Software Version Checker

From ULYSSIS documentation
Revision as of 23:21, 4 September 2017 by Bert (talk | contribs) (→‎Scanning)

Introduction

Content Management Systems, or CMS's, are easy tools to set up a website without requiring much programming or configuration. However, as is common in a lot of popular and wide-spread software, bugs or errors in the code occur. These errors can be exploited by hackers to gain access to websites or databases connected to those CMS's. Whenever a new update for a CMS, or other popular software (MediaWiki, PhpBB) is released, those hackers will try to implement them as fast as possible in order to hack the most websites. This is why it's critical to update a CMS, plugins/themes, or any related software as soon as the update comes out. To help you facilitate this, we have created a tool to help you keep the most popular software up-to-date. Currently this feature is only active if you have an organisation or student union (kring/facultair overlegorgaan) account.

Supported Software

  • Drupal, Drupal Modules, Drupal Themes
  • Joomla (Joomla Plugins are not supported yet)
  • MediaWiki (MediaWiki Extensions and Themes are not supported yet)
  • PhpBB, PhpBB Plugins, PhpBB Styles
  • WordPress, WordPress Plugins, WordPress Themes

Operation

In general, the CMS Version Checker performs three steps:

  • Retrieve all outdated software and respective locations from a database, and check their version
  • Mail accounts using outdated software
  • Scan relevant files, detect supported software, and store in database

Version checking

Information about any outdated, supported piece of software (see above), is stored in a local SQLite database. During the first step, all entries added more than a week ago (this to allow users the time to update independently) are retrieved from the database. If the software is not present anymore at the given location, the entry is removed. If the version in the database is equal to the version at the location, the responsible user has not updated the software and a mail will be sent. If the version is not equal, and the software is completely up-to-date, the entry is removed from the database. Otherwise, if the software is updated but not completely up-to-date, the timer for this entry will be reset, giving the acount owner an extra week to update the software completely.

Mailing

Any outdated software for a particular user will be collected and mailed in the same e-mail, to the personal account e-mail address and the @ulyssis.org e-mail address. The mail will contain the name, location, current version, and latest version of all outdated software. In addition, a comprehensive status report, containing all outdated, invalid and detected software, will also be mailed to the ULYSSIS members.

Scanning

During the last step, new software installations will be detected. For every active organisation and student union (kring/facultair overlegorgaan) account, the apache document roots are retrieved, and those directories are searched recursively to find signature files from specific software, as listed above. Those files do not contain personal information. If outdated software is found, and there is no entry in the database yet, the software location and version (among other information) is stored in the SQLite database.

Stored Data

The following data is stored in the SQLite database:

  • The file location
  • The responsible Org or Kring
  • The personal account e-mail address
  • The detected software version
  • The type and name of the software
  • The update URL for the software
  • The date the entry was added

Ignored Paths

The CMS Version Checker has a feature allowing ULYSSIS members to specify paths that will not be searched for software. If you believe you have software that should be ignored (custom plugins or themes), you are free to e-mail a request to ulyssis@ulyssis.org