SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 18:15:42 +01:00
Code Issues Releases Activity Actions

Add filename conformity check

Browse source 
* Add util function to check a filename for confirming to csaf-v2.0-csd02.
* Add code to reject bad filenames in provider, checker, aggregator and uploader.
This commit is contained in:
Sascha L. Teichmann 2022-05-20 18:57:27 +02:00 committed by GitHub
parent f6fa366ee5
commit 17f22855ee
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 99 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

8
cmd/csaf_aggregator/mirror.go
View file

@ -419,7 +419,13 @@ func (w *worker) mirrorFiles(tlpLabel *csaf.TLPLabel, files []string) error {
log.Printf("error: %s\n", err)
continue
}
filename := util.CleanFileName(filepath.Base(u.Path))
// Ignore not confirming filenames.
filename := filepath.Base(u.Path)
if !util.ConfirmingFileName(filename) {
log.Printf("Not confirming filename %q. Ignoring.\n", filename)
continue
}
var advisory interface{}