SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions
1156 commits 13 branches 34 tags 8.5 MiB
Commit graph

567 commits

Author SHA1 Message Date
Christoph Klassen
08ab318545
Merge pull request #674 from gocsaf/fix-listing-check 
Fix csaf checker listed check
 2025-09-01 11:15:24 +02:00
koplas
100e4d395b Fix csaf checker listed check 
Correctly handle URLs that are absolute.
 2025-08-26 11:58:49 +02:00
koplas
7fc5600521
Fix #669
Some checks failed
Go / build (push) Has been cancelled
Details
Go / run_modver (push) Has been cancelled
Details 
Return error when the create request failed.
 2025-08-11 08:50:02 +02:00
JanHoefelmeyer
ae184eb189
Merge pull request #655 from gocsaf/json-eof
Some checks failed
generate-markdown / auto-update-readme (push) Has been cancelled
Details
Go / build (push) Has been cancelled
Details
Go / run_modver (push) Has been cancelled
Details 
Make json parsing more strict
 2025-07-08 07:46:07 +02:00
koplas
fc3837d655
Make json parsing more strict
Some checks are pending
Go / build (push) Waiting to run
Details
Go / run_modver (push) