Add UpdateChecker.IsInsecure to check if running version is insecure
Uses a hard-coded list of GHSA ids of known fixed vulnerabilities
This commit is contained in:
parent
b333c738be
commit
f68911e9c2
5 changed files with 47 additions and 15 deletions
|
|
@ -4,5 +4,6 @@ export class Profile {
|
|||
public expiration: Date;
|
||||
public currentVersion: string;
|
||||
public latestVersion: string;
|
||||
public isInsecure: boolean;
|
||||
public disableUpdateNotification: boolean;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -62,9 +62,15 @@
|
|||
</div>
|
||||
</nav>
|
||||
<div
|
||||
class="notification is-warning"
|
||||
*ngIf="profile && !profile.disableUpdateNotification && profile.latestVersion && profile.currentVersion !== profile.latestVersion"
|
||||
class="notification"
|
||||
[ngClass]="profile.isInsecure ? 'is-danger' : 'is-warning'"
|
||||
*ngIf="profile && (!profile.disableUpdateNotification || profile.isInsecure) && profile.latestVersion && profile.currentVersion !== profile.latestVersion"
|
||||
>
|
||||
Version {{ profile.latestVersion }} of RealDebrid Client was found. You are currently on version
|
||||
{{ profile.currentVersion }}.
|
||||
<span *ngIf="profile.isInsecure">
|
||||
Your current version is insecure.
|
||||
</span>
|
||||
<span>
|
||||
Version {{ profile.latestVersion }} of RealDebrid Client was found. You are currently on version
|
||||
{{ profile.currentVersion }}.
|
||||
</span>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -7,5 +7,6 @@ public class Profile
|
|||
public DateTimeOffset? Expiration { get; set; }
|
||||
public String? CurrentVersion { get; set; }
|
||||
public String? LatestVersion { get; set; }
|
||||
public Boolean? IsInsecure { get; set; }
|
||||
public Boolean? DisableUpdateNotification { get; set; }
|
||||
}
|
||||
|
|
@ -9,6 +9,11 @@ public class UpdateChecker(ILogger<UpdateChecker> logger) : BackgroundService
|
|||
{
|
||||
public static String? CurrentVersion { get; private set; }
|
||||
public static String? LatestVersion { get; private set; }
|
||||
|
||||
public static Boolean? IsInsecure { get; private set; }
|
||||
|
||||
private static readonly List<String> KnownGhsaIds = [
|
||||
];
|
||||
|
||||
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
|
||||
{
|
||||
|
|
@ -34,18 +39,9 @@ public class UpdateChecker(ILogger<UpdateChecker> logger) : BackgroundService
|
|||
{
|
||||
try
|
||||
{
|
||||
var httpClient = new HttpClient();
|
||||
httpClient.DefaultRequestHeaders.UserAgent.Add(new("RdtClient", CurrentVersion));
|
||||
var response = await httpClient.GetStringAsync($"https://api.github.com/repos/rogerfar/rdt-client/tags?per_page=1", stoppingToken);
|
||||
var gitHubReleases = await GitHubRequest<List<GitHubReleasesResponse>>("/repos/rogerfar/rdt-client/tags?per_page=1", stoppingToken);
|
||||
|
||||
var gitHubReleases = JsonConvert.DeserializeObject<List<GitHubReleasesResponse>>(response);
|
||||
|
||||
if (gitHubReleases == null || gitHubReleases.Count == 0)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
var latestRelease = gitHubReleases.FirstOrDefault(m => m.Name != null)?.Name;
|
||||
var latestRelease = gitHubReleases?.FirstOrDefault(m => m.Name != null)?.Name;
|
||||
|
||||
if (latestRelease == null)
|
||||
{
|
||||
|
|
@ -59,6 +55,18 @@ public class UpdateChecker(ILogger<UpdateChecker> logger) : BackgroundService
|
|||
}
|
||||
|
||||
LatestVersion = latestRelease;
|
||||
|
||||
var gitHubSecurityAdvisories = await GitHubRequest<List<GitHubSecurityAdvisoriesResponse>>("/repos/rogerfar/rdt-client/security-advisories", stoppingToken);
|
||||
|
||||
var unseenGhsaIds = gitHubSecurityAdvisories?.Where(advisory => !KnownGhsaIds.Contains(advisory.GhsaId));
|
||||
|
||||
if (unseenGhsaIds == null)
|
||||
{
|
||||
logger.LogWarning($"Unable to find security advisories on GitHub");
|
||||
return;
|
||||
}
|
||||
|
||||
IsInsecure = unseenGhsaIds.Any();
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
|
|
@ -70,10 +78,25 @@ public class UpdateChecker(ILogger<UpdateChecker> logger) : BackgroundService
|
|||
|
||||
logger.LogInformation("UpdateChecker stopped.");
|
||||
}
|
||||
|
||||
private async Task<T?> GitHubRequest<T>(String endpoint, CancellationToken cancellationToken)
|
||||
{
|
||||
var httpClient = new HttpClient();
|
||||
httpClient.DefaultRequestHeaders.UserAgent.Add(new("RdtClient", CurrentVersion));
|
||||
var response = await httpClient.GetStringAsync($"https://api.github.com{endpoint}", cancellationToken);
|
||||
|
||||
return JsonConvert.DeserializeObject<T>(response);
|
||||
}
|
||||
}
|
||||
|
||||
public class GitHubReleasesResponse
|
||||
{
|
||||
[JsonProperty("name")]
|
||||
public String? Name { get; set; }
|
||||
}
|
||||
|
||||
public class GitHubSecurityAdvisoriesResponse
|
||||
{
|
||||
[JsonProperty("ghsa_id")]
|
||||
public required String GhsaId { get; set; }
|
||||
}
|
||||
|
|
@ -414,6 +414,7 @@ public class Torrents(
|
|||
Expiration = user.Expiration,
|
||||
CurrentVersion = UpdateChecker.CurrentVersion,
|
||||
LatestVersion = UpdateChecker.LatestVersion,
|
||||
IsInsecure = UpdateChecker.IsInsecure,
|
||||
DisableUpdateNotification = Settings.Get.General.DisableUpdateNotifications
|
||||
};
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue