Files
msys2-web/app/templates/security.html
Christoph Reiter e6e5bc74ad security: list all the packages missing vuln metadata
It's a bit of a wall of text right now, but we need to show them
somewhere so we can fix them.
2024-12-14 10:53:14 +01:00

63 lines
2.5 KiB
HTML

{% extends "layout.html" %}
{% block title %}Security {% endblock %}
{% block inner_content %}
<div class="card mb-3">
<div class="card-header">
<h4 class="card-title">Security</h4>
<h6 class="card-subtitle mb-2 text-muted">{{ vulnerable|length }} packages with known potential vulnerabilities</h6>
</div>
<div class="card-body overflow-auto">
<p class="text-muted">{{ known|length }} out of {{ sources|length }}
packages contain enough metadata for vulnerability scanning. For more
information see <a href="https://www.msys2.org/dev/vulnerabilities">the
vulnerability reporting documentation</a>.</p>
<table class="table table-hover table-sm" style="table-layout: fixed; width:100%;">
<colgroup>
<col style="width: 50%">
<col style="width: 25%">
<col style="width: 25%">
<col style="width: 1.5em">
</colgroup>
<thead>
<tr>
<th>Base Package</th>
<th>Version</th>
<th>Upstream Version</th>
<th></th>
</tr>
</thead>
<tbody>
{% for s in vulnerable|sort(attribute='worst_active_vulnerability.severity.sort_key', reverse = True) %}
<tr>
<td><a href="{{ url_for('base', base_name=s.name) }}">{{ s.name }}</a></td>
<td class="text-version">{{ s.version }}{% if s.version != s.git_version %} <span class="text-muted small align-text-bottom ps-1">({{ s.git_version }} in git)</span>{% endif %}</td>
<td class="text-version">{{ s.upstream_version if s.is_outdated_in_git else '' }}</td>
<td class="mytooltip-onclick">
<span role="button" class="text-{{vulnerability_color(s.worst_active_vulnerability)}}"></span>
<template class="mytooltip-content">
<ul class="list-unstyled">
{% for vuln in s.all_vulnerabilities %}
<li {% if vuln.ignored %}style="text-decoration: line-through"{% endif %}><a href="{{ vuln.url }}">{{ vuln.id }}</a> <span class="opacity-75 text-{{vulnerability_color(vuln)}}">({{ vuln.severity }})</span></li>
{% endfor %}
</ul>
</template>
</td>
</tr>
{% endfor %}
</tbody>
</table>
<h6>{{ unknown|length }} packages are missing metadata for vulnerability scanning:</h6>
{% for s in unknown %}
<a href="{{ url_for('base', base_name=s.name) }}">{{ s.realname }}</a>
{{ ", " if not loop.last else '' }}
{% endfor %}
</div>
</div>
{% endblock %}