://github.com/composer/ca-bundle/tree/1.2.9"
"source": "https://github.com/composer/ca-bundle/tree/1.2.10"
},
"funding": [
{
@@ -7357,20 +7357,20 @@
"type": "tidelift"
}
],
"time": "2021-01-12T12:10:35+00:00"
"time": "2021-06-07T13:58:28+00:00"
},
{
"name": "composer/composer",
"version": "2.1.1",
"version": "2.1.3",
"source": {
"type": "git",
"url": "https://github.com/composer/composer.git",
"reference": "e338749d4e6cc97e1136c210ce0212d4a59e3a58"
"reference": "fc5c4573aafce3a018eb7f1f8f91cea423970f2e"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/composer/composer/zipball/e338749d4e6cc97e1136c210ce0212d4a59e3a58",
"reference": "e338749d4e6cc97e1136c210ce0212d4a59e3a58",
"url": "https://api.github.com/repos/composer/composer/zipball/fc5c4573aafce3a018eb7f1f8f91cea423970f2e",
"reference": "fc5c4573aafce3a018eb7f1f8f91cea423970f2e",
"shasum": ""
},
"require": {
@@ -7439,7 +7439,7 @@
"support": {
"irc": "irc://irc.freenode.org/composer",
"issues": "https://github.com/composer/composer/issues",
"source": "https://github.com/composer/composer/tree/2.1.1"
"source": "https://github.com/composer/composer/tree/2.1.3"
},
"funding": [
{
@@ -7455,7 +7455,7 @@
"type": "tidelift"
}
],
"time": "2021-06-04T06:46:46+00:00"
"time": "2021-06-09T14:31:20+00:00"
},
{
"name": "composer/metadata-minifier",
@@ -8839,16 +8839,16 @@
},
{
"name": "phpstan/phpstan",
"version": "0.12.88",
"version": "0.12.89",
"source": {
"type": "git",
"url": "https://github.com/phpstan/phpstan.git",
"reference": "464d1a81af49409c41074aa6640ed0c4cbd9bb68"
"reference": "54c0f5a6c30511b77128d58b6369f718df250542"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpstan/phpstan/zipball/464d1a81af49409c41074aa6640ed0c4cbd9bb68",
"reference": "464d1a81af49409c41074aa6640ed0c4cbd9bb68",
"url": "https://api.github.com/repos/phpstan/phpstan/zipball/54c0f5a6c30511b77128d58b6369f718df250542",
"reference": "54c0f5a6c30511b77128d58b6369f718df250542",
"shasum": ""
},
"require": {
@@ -8879,13 +8879,17 @@
"description": "PHPStan - PHP Static Analysis Tool",
"support": {
"issues": "https://github.com/phpstan/phpstan/issues",
"source": "https://github.com/phpstan/phpstan/tree/0.12.88"
"source": "https://github.com/phpstan/phpstan/tree/0.12.89"
},
"funding": [
{
"url": "https://github.com/ondrejmirtes",
"type": "github"
},
{
"url": "https://github.com/phpstan",
"type": "github"
},
{
"url": "https://www.patreon.com/phpstan",
"type": "patreon"
@@ -8895,7 +8899,7 @@
"type": "tidelift"
}
],
"time": "2021-05-17T12:24:49+00:00"
"time": "2021-06-09T20:23:49+00:00"
},
{
"name": "phpstan/phpstan-deprecation-rules",
@@ -9425,18 +9429,19 @@
"source": {
"type": "git",
"url": "https://github.com/Roave/SecurityAdvisories.git",
