mirror of
https://github.com/gocsaf/csaf.git
synced 2025-12-22 11:55:40 +01:00
Use JoinPath
This avoids issues where parts of the URL are discarded.
This commit is contained in:
koplas
parent
cb291bb81b
commit
6ac97810d0
6 changed files with 37 additions and 12 deletions
|
|
@ -9,6 +9,7 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"github.com/gocsaf/csaf/v3/internal/misc"
|
||||||
"io"
|
"io"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
|
@ -93,7 +94,7 @@ func (pgs pages) listed(
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
// Links may be relative
|
// Links may be relative
|
||||||
abs := baseURL.ResolveReference(u).String()
|
abs := misc.JoinURL(baseURL, u).String()
|
||||||
content.links.Add(abs)
|
content.links.Add(abs)
|
||||||
return nil
|
return nil
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,7 @@ import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"github.com/gocsaf/csaf/v3/internal/misc"
|
||||||
"io"
|
"io"
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
@ -644,7 +645,7 @@ func (p *processor) integrity(
|
||||||
}
|
}
|
||||||
fp = makeAbs(fp)
|
fp = makeAbs(fp)
|
||||||
|
|
||||||
u := b.ResolveReference(fp).String()
|
u := misc.JoinURL(b, fp).String()
|
||||||
|
|
||||||
// Should this URL be ignored?
|
// Should this URL be ignored?
|
||||||
if p.cfg.ignoreURL(u) {
|
if p.cfg.ignoreURL(u) {
|
||||||
|
|
@ -777,7 +778,7 @@ func (p *processor) integrity(
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
hu = makeAbs(hu)
|
hu = makeAbs(hu)
|
||||||
hashFile := b.ResolveReference(hu).String()
|
hashFile := misc.JoinURL(b, hu).String()
|
||||||
|
|
||||||
p.checkTLS(hashFile)
|
p.checkTLS(hashFile)
|
||||||
if res, err = client.Get(hashFile); err != nil {
|
if res, err = client.Get(hashFile); err != nil {
|
||||||
|
|
@ -827,7 +828,7 @@ func (p *processor) integrity(
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
su = makeAbs(su)
|
su = makeAbs(su)
|
||||||
sigFile := b.ResolveReference(su).String()
|
sigFile := misc.JoinURL(b, su).String()
|
||||||
p.checkTLS(sigFile)
|
p.checkTLS(sigFile)
|
||||||
|
|
||||||
p.badSignatures.use()
|
p.badSignatures.use()
|
||||||
|
|
@ -1374,7 +1375,7 @@ func (p *processor) checkSecurityFolder(folder string) string {
|
||||||
return err.Error()
|
return err.Error()
|
||||||
}
|
}
|
||||||
|
|
||||||
u = base.ResolveReference(up).String()
|
u = misc.JoinURL(base, up).String()
|
||||||
p.checkTLS(u)
|
p.checkTLS(u)
|
||||||
if res, err = client.Get(u); err != nil {
|
if res, err = client.Get(u); err != nil {
|
||||||
return fmt.Sprintf("Cannot fetch %s from security.txt: %v", u, err)
|
return fmt.Sprintf("Cannot fetch %s from security.txt: %v", u, err)
|
||||||
|
|
@ -1539,7 +1540,7 @@ func (p *processor) checkPGPKeys(_ string) error {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
u := base.ResolveReference(up).String()
|
u := misc.JoinURL(base, up).String()
|
||||||
p.checkTLS(u)
|
p.checkTLS(u)
|
||||||
|
|
||||||
res, err := client.Get(u)
|
res, err := client.Get(u)
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,7 @@ package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
|
"github.com/gocsaf/csaf/v3/internal/misc"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"sort"
|
"sort"
|
||||||
|
|
@ -237,7 +238,7 @@ func (p *processor) processROLIEFeeds(feeds [][]csaf.Feed) error {
|
||||||
p.badProviderMetadata.error("Invalid URL %s in feed: %v.", *feed.URL, err)
|
p.badProviderMetadata.error("Invalid URL %s in feed: %v.", *feed.URL, err)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
feedBase := base.ResolveReference(up)
|
feedBase := misc.JoinURL(base, up)
|
||||||
feedURL := feedBase.String()
|
feedURL := feedBase.String()
|
