SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Fix potential leak of HTTP response body in downloadJSON of csaf_aggregator (#618)

Browse source
This commit is contained in:
Marcus Perlick 2025-03-10 09:24:49 +01:00 committed by GitHub
parent 900dcede46
commit ec0c3f9c2c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 7 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

12
cmd/csaf_aggregator/client.go
View file

@ -10,6 +10,7 @@ package main
import ( import (
"errors" "errors"
"fmt"
"io" "io"
"net/http" "net/http"
@ -20,13 +21,14 @@ var errNotFound = errors.New("not found")
func downloadJSON(c util.Client, url string, found func(io.Reader) error) error { func downloadJSON(c util.Client, url string, found func(io.Reader) error) error {
res, err := c.Get(url) res, err := c.Get(url)
if err != nil || res.StatusCode != http.StatusOK || if err != nil {
return fmt.Errorf("not found: %w", err)
}
defer res.Body.Close()
if res.StatusCode != http.StatusOK ||
res.Header.Get("Content-Type") != "application/json" { res.Header.Get("Content-Type") != "application/json" {
// ignore this as it is expected. // ignore this as it is expected.
return errNotFound return errNotFound
} }
return func() error { return found(res.Body)
defer res.Body.Close()
return found(res.Body)
}()
} }