Use JoinPath

This avoids issues where parts of the URL are discarded.
2025-12-22 11:55:40 +01:00 · 2025-06-19 15:11:45 +02:00 · 2025-06-19 15:11:45 +02:00 · 6ac97810d0
commit 6ac97810d0
parent cb291bb81b
6 changed files with 37 additions and 12 deletions
--- a/cmd/csaf_checker/links.go
+++ b/cmd/csaf_checker/links.go
@ -9,6 +9,7 @@
 package main

 import (
+	"github.com/gocsaf/csaf/v3/internal/misc"
 	"io"
 	"net/http"
 	"net/url"
@ -93,7 +94,7 @@ func (pgs pages) listed(
 				return err
 			}
 			// Links may be relative
-			abs := baseURL.ResolveReference(u).String()
+			abs := misc.JoinURL(baseURL, u).String()
 			content.links.Add(abs)
 			return nil
 		})
--- a/cmd/csaf_checker/processor.go
+++ b/cmd/csaf_checker/processor.go
@ -18,6 +18,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"github.com/gocsaf/csaf/v3/internal/misc"
 	"io"
 	"log"
 	"net/http"
@ -644,7 +645,7 @@ func (p *processor) integrity(
 		}
 		fp = makeAbs(fp)

-		u := b.ResolveReference(fp).String()
+		u := misc.JoinURL(b, fp).String()

 		// Should this URL be ignored?
 		if p.cfg.ignoreURL(u) {
@ -777,7 +778,7 @@ func (p *processor) integrity(
 				continue
 			}
 			hu = makeAbs(hu)
-			hashFile := b.ResolveReference(hu).String()
+			hashFile := misc.JoinURL(b, hu).String()

 			p.checkTLS(hashFile)
 			if res, err = client.Get(hashFile); err != nil {
@ -827,7 +828,7 @@ func (p *processor) integrity(
 			continue
 		}
 		su = makeAbs(su)
-		sigFile := b.ResolveReference(su).String()
+		sigFile := misc.JoinURL(b, su).String()
 		p.checkTLS(sigFile)

 		p.badSignatures.use()
@ -1374,7 +1375,7 @@ func (p *processor) checkSecurityFolder(folder string) string {
 		return err.Error()
 	}

-	u = base.ResolveReference(up).String()
+	u = misc.JoinURL(base, up).String()
 	p.checkTLS(u)
 	if res, err = client.Get(u); err != nil {
 		return fmt.Sprintf("Cannot fetch %s from security.txt: %v", u, err)
@ -1539,7 +1540,7 @@ func (p *processor) checkPGPKeys(_ string) error {
 			continue
 		}

-		u := base.ResolveReference(up).String()
+		u := misc.JoinURL(base, up).String()
 		p.checkTLS(u)

 		res, err := client.Get(u)
--- a/cmd/csaf_checker/roliecheck.go
+++ b/cmd/csaf_checker/roliecheck.go
@ -10,6 +10,7 @@ package main

 import (
 	"errors"
+	"github.com/gocsaf/csaf/v3/internal/misc"
 	"net/http"
 	"net/url"
 	"sort"
@ -237,7 +238,7 @@ func (p *processor) processROLIEFeeds(feeds [][]csaf.Feed) error {
 				p.badProviderMetadata.error("Invalid URL %s in feed: %v.", *feed.URL, err)
 				continue
 			}
-			feedBase := base.ResolveReference(up)
+			feedBase := misc.JoinURL(base, up)
 			feedURL := feedBase.String()
 			p.checkTLS(feedURL)

@ -270,7 +271,7 @@ func (p *processor) processROLIEFeeds(feeds [][]csaf.Feed) error {
 				continue
 			}

-			feedURL := base.ResolveReference(up)
+			feedURL := misc.JoinURL(base, up)
 			feedBase, err := util.BaseURL(feedURL)
 			if err != nil {
 				p.badProviderMetadata.error("Bad base path: %v", err)
@ -325,7 +326,7 @@ func (p *processor) processROLIEFeeds(feeds [][]csaf.Feed) error {
 				continue
 			}

-			feedBase := base.ResolveReference(up)
+			feedBase := misc.JoinURL(base, up)
 			makeAbs := makeAbsolute(feedBase)
 			label := defaults(feed.TLPLabel, csaf.TLPLabelUnlabeled)