Add filename conformity check

* Add util function to check a filename for confirming to csaf-v2.0-csd02. * Add code to reject bad filenames in provider, checker, aggregator and uploader.
2025-12-22 05:40:11 +01:00 · 2022-05-20 18:57:27 +02:00 · 2022-05-20 18:57:27 +02:00 · 17f22855ee
commit 17f22855ee
parent f6fa366ee5
6 changed files with 99 additions and 9 deletions
--- a/cmd/csaf_provider/actions.go
+++ b/cmd/csaf_provider/actions.go
@ -39,6 +39,10 @@ func (c *controller) loadCSAF(r *http.Request) (string, []byte, error) {
 	}
 	defer file.Close()

+	if !util.ConfirmingFileName(handler.Filename) {
+		return "", nil, errors.New("given csaf filename is not confirming")
+	}
+
 	var buf bytes.Buffer
 	if _, err := io.Copy(&buf, c.cfg.uploadLimiter(file)); err != nil {
 		return "", nil, err