Merge branch 'master' into feature/devonfw#998-release-info-messed-wi…

…th-installation-output

CHANGELOG.asciidoc

@@ -6,7 +6,7 @@ This file documents all notable changes to https://github.com/devonfw/ide[devonf
 
 Release with new features and bugfixes:
 
-* TODO
+* https://github.com/devonfw/ide/issues/1054[#1054]: automated security warnings
 
 The full list of changes for this release can be found in https://github.com/devonfw/ide/milestone/43?closed=1[milestone 2023.04.001].
 

documentation/functions.asciidoc

@@ -351,6 +351,12 @@ Updates the PATH variable according to the latest tools installed in the `softwa
 
 == Version handling
 
+=== doCheckSoftwareSecurityVersion
+Determines whether the actual version is contained in the security file for the corresponding tool and print out a message if so.
+
+=== doCheckVersionRange
+Determines whether a version is in a version range.
+
 === doGetNextVersion
 A version number is passed to the function doGetNextVersion as an argument and the next version number is generated from this by incrementing the last digit by one and outputs it.
 
@@ -371,6 +377,9 @@ If this is the case, it ends with the return value `0` otherwise `1`.
 === doListSoftwareVersions
 Takes the name of the tool as a parameter and displays the available versions.
 
+=== doReportVersionSecurityWarning
+Prints out a message on version security alerts.
+
 === doSetSoftwareVersion
 Used to set a specific version of a software tool, and requires 2 parameters: the name of the software tool and the desired version.
 The version is saved as `«tool»_VERSION` variable in `settings/devon.properties`.

scripts/src/main/resources/scripts/command/ide

@@ -492,6 +492,9 @@ case "${DEVON_IDE_HOME}" in
    ;;
 esac
 
+git_version="$(git --version | sed -e 's/\.windows\..*$//' | awk '{print $3}')"
+doCheckSoftwareSecurityVersion "git" "${git_version}"
+
 # CLI
 if [ "${1}" = "-h" ] || [ "${1}" = "help" ]
 then

scripts/src/main/resources/scripts/functions

@@ -167,6 +167,74 @@ function doEchoInteraction() {
   echo -e "\033[96m${*}\033[39m"
 }
 
+# $1: first_range_version
+# $2: version
+# $3: last_range_version
+# returns 0 if first_range_version <= version <= last_range_version
+function doCheckVersionRange() {
+  local first_range_version="${1}"
+  local version="${2}"
+  local last_range_version="${3}"
+  doVersionCompare "${first_range_version}" "${version}" 
+  check1="${?}"
+  doVersionCompare "${version}" "${last_range_version}" 
+  check2="${?}"
+  if [ "${check1}" != "1" ] && [ "${check2}" != "1" ] 
+  then
+    return 0
+  else 
+    return 1
+  fi
+}
+
+# $1: software
+# $2: version
+# $3: edition
+function doCheckSoftwareSecurityVersion() {
+  local software="${1}"
+  local version="${2}"
+  local edition="${3}"
+  local security_file
+  local check="0"
+  local line=""
+  local first_version
+  local last_version
+  local software_info="${software}"
+  if [ -z "${edition}" ]
+  then
+    edition="${software}"
+  fi
+  security_file="${DEVON_IDE_HOME}/urls/${software}/${edition}/security"
+  if [ -f "${security_file}" ]
+  then
+    while IFS= read -r line
+    do
+      first_version="$(echo "${line}" | cut -d'>' -f 1)"
+      last_version="$(echo "${line}" | cut -d'>' -f 2)"
+      doCheckVersionRange "${first_version}" "${version}" "${last_version}"
+      if [ "${?}" == "0" ]
+      then
+        check="1"
+      fi
+    done < "${security_file}"
+    if [ "${check}" == "1" ]
+    then
+      if [ "${edition}" != "${software}" ]
+      then
+        software_info="${software} with edition ${edition}"
+      fi
+      mymessage="You are using the tool ${software_info} in version ${version} that has vulnerabilities. Please update the tool to state safe and secure.\nFor further details and recent information have a look at the following webpage:\nhttps://github.com/devonfw/ide/blob/master/documentation/vulnerabilities.asciidoc\n\n"
+      doReportVersionSecurityWarning "${mymessage}"
+    fi
+  fi
+}
+
+# $1: message
+function doReportVersionSecurityWarning() {
+  local message="${1}"
+  doWarning "${message}"
+}
+
 function doDebug() {
   if ! doIsDebug
   then
@@ -1418,6 +1486,8 @@ function doInstall() {
   then
     doRunCommand "${TOOL_VERSION_COMMAND}" "verify installation of ${software}"
   fi
+
+  doCheckSoftwareSecurityVersion "${software}" "${version}" "${edition}"
   return ${result}
 }