SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 05:40:11 +01:00
Code Issues Releases Activity Actions

Add filename conformity check

Browse source 
* Add util function to check a filename for confirming to csaf-v2.0-csd02.
* Add code to reject bad filenames in provider, checker, aggregator and uploader.
This commit is contained in:
Sascha L. Teichmann 2022-05-20 18:57:27 +02:00 committed by GitHub
parent f6fa366ee5
commit 17f22855ee
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 99 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

4
cmd/csaf_uploader/main.go
View file

@ -277,6 +277,10 @@ func (p *processor) uploadRequest(filename string) (*http.Request, error) {
// It prints the response messages.
func (p *processor) process(filename string) error {
if bn := filepath.Base(filename); !util.ConfirmingFileName(bn) {
return fmt.Errorf("%q is not a confirming file name", bn)
}
req, err := p.uploadRequest(filename)
if err != nil {
return err