VladPolskiy/postgres-web
1
0
Fork 0
mirror of https://github.com/postgres/pgweb.git synced 2025-08-13 13:12:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Database:ify the list of security patches

Browse Source 
This finally moves the patches into the db, which makes it a lot easier
to filter patches in the views.

It also adds the new way of categorising patches, which is assigning
them a CVSSv3 score.

For now, there are no public views to this, and the old static pages
remain. This is so we can backfill all existing security patches before
we make it public.
This commit is contained in:
Magnus Hagander
2018-01-25 21:59:13 +01:00
parent d0aa8ac119
commit 0cb56d9355
10 changed files with 422 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
pgweb/security/views.py Normal file
View File

@ -0,0 +1,34 @@
from django.shortcuts import render_to_response, get_object_or_404
from pgweb.util.contexts import NavContext
from pgweb.core.models import Version
from models import SecurityPatch
def _list_patches(request, filt):
patches = SecurityPatch.objects.raw("SELECT p.*, array_agg(CASE WHEN v.tree >= 10 THEN v.tree::int ELSE v.tree END ORDER BY v.tree) AS affected, array_agg(CASE WHEN v.tree >= 10 THEN v.tree::int ELSE v.tree END || '.' || fixed_minor ORDER BY v.tree) AS fixed FROM security_securitypatch p INNER JOIN security_securitypatchversion sv ON p.id=sv.patch_id INNER JOIN core_version v ON v.id=sv.version_id WHERE p.public AND {0} GROUP BY p.id".format(filt))
return render_to_response('security/security.html', {
'patches': patches,
'supported': Version.objects.filter(supported=True),
'unsupported': Version.objects.filter(supported=False, tree__gt=0),
}, NavContext(request, 'support'))
def index(request):
# Show all supported versions
return _list_patches(request, "v.supported")
def version(request, numtree):
version = get_object_or_404(Version, tree=numtree)
# It's safe to pass in the value since we get it from the module, not from
# the actual querystring.
return _list_patches(request, "v.id={0}".format(version.id))
patches = SecurityPatch.objects.filter(public=True, versions=version).distinct()
return render_to_response('security/security.html', {
'patches': patches,
'supported': Version.objects.filter(supported=True),
'unsupported': Version.objects.filter(supported=False, tree__gt=0),
'version': version,
}, NavContext(request, 'support'))