"reference": "9460a22455b82b353d2212fecedebcf73b141baa"
"reference": "ba841897ca44f2ef8eff82d0edf3d6681f0e9875"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/Roave/SecurityAdvisories/zipball/9460a22455b82b353d2212fecedebcf73b141baa",
"reference": "9460a22455b82b353d2212fecedebcf73b141baa",
"url": "https://api.github.com/repos/Roave/SecurityAdvisories/zipball/ba841897ca44f2ef8eff82d0edf3d6681f0e9875",
"reference": "ba841897ca44f2ef8eff82d0edf3d6681f0e9875",
"shasum": ""
},
"conflict": {
"3f/pygmentize": "<1.2",
"adodb/adodb-php": "<5.20.12",
"alterphp/easyadmin-extension-bundle": ">=1.2,<1.2.11|>=1.3,<1.3.1",
"amazing/media2click": ">=1,<1.3.3",
"amphp/artax": "<1.0.6|>=2,<2.0.6",
"amphp/http": "<1.0.1",
"amphp/http-client": ">=4,<4.4",
@@ -9446,7 +9451,7 @@
"bagisto/bagisto": "<0.1.5",
"barrelstrength/sprout-base-email": "<1.2.7",
"barrelstrength/sprout-forms": "<3.9",
"baserproject/basercms": ">=4,<=4.3.6|>=4.4,<4.4.1",
"baserproject/basercms": "<4.4.5",
"bk2k/bootstrap-package": ">=7.1,<7.1.2|>=8,<8.0.8|>=9,<9.0.4|>=9.1,<9.1.3|>=10,<10.0.10|>=11,<11.0.3",
"bolt/bolt": "<3.7.2",
"bolt/core": "<4.1.13",
@@ -9456,7 +9461,7 @@
"cakephp/cakephp": ">=1.3,<1.3.18|>=2,<2.4.99|>=2.5,<2.5.99|>=2.6,<2.6.12|>=2.7,<2.7.6|>=3,<3.5.18|>=3.6,<3.6.15|>=3.7,<3.7.7",
"cart2quote/module-quotation": ">=4.1.6,<=4.4.5|>=5,<5.4.4",
"cartalyst/sentry": "<=2.1.6",
"centreon/centreon": "<18.10.8|>=19,<19.4.5",
"centreon/centreon": "<20.10.7",
"cesnet/simplesamlphp-module-proxystatistics": "<3.1",
"codeigniter/framework": "<=3.0.6",
"composer/composer": "<1.10.22|>=2-alpha.1,<2.0.13",
@@ -9501,7 +9506,9 @@
"ezsystems/repository-forms": ">=2.3,<2.3.2.1",
"ezyang/htmlpurifier": "<4.1.1",
"facade/ignition": "<1.16.14|>=2,<2.4.2|>=2.5,<2.5.2",
"feehi/cms": "<=2.1.1",
"firebase/php-jwt": "<2",
"flarum/core": ">=1,<=1.0.1",
"flarum/sticky": ">=0.1-beta.14,<=0.1-beta.15",
"flarum/tags": "<=0.1-beta.13",
"fluidtypo3/vhs": "<5.1.1",
@@ -9514,7 +9521,7 @@
"friendsofsymfony/user-bundle": ">=1.2,<1.3.5",
"friendsoftypo3/mediace": ">=7.6.2,<7.6.5",
"fuel/core": "<1.8.1",
"getgrav/grav": "<1.7.11",
"getgrav/grav": "<=1.7.10",
"getkirby/cms": "<3.5.4",
"getkirby/panel": "<2.5.14",
"gos/web-socket-bundle": "<1.10.4|>=2,<2.6.1|>=3,<3.3",
@@ -9537,6 +9544,7 @@
"klaviyo/magento2-extension": ">=1,<3",
"kreait/firebase-php": ">=3.2,<3.8.1",
"la-haute-societe/tcpdf": "<6.2.22",
"laminas/laminas-http": "<2.14.2",
"laravel/framework": "<6.20.26|>=7,<8.40",
"laravel/socialite": ">=1,<1.0.99|>=2,<2.0.10",
"league/commonmark": "<0.18.3",
@@ -9624,7 +9632,7 @@
"silverstripe/comments": ">=1.3,<1.9.99|>=2,<2.9.99|>=3,<3.1.1",
"silverstripe/forum": "<=0.6.1|>=0.7,<=0.7.3",
