github.com/psyb0t/mattermost-server@v4.6.1-0.20180125161845-5503a1351abf+incompatible/app/security_update_check.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package app 5 6 import ( 7 "io/ioutil" 8 "net/http" 9 "net/url" 10 "runtime" 11 "strconv" 12 13 l4g "github.com/alecthomas/log4go" 14 "github.com/mattermost/mattermost-server/model" 15 "github.com/mattermost/mattermost-server/utils" 16 ) 17 18 const ( 19 SECURITY_URL = "https://d7zmvsa9e04kk.cloudfront.net" 20 SECURITY_UPDATE_PERIOD = 86400000 // 24 hours in milliseconds. 21 22 PROP_SECURITY_ID = "id" 23 PROP_SECURITY_BUILD = "b" 24 PROP_SECURITY_ENTERPRISE_READY = "be" 25 PROP_SECURITY_DATABASE = "db" 26 PROP_SECURITY_OS = "os" 27 PROP_SECURITY_USER_COUNT = "uc" 28 PROP_SECURITY_TEAM_COUNT = "tc" 29 PROP_SECURITY_ACTIVE_USER_COUNT = "auc" 30 PROP_SECURITY_UNIT_TESTS = "ut" 31 ) 32 33 func (a *App) DoSecurityUpdateCheck() { 34 if *a.Config().ServiceSettings.EnableSecurityFixAlert { 35 if result := <-a.Srv.Store.System().Get(); result.Err == nil { 36 props := result.Data.(model.StringMap) 37 lastSecurityTime, _ := strconv.ParseInt(props[model.SYSTEM_LAST_SECURITY_TIME], 10, 0) 38 currentTime := model.GetMillis() 39 40 if (currentTime - lastSecurityTime) > SECURITY_UPDATE_PERIOD { 41 l4g.Debug(utils.T("mattermost.security_checks.debug")) 42 43 v := url.Values{} 44 45 v.Set(PROP_SECURITY_ID, a.DiagnosticId()) 46 v.Set(PROP_SECURITY_BUILD, model.CurrentVersion+"."+model.BuildNumber) 47 v.Set(PROP_SECURITY_ENTERPRISE_READY, model.BuildEnterpriseReady) 48 v.Set(PROP_SECURITY_DATABASE, *a.Config().SqlSettings.DriverName) 49 v.Set(PROP_SECURITY_OS, runtime.GOOS) 50 51 if len(props[model.SYSTEM_RAN_UNIT_TESTS]) > 0 { 52 v.Set(PROP_SECURITY_UNIT_TESTS, "1") 53 } else { 54 v.Set(PROP_SECURITY_UNIT_TESTS, "0") 55 } 56 57 systemSecurityLastTime := &model.System{Name: model.SYSTEM_LAST_SECURITY_TIME, Value: strconv.FormatInt(currentTime, 10)} 58 if lastSecurityTime == 0 { 59 <-a.Srv.Store.System().Save(systemSecurityLastTime) 60 } else { 61 <-a.Srv.Store.System().Update(systemSecurityLastTime) 62 } 63 64 if ucr := <-a.Srv.Store.User().GetTotalUsersCount(); ucr.Err == nil { 65 v.Set(PROP_SECURITY_USER_COUNT, strconv.FormatInt(ucr.Data.(int64), 10)) 66 } 67 68 if ucr := <-a.Srv.Store.Status().GetTotalActiveUsersCount(); ucr.Err == nil { 69 v.Set(PROP_SECURITY_ACTIVE_USER_COUNT, strconv.FormatInt(ucr.Data.(int64), 10)) 70 } 71 72 if tcr := <-a.Srv.Store.Team().AnalyticsTeamCount(); tcr.Err == nil { 73 v.Set(PROP_SECURITY_TEAM_COUNT, strconv.FormatInt(tcr.Data.(int64), 10)) 74 } 75 76 res, err := http.Get(SECURITY_URL + "/security?" + v.Encode()) 77 if err != nil { 78 l4g.Error(utils.T("mattermost.security_info.error")) 79 return 80 } 81 82 bulletins := model.SecurityBulletinsFromJson(res.Body) 83 consumeAndClose(res) 84 85 for _, bulletin := range bulletins { 86 if bulletin.AppliesToVersion == model.CurrentVersion { 87 if props["SecurityBulletin_"+bulletin.Id] == "" { 88 if results := <-a.Srv.Store.User().GetSystemAdminProfiles(); results.Err != nil { 89 l4g.Error(utils.T("mattermost.system_admins.error")) 90 return 91 } else { 92 users := results.Data.(map[string]*model.User) 93 94 resBody, err := http.Get(SECURITY_URL + "/bulletins/" + bulletin.Id) 95 if err != nil { 96 l4g.Error(utils.T("mattermost.security_bulletin.error")) 97 return 98 } 99 100 body, err := ioutil.ReadAll(resBody.Body) 101 res.Body.Close() 102 if err != nil || resBody.StatusCode != 200 { 103 l4g.Error(utils.T("mattermost.security_bulletin_read.error")) 104 return 105 } 106 107 for _, user := range users { 108 l4g.Info(utils.T("mattermost.send_bulletin.info"), bulletin.Id, user.Email) 109 a.SendMail(user.Email, utils.T("mattermost.bulletin.subject"), string(body)) 110 } 111 } 112 113 bulletinSeen := &model.System{Name: "SecurityBulletin_" + bulletin.Id, Value: bulletin.Id} 114 <-a.Srv.Store.System().Save(bulletinSeen) 115 } 116 } 117 } 118 } 119 } 120 } 121 }