Unverified Commit d7237b12 authored by justmurphy's avatar justmurphy Committed by GitHub
Browse files

Merge branch 'develop' into update_B

parents 80b25611 b7d9f75a
......@@ -5,6 +5,9 @@
# requested for review when someone opens a pull request.
* @iainDe @justmurphy @Lcerkov
# These folks own the automated list update configuration.
/config/ @mcdonnnj
# These folks own any dot-files in the repository.
.* @dav3r @felddy @jsf9k @mcdonnnj
......
......@@ -15,23 +15,46 @@ jobs:
lint:
runs-on: ubuntu-latest
steps:
- id: setup-env
uses: cisagov/setup-env-github-action@develop
- uses: actions/checkout@v2
- id: setup-python
uses: actions/setup-python@v2
with:
python-version: "3.10"
# We need the Go version and Go cache location for the actions/cache step,
# so the Go installation must happen before that.
- uses: actions/setup-go@v2
with:
go-version: '1.16'
- name: Store installed Go version
id: go-version
run: |
echo "::set-output name=version::"\
"$(go version | sed 's/^go version go\([0-9.]\+\) .*/\1/')"
- name: Lookup Go cache directory
id: go-cache
run: |
echo "::set-output name=dir::$(go env GOCACHE)"
- uses: actions/cache@v2
env:
BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
py${{ steps.setup-python.outputs.python-version }}"
py${{ steps.setup-python.outputs.python-version }}-\
go${{ steps.go-version.outputs.version }}-"
with:
path: |
${{ env.PIP_CACHE_DIR }}
${{ env.PRE_COMMIT_CACHE_DIR }}
${{ steps.go-cache.outputs.dir }}
key: "${{ env.BASE_CACHE_KEY }}\
${{ hashFiles('**/.pre-commit-config.yaml') }}"
restore-keys: |
${{ env.BASE_CACHE_KEY }}
- name: Install shfmt
env:
PACKAGE_URL: mvdan.cc/sh/v3/cmd/shfmt
PACKAGE_VERSION: ${{ steps.setup-env.outputs.shfmt-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install dependencies
run: |
python -m pip install --upgrade pip setuptools wheel
......
---
name: Update the software list
name: Update the software lists
on:
push:
......@@ -8,7 +8,7 @@ on:
env:
PIP_CACHE_DIR: ~/.cache/pip
TESTING_BRANCH_BASE: testing/update_software_list
TESTING_BRANCH_BASE: testing/update_software_lists
jobs:
setup:
......@@ -34,12 +34,12 @@ jobs:
env:
BASE_BRANCH: ${{ env.TESTING_BRANCH_BASE }}
COMMIT_SHA: ${{ github.sha }}
generate_list_update:
generate_updates:
runs-on: ubuntu-latest
needs: setup
outputs:
# If changes are detected then a commit will have been pushed
updated_list: ${{ steps.commit-for-testing.outputs.changes_detected }}
has_updates: ${{ steps.commit-for-testing.outputs.changes_detected }}
# Don't run if we're seeing an update push
if: github.actor != needs.setup.outputs.git_user
steps:
......@@ -58,7 +58,7 @@ jobs:
path: |
${{ env.PIP_CACHE_DIR }}
key: "${{ env.BASE_CACHE_KEY }}\
${{ hashFiles('.github/workflows/update_software_list.yml') }}-\
${{ hashFiles('.github/workflows/update_software_lists.yml') }}-\
${{ hashFiles('config/requirements.txt') }}"
restore-keys: |
${{ env.BASE_CACHE_KEY }}
......@@ -68,35 +68,23 @@ jobs:
run: pip install --upgrade --requirement config/requirements.txt
- name: Create the branch for test validation
run: git switch --create ${{ needs.setup.outputs.testing_branch }}
- name: Normalize individual cisagov_*.yml files
run: |
for file in data/cisagov_*yml; do \
normalize-yml --cisagov-format "$file" > "$file".tmp; \
mv --force "$file".tmp "$file"; \
done
- name: Update the comprehensive cisagov YAML file
run: normalize-yml --cisagov-format data/cisagov_*.yml > data/cisagov.yml
- name: Generate a normalized YAML file from all source YAML files
run: normalize-yml data/cisagov.yml > normalized.yml
- name: Generate a Markdown table from the normalized YAML file
run: yml2md normalized.yml > table_data.md
- name: Generate a new software list from the updated data
run: md-from-template config/SOFTWARE-LIST.tpl.md table_data.md > SOFTWARE-LIST.md
- name: Update the YAML and Markdown files as appropriate
run: config/update_software_lists.sh
- id: commit-for-testing
uses: stefanzweifel/git-auto-commit-action@v4
with:
branch: ${{ needs.setup.outputs.testing_branch }}
commit_message: Update the software list
commit_message: Normalize YAML files and update the software lists
commit_user_name: ${{ needs.setup.outputs.git_user }}
commit_user_email: ${{ needs.setup.outputs.git_email }}
commit_author: ${{ needs.setup.outputs.git_author }}
file_pattern: SOFTWARE-LIST.md data/cisagov*.yml
merge_list_update:
file_pattern: data/cisagov*.yml software_lists/software_list_*.md
merge_updates:
runs-on: ubuntu-latest
needs:
- setup
- generate_list_update
if: needs.generate_list_update.outputs.updated_list == 'true'
- generate_updates
if: needs.generate_updates.outputs.has_updates == 'true'
steps:
- uses: actions/checkout@v2
with:
......
