Improve hash path handling of directory feeds

2025-12-22 05:40:11 +01:00 · 2024-07-31 11:42:45 +02:00 · 2024-07-31 11:42:45 +02:00 · be2e4e7424
commit be2e4e7424
parent a131b0fb4b
3 changed files with 52 additions and 60 deletions
--- a/cmd/csaf_checker/processor.go
+++ b/cmd/csaf_checker/processor.go
@ -895,15 +895,7 @@ func (p *processor) checkIndex(base string, mask whereType) error {
 				continue
 			}

-			SHA256 := p.checkURL(u + ".sha256")
-			SHA512 := p.checkURL(u + ".sha512")
-			sign := p.checkURL(u + ".asc")
-			files = append(files, csaf.PlainAdvisoryFile{
-				Path:   u,
-				SHA256: SHA256,
-				SHA512: SHA512,
-				Sign:   sign,
-			})
+			files = append(files, csaf.DirectoryAdvisoryFile{Path: u})
 		}
 		return files, scanner.Err()
 	}()
@ -921,15 +913,6 @@ func (p *processor) checkIndex(base string, mask whereType) error {
 	return p.integrity(files, base, mask, p.badIndices.add)
 }

-// checkURL returns the URL if it is accessible.
-func (p *processor) checkURL(url string) string {
-	_, err := p.client.Head(url)
-	if err != nil {
-		return url
-	}
-	return ""
-}
-
 // checkChanges fetches the "changes.csv" and calls the "checkTLS" method for HTTPs checks.
 // It extracts the file content, tests the column number and the validity of the time format
 // of the fields' values and if they are sorted properly. Then it passes the files to the
@ -995,13 +978,9 @@ func (p *processor) checkChanges(base string, mask whereType) error {
 			}
 			path := r[pathColumn]

-			SHA256 := p.checkURL(path + ".sha256")
-			SHA512 := p.checkURL(path + ".sha512")
-			sign := p.checkURL(path + ".asc")
-
 			times, files =
 				append(times, t),
-				append(files, csaf.PlainAdvisoryFile{Path: path, SHA256: SHA256, SHA512: SHA512, Sign: sign})
+				append(files, csaf.DirectoryAdvisoryFile{Path: path})
 		}
 		return times, files, nil
 	}()
--- a/cmd/csaf_downloader/downloader.go
+++ b/cmd/csaf_downloader/downloader.go
@ -501,31 +501,31 @@ nextAdvisory:
 			signData                   []byte
 		)

-		if file.SHA256URL() == "" {
-			slog.Info("SHA256 not present", "file", file.URL())
-		} else {
-			// Only hash when we have a remote counterpart we can compare it with.
-			if remoteSHA256, s256Data, err = loadHash(client, file.SHA256URL()); err != nil {
+		// Only hash when we have a remote counterpart we can compare it with.
+		if remoteSHA256, s256Data, err = loadHash(client, file.SHA256URL()); err != nil {
+			if !file.IsDirectory() {
 				slog.Warn("Cannot fetch SHA256",
 					"url", file.SHA256URL(),
 					"error", err)
 			} else {
-				s256 = sha256.New()
-				writers = append(writers, s256)
+				slog.Info("SHA256 not present", "file", file.URL())
 			}
+		} else {
+			s256 = sha256.New()
+			writers = append(writers, s256)
 		}

-		if file.SHA512URL() == "" {
-			slog.Info("SHA512 not present", "file", file.URL())
-		} else {
-			if remoteSHA512, s512Data, err = loadHash(client, file.SHA512URL()); err != nil {
+		if remoteSHA512, s512Data, err = loadHash(client, file.SHA512URL()); err != nil {
+			if !file.IsDirectory() {
 				slog.Warn("Cannot fetch SHA512",
 					"url", file.SHA512URL(),
 					"error", err)
 			} else {
-				s512 = sha512.New()
-				writers = append(writers, s512)
+				slog.Info("SHA512 not present", "file", file.URL())
 			}
+		} else {
+			s512 = sha512.New()
+			writers = append(writers, s512)
 		}

 		// Remember the data as we need to store it to file later.
@ -757,6 +757,9 @@ func loadSignature(client util.Client, p string) (*crypto.PGPSignature, []byte,
 }

 func loadHash(client util.Client, p string) ([]byte, []byte, error) {
+	if p == "" {
+		return nil, nil, fmt.Errorf("no hash path provided")
+	}
 	resp, err := client.Get(p)
 	if err != nil {
 		return nil, nil, err