SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 05:40:11 +01:00
Code Issues Releases Activity Actions

Check that filename matches ID in csaf_provider

Browse source
This commit is contained in:
Bernhard Herzog 2023-05-09 18:46:00 +02:00
parent c37b127d82
commit 6a91c29baf
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
cmd/csaf_provider/actions.go
View file

@ -196,6 +196,11 @@ func (c *controller) upload(r *http.Request) (any, error) {
return nil, err
}
if util.CleanFileName(ex.ID) != newCSAF {
return nil, fmt.Errorf("ID %q does not match filename %s",
ex.ID, newCSAF)
}
// Check if we have to search for dynamic categories.
var dynamicCategories []string
if catExprs := c.cfg.DynamicCategories(); len(catExprs) > 0 {