......@@ -46,3 +46,23 @@ repos:
- id: yamllint
args:
- --strict
# Shell script hooks
- repo: https://github.com/cisagov/pre-commit-shfmt
rev: v0.0.2
hooks:
- id: shfmt
args:
# Indent by two spaces
- -i
- '2'
# Binary operators may start a line
- -bn
# Switch cases are indented
- -ci
# Redirect operators are followed by a space
- -sr
- repo: https://github.com/detailyang/pre-commit-shell
rev: 1.0.5
hooks:
- id: shell-lint
......@@ -87,4 +87,4 @@ in [`PULL-EXAMPLE.md`](PULL-EXAMPLE.md).
## Software List ##
To view the full list of vendors & software [click here](./SOFTWARE-LIST.md).
To view the full list of vendors & software [click here](./software_lists/README.md).
This diff is collapsed.
# CISA Log4j (CVE-2021-44228) Affected Vendor & Software List #
[0-9](software_list_Non-Alphabet.md) [A](software_list_A.md) [B](software_list_B.md)
[C](software_list_C.md) [D](software_list_D.md) [E](software_list_E.md)
[F](software_list_F.md) [G](software_list_G.md) [H](software_list_H.md)
[I](software_list_I.md) [J](software_list_J.md) [K](software_list_K.md)
[L](software_list_L.md) [M](software_list_M.md) [N](software_list_N.md)
[O](software_list_O.md) [P](software_list_P.md) [Q](software_list_Q.md)
[R](software_list_R.md) [S](software_list_S.md) [T](software_list_T.md)
[U](software_list_U.md) [V](software_list_V.md) [W](software_list_W.md)
[X](software_list_X.md) [Y](software_list_Y.md) [Z](software_list_Z.md)
## Status Descriptions ##
| Status | Description |
......
#!/usr/bin/env bash
# This script is used to do the following:
# - Normalize each of the data/cisagov_*.yml files.
# - Update the comprehensive data/cisagov.yml file.
# - Generate each software_lists/software_list_*.md file from its respective
# data/cisagov_*.yml file.
set -o nounset
set -o errexit
set -o pipefail
OUTPUT_DIRECTORY=software_lists
TEMPLATE_FILE=config/SOFTWARE-LIST.tpl.md
echo Normalize individual cisagov YAML files
for file in data/cisagov_*.yml; do
echo " $file..."
normalize-yml --cisagov-format "$file" > "$file".tmp
mv --force "$file".tmp "$file"
done
echo Update the comprehensive cisagov YAML file
normalize-yml --cisagov-format data/cisagov_*.yml > data/cisagov.yml
echo Generate Markdown files from the individual cisagov YAML files
for file in data/cisagov_*.yml; do
echo " $file..."
# Convert the file path data/cisagov_*.yml to software_list_*.md
md_file=$(echo "$file" | sed 's/data\/cisagov_\(.\+\)yml/software_list_\1md/g')
normalize-yml "$file" > "$file.tmp"
yml2md "$file.tmp" > "$md_file.tmp"
md-from-template $TEMPLATE_FILE "$md_file.tmp" > "$OUTPUT_DIRECTORY/$md_file"
done
# CISA Log4j (CVE-2021-44228) Affected Vendor & Software Lists #
## Contributing Guidelines ##
We welcome contributions! Please see [`CONTRIBUTING.md`](../CONTRIBUTING.md) for
details.
### Creating a pull request ###
Instructions for creating a pull request using the GitHub Web UI can be found
in [`PULL-EXAMPLE.md`](../PULL-EXAMPLE.md).
