SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Fix potential leak of HTTP response body in downloadJSON of csaf_aggregator (#618)

Browse source
This commit is contained in:
Marcus Perlick 2025-03-10 09:24:49 +01:00 committed by GitHub
parent 900dcede46
commit ec0c3f9c2c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 7 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
cmd/csaf_aggregator/client.go
View file

@ -10,6 +10,7 @@ package main
import (
"errors"
"fmt"
"io"
"net/http"
@ -20,13 +21,14 @@ var errNotFound = errors.New("not found")
func downloadJSON(c util.Client, url string, found func(io.Reader) error) error {
res, err := c.Get(url)
if err != nil || res.StatusCode != http.StatusOK ||
if err != nil {
return fmt.Errorf("not found: %w", err)
}
defer res.Body.Close()
if res.StatusCode != http.StatusOK ||
res.Header.Get("Content-Type") != "application/json" {
// ignore this as it is expected.
return errNotFound
}
return func() error {
defer res.Body.Close()
return found(res.Body)
}()
}