SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Merge pull request #365 from csaf-poc/filename-id

Browse source 
Check that filename matches /document/tracking/id
This commit is contained in:
JanHoefelmeyer 2023-05-16 08:50:48 +02:00 committed by GitHub
commit 4461bd6892
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 52 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
cmd/csaf_checker/processor.go
View file

@ -512,6 +512,12 @@ func (p *processor) integrity(
p.invalidAdvisories.error("CSAF file %s has %d validation errors.", u, len(errors))
}
if err := util.IDMatchesFilename(p.expr, doc, filepath.Base(u)); err != nil {
p.invalidAdvisories.error("%s: %v\n", u, err)
continue
}
// Validate against remote validator.
if p.validator != nil {
if rvr, err := p.validator.Validate(doc); err != nil {