"silverstripe/framework": "<4.4.7|>=4.5,<4.5.4",
"silverstripe/graphql": ">=2,<2.0.5|>=3,<3.1.2|>=3.2,<3.2.4",
"silverstripe/graphql": "<=3.5",
"silverstripe/registry": ">=2.1,<2.1.2|>=2.2,<2.2.1",
"silverstripe/restfulserver": ">=1,<1.0.9|>=2,<2.0.4",
"silverstripe/subsites": ">=2,<2.1.1",
@@ -9682,12 +9690,14 @@
"symfony/var-exporter": ">=4.2,<4.2.12|>=4.3,<4.3.8",
"symfony/web-profiler-bundle": ">=2,<2.3.19|>=2.4,<2.4.9|>=2.5,<2.5.4",
"symfony/yaml": ">=2,<2.0.22|>=2.1,<2.1.7",
"t3/dce": ">=2.2,<2.6.2",
"t3g/svg-sanitizer": "<1.0.3",
"tecnickcom/tcpdf": "<6.2.22",
"thelia/backoffice-default-template": ">=2.1,<2.1.2",
"thelia/thelia": ">=2.1-beta.1,<2.1.3",
"theonedemon/phpwhois": "<=4.2.5",
"titon/framework": ">=0,<9.9.99",
"tribalsystems/zenario": "<8.8.53370",
"truckersmp/phpwhois": "<=4.3.1",
"twig/twig": "<1.38|>=2,<2.7",
"typo3/cms": ">=6.2,<6.2.30|>=7,<7.6.32|>=8,<8.7.38|>=9,<9.5.25|>=10,<10.4.14|>=11,<11.1.1",
@@ -9736,7 +9746,7 @@
"zendframework/zend-validator": ">=2.3,<2.3.6",
"zendframework/zend-view": ">=2,<2.2.7|>=2.3,<2.3.1",
"zendframework/zend-xmlrpc": ">=2.1,<2.1.6|>=2.2,<2.2.6",
"zendframework/zendframework": "<2.5.1",
"zendframework/zendframework": "<=3",
"zendframework/zendframework1": "<1.12.20",
"zendframework/zendopenid": ">=2,<2.0.2",
"zendframework/zendxml": ">=1,<1.0.1",
@@ -9778,7 +9788,7 @@
"type": "tidelift"
}
],
"time": "2021-06-01T22:04:47+00:00"
"time": "2021-06-10T17:35:36+00:00"
},
{
"name": "sebastian/cli-parser",
@@ -10286,16 +10296,16 @@
},
{
"name": "sebastian/global-state",
"version": "5.0.2",
"version": "5.0.3",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/global-state.git",
"reference": "a90ccbddffa067b51f574dea6eb25d5680839455"
"reference": "23bd5951f7ff26f12d4e3242864df3e08dec4e49"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/global-state/zipball/a90ccbddffa067b51f574dea6eb25d5680839455",
"reference": "a90ccbddffa067b51f574dea6eb25d5680839455",
"url": "https://api.github.com/repos/sebastianbergmann/global-state/zipball/23bd5951f7ff26f12d4e3242864df3e08dec4e49",
"reference": "23bd5951f7ff26f12d4e3242864df3e08dec4e49",
"shasum": ""
},
"require": {
@@ -10338,7 +10348,7 @@
],
"support": {
"issues": "https://github.com/sebastianbergmann/global-state/issues",
"source": "https://github.com/sebastianbergmann/global-state/tree/5.0.2"
"source": "https://github.com/sebastianbergmann/global-state/tree/5.0.3"
},
"funding": [
{
@@ -10346,7 +10356,7 @@
"type": "github"
}
],
"time": "2020-10-26T15:55:19+00:00"
"time": "2021-06-11T13:31:12+00:00"
},
{
"name": "sebastian/lines-of-code",
@@ -11115,5 +11125,5 @@
"ext-xml": "*"
},
"platform-dev": [],
"plugin-api-version": "2.0.0"
"plugin-api-version": "2.1.0"
}