Drupal.org API: Parse SA-type advisories to intermediate match format.
Background
Given the complexity of the Drupal advisory parsing issue, I am breaking this out into a sub-issue to deal specifically with getting Drupal's advisory HTML into a machine-parseable format for release version matching. This builds on existing work done for #1 (closed) on an internal repo, which @Unifex ported over to Gitlab for us and added some enhancements on gold/drupal-org-api.
Action
Ensure that all current sa (security advisory) content from the drupal.org API can be parsed into a matching format, to be matched against Drupal core and contrib module release versions.
The drupal-org-solution-field-parsing branch has been created for this purpose.
At this point, the notional format requires a:
- Module machine name ('drupal' for core)
- A matching symbol (e.g.
'<','between') - A major (e.g.
7.x) or minor (e.g.8.3.x) release version category - One or more specific versions to match within that category
Rather than searching through the full content of the field_sa_solution HTML, it would be more efficient (and risk fewer false positives) to match patterns within UL > LI elements.
In the release version category for modules, a value such as '7.x-2.x' is acceptable, as we can split that signature out into parts, i.e. "2.x versions of this module for the 7.x Drupal core".
If Drupal.org issue #2966246 is successful, this parsing code may become redundant in future, but by splitting out the parsing and matching tasks it will be a much easier refactoring process.
Format Example test cases
| Advisory | Solution Text | Release Key | Match Object |
|---|---|---|---|
| SA-CORE-2018-001 | If you are using Drupal 8 , upgrade to Drupal 8.4.5 | drupal |
['<', '8.x', '8.4.5'] |
| ⋮ | If you are using Drupal 7 , upgrade to Drupal 7.57 | drupal |
['<', '7.x', '7.57'] |
| SA-CORE-2018-004 | If you are running 7.x, upgrade to Drupal 7.59. | drupal |
['<', '7.x', '7.59'] |
| ⋮ | If you are running 8.5.x, upgrade to Drupal 8.5.3. | drupal |
['<', '8.5.x', '8.5.3'] |
| ⋮ | If you are running 8.4.x, upgrade to Drupal 8.4.8. (Drupal 8.4.x is no longer supported) |
drupal |
['<', '8.4.x', '8.4.8'] |
| SA-CONTRIB-2018-013 | If you use the Entity API module for Drupal 7.x, upgrade to Entity API 7.x-1.9 | entity |
['<', '7.x', '7.x-1.9'] |
| SA-CONTRIB-2018-017 | If you use the Exif module for Drupal 8.x, upgrade to Exif 8.x-1.1 | exif |
['<', '8.x', '8.x-1.1'] |
| SA-CONTRIB-2018-018 | Update to Menu Import and Export 8.x-1.2. | menu-export |
['<', '8.x', '8.x-1.2'] |
| SA-CONTRIB-2018-020 | If you use the Media module for Drupal 7.x-2.x, upgrade to Media 7.x-2.19 | media |
['<', '7.x-2.x', '7.x-2.19'] |
| SA-CONTRIB-2018-021 | If you use the JSON API module for Drupal 8.x, upgrade to 8.x-1.16 | jsonapi |
['<', '8.x', '8.x-1.16'] |
| SA-CONTRIB-2018-022 | If you use the DRD module for Drupal 8.x, upgrade to DRD 8.x-3.14 | drd |
['<', '8.x', '8.x-3.14'] |
| ⋮ | If you use the DRD Agent module for Drupal 8.x, upgrade to DRD Agent 8.x-3.7 | drd_agent |
['<', '8.x', '8.x-3.7'] |