Merge pull request #621 from gocsaf/error-charset

Report error in checker if content type is not correct

cmd/csaf_checker/processor.go

@@ -678,9 +678,9 @@ func (p *processor) integrity(
 			continue
 		}
 
-		// Warn if we do not get JSON.
+		// Error if we do not get JSON.
 		if ct := res.Header.Get("Content-Type"); ct != "application/json" {
-			lg(WarnType,
+			lg(ErrorType,
 				"The content type of %s should be 'application/json' but is '%s'",
 				u, ct)
 		}

cmd/csaf_checker/processor_test.go

@@ -14,6 +14,8 @@ import (
 	"net/http/httptest"
 	"os"
 	"reflect"
+	"slices"
+	"strings"
 	"testing"
 	"text/template"
 
@@ -65,6 +67,57 @@ func getRequirementTestData(t *testing.T, params testutil.ProviderParams, direct
 	return requirement
 }
 
+func TestContentTypeReport(t *testing.T) {
+	serverURL := ""
+	params := testutil.ProviderParams{
+		URL:             "",
+		EnableSha256:    true,
+		EnableSha512:    true,
+		ForbidSha256:    true,
+		ForbidSha512:    true,
+		JSONContentType: "application/json; charset=utf-8",
+	}
+	server := httptest.NewTLSServer(testutil.ProviderHandler(&params, false))
+	defer server.Close()
+
+	serverURL = server.URL
+	params.URL = server.URL
+
+	hClient := server.Client()
+	client := util.Client(hClient)
+
+	cfg := config{}
+	err := cfg.prepare()
+	if err != nil {
+		t.Fatalf("SHA marking config failed: %v", err)
+	}
+	p, err := newProcessor(&cfg)
+	if err != nil {
+		t.Fatalf("could not init downloader: %v", err)
+	}
+	p.client = client
+
+	report, err := p.run([]string{serverURL + "/provider-metadata.json"})
+	if err != nil {
+		t.Errorf("Content-Type-Report: Expected no error, got: %v", err)
+	}
+
+	got := report.Domains[0].Requirements
+	idx := slices.IndexFunc(got, func(e *Requirement) bool {
+		return e.Num == 7
+	})
+	if idx == -1 {
+		t.Error("Content-Type-Report: Could not find requirement")
+	} else {
+		message := got[idx].Messages[0]
+		if message.Type != ErrorType || !strings.Contains(message.Text, "should be 'application/json'") {
+			t.Errorf("Content-Type-Report: Content Type Error, got %v", message)
+		}
+	}
+
+	p.close()
+}
+
 func TestShaMarking(t *testing.T) {
 	tests := []struct {
 		name              string

internal/testutil/testutil.go

@@ -18,11 +18,12 @@ import (
 
 // ProviderParams configures the test provider.
 type ProviderParams struct {
-	URL          string
-	EnableSha256 bool
-	EnableSha512 bool
-	ForbidSha256 bool
-	ForbidSha512 bool
+	URL             string
+	EnableSha256    bool
+	EnableSha512    bool
+	ForbidSha256    bool
+	ForbidSha512    bool
+	JSONContentType string
 }
 
 // ProviderHandler returns a test provider handler with the specified configuration.
@@ -35,6 +36,11 @@ func ProviderHandler(params *ProviderParams, directoryProvider bool) http.Handle
 			path += "simple-rolie-provider"
 		}
 
+		jsonContenType := "application/json"
+		if params.JSONContentType != "" {
+			jsonContenType = params.JSONContentType
+		}
+
 		path += r.URL.Path
 
 		if strings.HasSuffix(r.URL.Path, "/") {
@@ -50,7 +56,7 @@ func ProviderHandler(params *ProviderParams, directoryProvider bool) http.Handle
 		case strings.HasSuffix(path, ".html"):
 			w.Header().Add("Content-Type", "text/html")
 		case strings.HasSuffix(path, ".json"):
-			w.Header().Add("Content-Type", "application/json")
+			w.Header().Add("Content-Type", jsonContenType)
 		case (strings.HasSuffix(path, ".sha256")) && params.ForbidSha256:
 			w.WriteHeader(http.StatusForbidden)
 			return