load advisories via directory_urls

2025-12-22 11:55:40 +01:00 · 2022-08-01 06:46:05 +02:00 · 2022-08-01 06:46:05 +02:00 · dce3d1f4a7
commit dce3d1f4a7
parent 8af0aeea46
2 changed files with 93 additions and 20 deletions
--- a/cmd/csaf_checker/processor.go
+++ b/cmd/csaf_checker/processor.go
@ -877,6 +877,16 @@ func (p *processor) processROLIEFeeds(domain string, feeds [][]csaf.Feed) error
 	return nil
 }

+// empty checks if list of strings contains at least one none empty string.
+func empty(arr []string) bool {
+	for _, s := range arr {
+		if s != "" {
+			return false
+		}
+	}
+	return true
+}
+
 func (p *processor) checkCSAFs(domain string) error {
 	// Check for ROLIE
 	rolie, err := p.expr.Eval("$.distributions[*].rolie.feeds", p.pmd)
@ -898,16 +908,39 @@ func (p *processor) checkCSAFs(domain string) error {
 		}
 	}

-	// No rolie feeds
+	// No rolie feeds -> try directory_urls.
+	directoryURLs, err := p.expr.Eval(
+		"$.distributions[*].directory_url", p.pmd)
+
+	var dirURLs []string
+
+	if err != nil {
+		p.badProviderMetadata.warn("extracting directory URLs failed: %v.", err)
+	} else {
+		var ok bool
+		dirURLs, ok = directoryURLs.([]string)
+		if !ok {
+			p.badProviderMetadata.warn("directory URLs are not strings.")
+		}
+	}
+
+	// Not found -> fall back to PMD url
+	if empty(dirURLs) {
 		pmdURL, err := url.Parse(p.pmdURL)
 		if err != nil {
 			return err
 		}
-	base, err := util.BaseURL(pmdURL)
+		baseURL, err := util.BaseURL(pmdURL)
 		if err != nil {
 			return err
 		}
+		dirURLs = []string{baseURL}
+	}

+	for _, base := range dirURLs {
+		if base == "" {
+			continue
+		}
 		if err := p.checkIndex(base, indexMask); err != nil && err != errContinue {
 			return err
 		}
@ -915,6 +948,7 @@ func (p *processor) checkCSAFs(domain string) error {
 		if err := p.checkChanges(base, changesMask); err != nil && err != errContinue {
 			return err
 		}
+	}

 	return nil
 }
--- a/csaf/advisories.go
+++ b/csaf/advisories.go
@ -96,6 +96,16 @@ func NewAdvisoryFileProcessor(
 	}
 }

+// empty checks if list of strings contains at least one none empty string.
+func empty(arr []string) bool {
+	for _, s := range arr {
+		if s != "" {
+			return false
+		}
+	}
+	return true
+}
+
 // Process extracts the adivisory filenames and passes them with
 // the corresponding label to fn.
 func (afp *AdvisoryFileProcessor) Process(
@ -133,7 +143,37 @@ func (afp *AdvisoryFileProcessor) Process(
 		}
 	} else {
 		// No rolie feeds -> try to load files from index.txt
-		files, err := afp.loadIndex(lg)
+
+		directoryURLs, err := afp.expr.Eval(
+			"$.distributions[*].directory_url", afp.doc)
+
+		var dirURLs []string
+
+		if err != nil {
+			lg("extracting directory URLs failed: %v\n", err)
+		} else {
+			var ok bool
+			dirURLs, ok = directoryURLs.([]string)
+			if !ok {
+				lg("directory_urls are not strings.\n")
+			}
+		}
+
+		// Not found -> fall back to PMD url
+		if empty(dirURLs) {
+			baseURL, err := util.BaseURL(afp.base)
+			if err != nil {
+				return err
+			}
+			dirURLs = []string{baseURL}
+		}
+
+		for _, base := range dirURLs {
+			if base == "" {
+				continue
+			}
+
+			files, err := afp.loadIndex(base, lg)
 			if err != nil {
 				return err
 			}
@ -141,6 +181,7 @@ func (afp *AdvisoryFileProcessor) Process(
 			if err := fn(TLPLabelWhite, files); err != nil {
 				return err
 			}
+		}
 	} // TODO: else scan directories?
 	return nil
 }
@ -148,12 +189,10 @@ func (afp *AdvisoryFileProcessor) Process(
 // loadIndex loads baseURL/index.txt and returns a list of files
 // prefixed by baseURL/.
 func (afp *AdvisoryFileProcessor) loadIndex(
+	baseURL string,
 	lg func(string, ...interface{}),
 ) ([]AdvisoryFile, error) {
-	baseURL, err := util.BaseURL(afp.base)
-	if err != nil {
-		return nil, err
-	}
+
 	base, err := url.Parse(baseURL)
 	if err != nil {
 		return nil, err