## Software Lists ##
To view the full lists of vendors & software click below:
[0-9](software_list_Non-Alphabet.md) [A](software_list_A.md) [B](software_list_B.md)
[C](software_list_C.md) [D](software_list_D.md) [E](software_list_E.md)
[F](software_list_F.md) [G](software_list_G.md) [H](software_list_H.md)
[I](software_list_I.md) [J](software_list_J.md) [K](software_list_K.md)
[L](software_list_L.md) [M](software_list_M.md) [N](software_list_N.md)
[O](software_list_O.md) [P](software_list_P.md) [Q](software_list_Q.md)
[R](software_list_R.md) [S](software_list_S.md) [T](software_list_T.md)
[U](software_list_U.md) [V](software_list_V.md) [W](software_list_W.md)
[X](software_list_X.md) [Y](software_list_Y.md) [Z](software_list_Z.md)
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
# CISA Log4j (CVE-2021-44228) Affected Vendor & Software List #
[0-9](software_list_Non-Alphabet.md) [A](software_list_A.md) [B](software_list_B.md)
[C](software_list_C.md) [D](software_list_D.md) [E](software_list_E.md)
[F](software_list_F.md) [G](software_list_G.md) [H](software_list_H.md)
[I](software_list_I.md) [J](software_list_J.md) [K](software_list_K.md)
[L](software_list_L.md) [M](software_list_M.md) [N](software_list_N.md)
[O](software_list_O.md) [P](software_list_P.md) [Q](software_list_Q.md)
[R](software_list_R.md) [S](software_list_S.md) [T](software_list_T.md)
[U](software_list_U.md) [V](software_list_V.md) [W](software_list_W.md)
[X](software_list_X.md) [Y](software_list_Y.md) [Z](software_list_Z.md)
## Status Descriptions ##
| Status | Description |
| ------ | ----------- |
| Unknown | Status unknown. Default choice. |
| Affected | Reported to be affected by CVE-2021-44228. |
| Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. |
| Fixed | Patch and/or mitigations available (see provided links). |
| Under Investigation | Vendor investigating status. |
## Software List ##
This list has been populated using information from the following sources:
- Kevin Beaumont
- SwitHak
- National Cyber Security Centre - Netherlands (NCSC-NL)
NOTE: This file is automatically generated. To submit updates, please refer to
[`CONTRIBUTING.md`](CONTRIBUTING.md).
| Vendor | Product | Affected Versions | Patched Versions | Status | Vendor Links | Notes | References | Reporter | Last Updated |
| ------ | ------- | ----------------- | ---------------- | ------ | ------------ | ----- | ---------- | -------- | ------------ |
| K15t | All | | | Unknown | [link](https://help.k15t.com/k15t-apps-and-log4shell-193401141.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| K6 | All | | | Unknown | [link](https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Kaltura | Blackboard Learn SaaS in the classic Learn experience | | v3900.28.x | Fixed | [link](https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 |
| Kaltura | Blackboard Learn Self- and Managed-Hosting | | v3900.26.x | Fixed | [link](https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 |
| Karakun | All | | | Unknown | [link](https://board.karakun.com/viewtopic.php?f=21&t=8351) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Kaseya | AuthAnvil | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Kaseya | BMS | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Kaseya | ID Agent DarkWeb ID and BullPhish ID | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Kaseya | IT Glue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Kaseya | MyGlue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Kaseya | Network Glue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Kaseya | Passly | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Kaseya | RocketCyber | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Kaseya | Spannign Salesforce Backup | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Kaseya | Spanning O365 Backup | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Kaseya | Unitrends | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Kaseya | Vorex | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Kaseya | VSA SaaS and VSA On-Premises | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| KeePass | All | | | Not Affected | [link](https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Keeper | All | | | Fixed | [link](https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Kemp | All | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit) | | [Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Keycloak | All | | | Not Affected | [link](https://github.com/keycloak/keycloak/discussions/9078) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Kofax | Capture | | | Not Affected | [link](https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Kofax | Communication Manager | | 5.3 - 5.5 | Fixed | [link](https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Kofax | Robot File System (RFS) | | >=10.7 | Fixed | [link](https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Kofax | Robotic Process Automation (RPA) | | 11.1, 11.2 | Fixed | [link](https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Konica Minolta | All | | | Unknown | [link](https://www.konicaminolta.de/de-de/support/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Kronos UKG | All | | | Unknown | [link](https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Kyberna | All | | | Unknown | [link](https://www.kyberna.com/detail/log4j-sicherheitsluecke) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment