2022-12-05 13:21:28 +00:00
#!/usr/bin/env python3
2022-11-18 12:23:34 +00:00
from pathlib import Path
from typing import List
2022-05-26 20:19:15 +00:00
2022-11-18 12:23:34 +00:00
VERSIONS_FILE = (
Path ( __file__ ) . absolute ( ) . parent . parent / " list-versions " / " version_date.tsv "
)
2022-05-26 20:19:15 +00:00
2022-11-18 14:08:59 +00:00
HEADER = """ <!--
the file is autogenerated by utils / security - generator / generate_security . py
- - >
# Security Policy
2022-05-26 20:19:15 +00:00
## Security Announcements
Security fixes will be announced by posting them in the [ security changelog ] ( https : / / clickhouse . com / docs / en / whats - new / security - changelog / ) .
## Scope and Supported Versions
The following versions of ClickHouse server are currently being supported with security updates :
2022-11-18 12:23:34 +00:00
"""
2022-05-26 20:19:15 +00:00
2022-11-18 12:23:34 +00:00
FOOTER = """ ## Reporting a Vulnerability
2022-05-26 20:19:15 +00:00
We ' re extremely grateful for security researchers and users that report vulnerabilities to the ClickHouse Open Source Community. All reports are thoroughly investigated by developers.
2022-06-27 02:06:16 +00:00
To report a potential vulnerability in ClickHouse please send the details about it to [ security @clickhouse.com ] ( mailto : security @clickhouse.com ) . We do not offer any financial rewards for reporting issues to us using this method . Alternatively , you can also submit your findings through our public bug bounty program hosted by [ Bugcrowd ] ( https : / / bugcrowd . com / clickhouse ) and be rewarded for it as per the program scope and rules of engagement .
2022-05-26 20:19:15 +00:00
### When Should I Report a Vulnerability?
- You think you discovered a potential security vulnerability in ClickHouse
- You are unsure how a vulnerability affects ClickHouse
### When Should I NOT Report a Vulnerability?
- You need help tuning ClickHouse components for security
- You need help applying security related updates
- Your issue is not security related
## Security Vulnerability Response
Each report is acknowledged and analyzed by ClickHouse maintainers within 5 working days .
As the security issue moves from triage , to identified fix , to release planning we will keep the reporter updated .
## Public Disclosure Timing
2022-11-18 12:23:34 +00:00
A public disclosure date is negotiated by the ClickHouse maintainers and the bug submitter . We prefer to fully disclose the bug as soon as possible once a user mitigation is available . It is reasonable to delay disclosure when the bug or the fix is not yet fully understood , the solution is not well - tested , or for vendor coordination . The timeframe for disclosure is from immediate ( especially if it ' s already publicly known) to 90 days. For a vulnerability with a straightforward mitigation, we expect the report date to disclosure date to be on the order of 7 days.
"""
2023-05-03 16:05:10 +00:00
def generate_supported_versions ( ) - > str :
2022-11-18 12:23:34 +00:00
with open ( VERSIONS_FILE , " r " , encoding = " utf-8 " ) as fd :
versions = [ line . split ( maxsplit = 1 ) [ 0 ] [ 1 : ] for line in fd . readlines ( ) ]
# The versions in VERSIONS_FILE are ordered ascending, so the first one is
# the greatest one. We may have supported versions in the previous year
2023-05-03 16:05:10 +00:00
greatest_year = int ( versions [ 0 ] . split ( " . " , maxsplit = 1 ) [ 0 ] )
unsupported_year = greatest_year - 2
# 3 regular versions
regular = [ ] # type: List[str]
max_regular = 3
# 2 LTS versions, one of them could be in regular
2022-11-18 12:23:34 +00:00
lts = [ ] # type: List[str]
2023-05-03 16:05:10 +00:00
max_lts = 2
2022-11-18 12:23:34 +00:00
# The rest are unsupported
unsupported = [ ] # type: List[str]
table = [
" | Version | Supported | " ,
" |:-|:-| " ,
]
for version in versions :
year = int ( version . split ( " . " ) [ 0 ] )
month = int ( version . split ( " . " ) [ 1 ] )
version = f " { year } . { month } "
2023-05-03 16:05:10 +00:00
to_append = " "
if version in regular or version in lts :
2022-11-18 12:23:34 +00:00
continue
2023-05-03 16:05:10 +00:00
if len ( regular ) < max_regular :
regular . append ( version )
to_append = f " | { version } | ✔️ | "
if len ( lts ) < max_lts and month in [ 3 , 8 ] :
2022-11-18 12:23:34 +00:00
lts . append ( version )
2023-05-03 16:05:10 +00:00
to_append = f " | { version } | ✔️ | "
if to_append :
if len ( regular ) == max_regular and len ( lts ) == max_lts :
# if we reached the max number of supported versions, the rest
# are unsopported, so year.* will be used
unsupported_year = min ( greatest_year - 1 , year )
table . append ( to_append )
2022-11-18 12:23:34 +00:00
continue
if year < = unsupported_year :
# The whole year is unsopported
version = f " { year } .* "
if not version in unsupported :
unsupported . append ( version )
table . append ( f " | { version } | ❌ | " )
return " \n " . join ( table ) + " \n "
2023-05-03 16:05:10 +00:00
def main ( ) - > None :
2022-11-18 12:23:34 +00:00
print ( HEADER )
print ( generate_supported_versions ( ) )
print ( FOOTER )
if __name__ == " __main__ " :
main ( )