||||||
p.checkTLS(feedURL)
|
p.checkTLS(feedURL)
|
||||||
|
|
||||||
|
|
@ -270,7 +271,7 @@ func (p *processor) processROLIEFeeds(feeds [][]csaf.Feed) error {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
feedURL := base.ResolveReference(up)
|
feedURL := misc.JoinURL(base, up)
|
||||||
feedBase, err := util.BaseURL(feedURL)
|
feedBase, err := util.BaseURL(feedURL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
p.badProviderMetadata.error("Bad base path: %v", err)
|
p.badProviderMetadata.error("Bad base path: %v", err)
|
||||||
|
|
@ -325,7 +326,7 @@ func (p *processor) processROLIEFeeds(feeds [][]csaf.Feed) error {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
feedBase := base.ResolveReference(up)
|
feedBase := misc.JoinURL(base, up)
|
||||||
makeAbs := makeAbsolute(feedBase)
|
makeAbs := makeAbsolute(feedBase)
|
||||||
label := defaults(feed.TLPLabel, csaf.TLPLabelUnlabeled)
|
label := defaults(feed.TLPLabel, csaf.TLPLabelUnlabeled)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -343,7 +343,7 @@ func (d *downloader) loadOpenPGPKeys(
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
u := base.ResolveReference(up).String()
|
u := base.JoinPath(up.Path).String()
|
||||||
|
|
||||||
res, err := client.Get(u)
|
res, err := client.Get(u)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -12,6 +12,7 @@ import (
|
||||||
"context"
|
"context"
|
||||||
"encoding/csv"
|
"encoding/csv"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"github.com/gocsaf/csaf/v3/internal/misc"
|
||||||
"io"
|
"io"
|
||||||
"log/slog"
|
"log/slog"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
@ -281,7 +282,7 @@ func (afp *AdvisoryFileProcessor) processROLIE(
|
||||||
slog.Error("Invalid URL in feed", "feed", *feed.URL, "err", err)
|
slog.Error("Invalid URL in feed", "feed", *feed.URL, "err", err)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
feedURL := afp.base.ResolveReference(up)
|
feedURL := misc.JoinURL(afp.base, up)
|
||||||
slog.Info("Got feed URL", "feed", feedURL)
|
slog.Info("Got feed URL", "feed", feedURL)
|
||||||
|
|
||||||
fb, err := util.BaseURL(feedURL)
|
fb, err := util.BaseURL(feedURL)
|
||||||
|
|
@ -325,7 +326,7 @@ func (afp *AdvisoryFileProcessor) processROLIE(
|
||||||
slog.Error("Invalid URL", "url", u, "err", err)
|
slog.Error("Invalid URL", "url", u, "err", err)
|
||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
return feedBaseURL.ResolveReference(p).String()
|
return misc.JoinURL(feedBaseURL, p).String()
|
||||||
}
|
}
|
||||||
|
|
||||||
rfeed.Entries(func(entry *Entry) {
|
rfeed.Entries(func(entry *Entry) {
|
||||||
|
|
|
||||||
21
internal/misc/url.go
Normal file
21
internal/misc/url.go
Normal file
|
|
@ -0,0 +1,21 @@
|
||||||
|
// This file is Free Software under the Apache-2.0 License
|
||||||
|
// without warranty, see README.md and LICENSES/Apache-2.0.txt for details.
|
||||||
|
//
|
||||||
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
//
|
||||||
|
// SPDX-FileCopyrightText: 2025 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
|
||||||
|
// Software-Engineering: 2025 Intevation GmbH <https://intevation.de>
|
||||||
|
|
||||||
|
package misc
|
||||||
|
|
||||||
|
import "net/url"
|
||||||
|
|
||||||
|
// JoinURL joins the two URLs while preserving the query and fragment part of the latter.
|
||||||
|
func JoinURL(baseURL *url.URL, relativeURL *url.URL) *url.URL {
|
||||||
|
u := baseURL.JoinPath(relativeURL.Path)
|
||||||
|
u.RawQuery = relativeURL.RawQuery
|
||||||
|
u.RawFragment = relativeURL.RawFragment
|
||||||
|
// Enforce https, this is required if the base url was only a domain
|
||||||
|
u.Scheme = "https"
|
||||||
|
return u
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue