SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 05:40:11 +01:00
Code Issues Releases Activity Actions
1152 commits 13 branches 34 tags 8.5 MiB
Commit graph

1152 commits

This branch
This branch
All branches
Author SHA1 Message Date
Paul Schwabauer
5709b14650
Extend structured logging usage in aggregator (#622) 
* Extend structured logging usage in aggregator

* Use structured logging in advisories processor

* Remove unnecessary inner function

* Format

* Feat: Add verbose flag to example aggregator toml (in comment)

---------

Co-authored-by: JanHoefelmeyer <jan.hoefelmeyer@intevation.de>
 2025-03-19 09:04:19 +01:00
JanHoefelmeyer
cf4cf7c6c1
Merge pull request #625 from gocsaf/close-body-downloader 
Move advisory downloading to download context method
 2025-03-17 11:59:52 +01:00
Sascha L. Teichmann
5437d8127a Store downloader in context 2025-03-17 09:10:03 +01:00
Sascha L. Teichmann
a7821265ca Move advisory downloading to download context method 2025-03-17 08:57:05 +01:00
JanHoefelmeyer
e916f19ee4
Merge pull request #624 from gocsaf/add-acao-header 
feat: add access-control-allow-origin header
 2025-03-14 17:38:59 +01:00
koplas
17f6a3ac7e
Fix inconsistent format 2025-03-14 10:26:19 +01:00
JanHoefelmeyer
8163f57851
Compare changes dates (#609) 
* Feat: Compare dates in changes.csv to those within the files if existent

* Fix: remove debug output and fix typo

* Make map handling consistent

* Improve: refactor time extraction

* fix: some syntax fixes

* Small nits

* Fix: Check changes before stopping the scan of already tested advisories

* Revert "Fix: Check changes before stopping the scan of already tested advisories - bad way to solve the problem, can cause problems"

This reverts commit d38dc285cc.

* fix: delay checking of changes dates so it is not skipped most of the
time

* Fix time comparison

---------

Co-authored-by: koplas <pschwabauer@intevation.de>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
 2025-03-14 10:05:56 +01:00
Bernhard Reiter
527fe71992
feat: set acao header 
* adapt provider-setup.md to changes for the acao header.
 2025-03-13 18:30:38 +01:00
Bernhard Reiter
4429dd6985
feat: add access-control-allow-origin header 
.. for better access from web applications.

improve #479
 2025-03-13 18:23:28 +01:00
JanHoefelmeyer
ed55b659b4
Merge pull request #621 from gocsaf/error-charset 
Report error in checker if content type is not correct
 2025-03-13 12:34:49 +01:00
koplas
534d6f049f Add content-type error report test 2025-03-10 12:04:46 +01:00
koplas
3cfafa8263 Report error in checker if content type is not correct 
Related: #606
 2025-03-10 11:11:34 +01:00
Paul Schwabauer
3e16741ed5
Merge pull request #554 from gocsaf/sha-handling 
Improve SHA* marking
 2025-03-10 09:40:53 +01:00
Marcus Perlick
ec0c3f9c2c
Fix potential leak of HTTP response body in downloadJSON of csaf_aggregator (#618) 2025-03-10 09:24:49 +01:00
Paul Schwabauer
900dcede46
Merge pull request #619 from gocsaf/uploader-signed-docu 
Add documentation for externally signed documents
 2025-03-06 09:37:32 +01:00
Paul Schwabauer
24f9af7f26
Add documentation for externally signed documents 
Closes #607
 2025-03-05 09:55:11 +01:00
koplas
1d1c5698da
Merge branch 'main' into sha-handling 2025-03-05 09:41:29 +01:00
Paul Schwabauer
e91bdec201
Add example for iterating product id and product helper (#617) 
* Add example for iterating product id and product helper

* simplify code a bit

* Remove newline

---------

Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
 2025-03-03 17:31:21 +01:00
JanHoefelmeyer
20fdffa5cc
Merge pull request #615 from gocsaf/dev-19 
update runner for release to 22.04, other actions and go version, thus also newer glibc
 2025-03-03 11:08:38 +01:00
koplas
3afa8d8b2e
Upgrade to artifact action v4 2025-02-25 15:41:11 +01:00
Bernhard Reiter
a4a90f4f92
update go version to 1.23 2025-02-25 15:07:34 +01:00
Bernhard Reiter
6e02de974e
update release workflow dependencies and so glibc 
* Update runner to ubuntu-22.04 which is the eldest to be supported
   by github from 2025-04-01.
 * Update github actions and go version needed.
 2025-02-25 15:03:38 +01:00
JanHoefelmeyer
c208a8fc8c
Merge pull request #613 from gocsaf/errorsForLookupChecks 
Errors for lookup checks
 2025-02-07 17:31:10 +01:00
JanHoefelmeyer
82a6929e4d Fix: Poor phrasing corrected 2025-01-29 09:41:16 +01:00
JanHoefelmeyer
02787b24b7 Update comments, clean up security check 2025-01-29 09:26:59 +01:00
JanHoefelmeyer
7d74543bbb Fix: Now give errors if lookup methods fail, refactor accordingly 2025-01-29 09:02:18 +01:00
JanHoefelmeyer
69df4c0624
Merge pull request #612 from gocsaf/bernhardreiter-patch-1 
Update README.md to exchange csaf.io until it is fixed
 2025-01-29 07:38:20 +01:00
Bernhard E. Reiter
84026b682d
Update README.md to exchange csaf.io until it is fixed 2025-01-28 17:41:54 +01:00
Christoph Klassen
ed22136d49
Merge pull request #599 from gocsaf/copy-license 
Add Apache 2.0 license to root folder
 2025-01-23 13:06:36 +01:00
Paul Schwabauer
8e5236a2b6
Merge pull request #602 from gocsaf/remote-validator-warn 
Warn if no remote validator was specified
 2025-01-23 12:40:20 +01:00
koplas
6e8c2ecc05
Check remote validator even if file validation fails 
This makes it consistent with the handling of schema
validation.
 2025-01-23 12:22:11 +01:00
Christoph Klassen
93c1a0b185
Merge pull request #611 from gocsaf/label-type 
Fix typo in error message
 2025-01-23 12:11:51 +01:00
koplas
59d2cef082
Fix typos 2025-01-23 11:53:57 +01:00
koplas
028f468d6f
Fix typo in error message 
Closes #608
 2025-01-23 10:32:13 +01:00
Paul Schwabauer
5907a391df
Merge pull request #605 from gocsaf/dev-17 
fix: Content-Type header for JSON responses (minor)
 2025-01-17 19:11:49 +01:00
JanHoefelmeyer
b6721e1d5a Add check for missing either sha256 or sha512 hashes only 2025-01-10 11:42:54 +01:00
koplas
9275a37a9f Format 2025-01-08 08:50:30 +01:00
koplas
b8a5fa72d5 Fix nil check in downloader 2025-01-08 08:49:42 +01:00
koplas
8fc7f5bfad
Make documentation more explicit 2025-01-07 12:23:40 +01:00
koplas
d8e903587a Warn only if the other hash could be fetched 2024-12-18 15:37:58 +01:00
Bernhard Reiter
95ff418a27
fix: Content-Type header for JSON responses 
* Remove `charset=utf-8` parameter, which is not allowed
     for JSON, according to rfc8259.
 2024-12-18 08:55:48 +01:00
koplas
bc5d149f74 Use exit code 1 for general errors, fix documentation 2024-12-16 19:28:24 +01:00
koplas
d38150c6a0
Add testdata for individual hash forbidden tests 2024-12-16 12:57:28 +01:00
koplas
b1a7620763
Extend processor SHA fetching tests 
Allow to forbid individual hashes from downloading. This allows to for
testing the behavior, if one of the hashes could not be downloaded.
 2024-12-16 12:23:10 +01:00
koplas
9dd4b7fc8d Add tests for no hash given or available 2024-12-13 15:54:39 +01:00
koplas
ebd96011fc Revert new requirement 17 test 
Changing the ROLIE category fetching warning to info can be addressed later.
 2024-12-13 14:38:49 +01:00
koplas
a3d6d6acfb Downgrade error to info in directory hash fetching 2024-12-13 14:26:00 +01:00
JanHoefelmeyer
fc404e499c Unfix: Add should-states 2024-12-13 13:33:22 +01:00
koplas
df65ad13cb
Fix: return correct exit code 2024-12-10 10:13:42 +01:00
koplas
68bd04676c Add requirement checker test data 2024-12-06 13:11:07 +01:00