Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tracker: add security splash page as index #159

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions test/test_home.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
from flask import url_for
from werkzeug.exceptions import NotFound


def test_home(db, client):
resp = client.get(url_for('tracker.home', path=''), follow_redirects=True)
assert 200 == resp.status_code
8 changes: 0 additions & 8 deletions test/test_index.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,6 @@
from .conftest import create_package


@create_package(name='foo', version='1.2.3-4')
@create_group(id=DEFAULT_GROUP_ID, packages=['foo'], affected='1.2.3-3', fixed='1.2.3-4')
def test_index(db, client):
resp = client.get(url_for('tracker.index'), follow_redirects=True)
assert 200 == resp.status_code
assert DEFAULT_GROUP_NAME not in resp.data.decode()


@create_package(name='foo', version='1.2.3-4')
@create_group(id=DEFAULT_GROUP_ID, packages=['foo'], affected='1.2.3-3')
def test_index_vulnerable(db, client):
Expand Down
4 changes: 2 additions & 2 deletions test/test_login.py
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ def test_login_disabled(db, client):
def test_login_logged_in_redirect(db, client):
resp = client.post(url_for('tracker.login'), follow_redirects=False)
assert 302 == resp.status_code
assert resp.location.endswith('/')
assert resp.location.endswith('/issues')


@logged_in
Expand All @@ -63,4 +63,4 @@ def test_logout(db, client):
def test_logout_not_logged_in(db, client):
resp = client.post(url_for('tracker.logout'), follow_redirects=False)
assert 302 == resp.status_code
assert resp.location.endswith('/')
assert resp.location.endswith('/issues')
3 changes: 2 additions & 1 deletion tracker/templates/base.html
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,8 @@
<div class="content">
<div class="navbar">
<ul>
<li><a href="/">issues</a></li>
<li><a href="/">home</a></li>
<li><a href="/issues/">issues</a></li>
<li><a href="/advisory">advisories</a></li>
<li><a href="/todo">todo</a></li>
<li><a href="/stats">stats</a></li>
Expand Down
41 changes: 41 additions & 0 deletions tracker/templates/home.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
{%- extends "base.html" -%}
{% block content %}

<h1>Arch Linux Security</h2>

For Arch Linux security is paramount, and a dedicated team of staffers and
volunteers helps with triaging, prioritizing, confirming, patching and
notifying about vulnerabilities in Arch Linux components as well as
packages provided in the official repositories.

<h2>Reporting Vulnerablities in Arch Linux Components or Infrastructure</h3>

If you have discovered a vulnerability in packages related to core
components or in Arch Linux infrastructure don't hesitate to reach out
to <a href="mailto:[email protected]">[email protected]</a> to
discuss remediation. You can encrypt your email to the following gpg keys.
<!-- FIXME: we'll have to figure this one out on the backend -->
Foxboron marked this conversation as resolved.
Show resolved Hide resolved
<ul>
<li><a href="https://www.archlinux.org/people/developers/#anthraxx">Levente Polyak</a>
<tt>E240 B57E 2C46 30BA 768E 2F26 FC1B 547C 8D81 72C8</tt></li>

<li><a href="https://www.archlinux.org/people/support-staff/#rgacogne">Remi Gacogne</a>
<tt>A4CB EA79 7489 8599 195E 4FEC 46EC 46F3 9F3E 2EF1</tt></li>

<li><a href="https://www.archlinux.org/people/developers/#allan">Allan McRae</a>
<tt>6645 B0A8 C700 5E78 DB1D 7864 F99F FE0F EAE9 99BD</tt></li>
Comment on lines +25 to +26
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we remove Allan? @anthraxx

</ul>

<h2>Vulnerabilities in Upstream Packages</h3>

Our <a href="{{ url_for('tracker.index_vulnerable') }}">CVE tracker</a> can help you
review the vulnerabilities that affect the packages we provide. If you
think a CVE that affects a package is not listed in there, do not hesitate
to reach out to us in irc on <tt>#archlinux-security</tt> in
<a href="https://freenode.net">freenode</a>.

<h2>Securing your Arch Linux installation</h3>

Consider checking this
<a href="https://wiki.archlinux.org/index.php/Security">Wiki page for more information</a>
{%- endblock %}
1 change: 1 addition & 0 deletions tracker/view/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
from .delete import *
from .edit import *
from .error import *
from .home import *
from .index import *
from .login import *
from .show import *
Expand Down
8 changes: 8 additions & 0 deletions tracker/view/home.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
from flask import render_template

from tracker import tracker


@tracker.route('/', methods=['GET'])
def home():
return render_template('home.html')
1 change: 0 additions & 1 deletion tracker/view/index.py
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,6 @@ def get_index_data(only_vulnerable=False, only_in_repo=True):
return groups


@tracker.route('/', defaults={'path': '', 'only_vulnerable': True}, methods=['GET'])
def index(only_vulnerable=True, path=None):
groups = get_index_data(only_vulnerable)
return render_template('index.html',
Expand Down
8 changes: 4 additions & 4 deletions tracker/view/login.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
@tracker.route('/login', methods=['GET', 'POST'])
def login():
if current_user.is_authenticated:
return redirect(url_for('tracker.index'))
return redirect(url_for('tracker.index_vulnerable'))

form = LoginForm()
if not form.validate_on_submit():
Expand All @@ -33,14 +33,14 @@ def login():
user = user_assign_new_token(form.user)
user.is_authenticated = True
login_user(user)
return redirect(url_for('tracker.index'))
return redirect(url_for('tracker.index_vulnerable'))


@tracker.route('/logout', methods=['GET', 'POST'])
def logout():
if not current_user.is_authenticated:
return redirect(url_for('tracker.index'))
return redirect(url_for('tracker.index_vulnerable'))

user_invalidate(current_user)
logout_user()
return redirect(url_for('tracker.index'))
return redirect(url_for('tracker.index_vulnerable'))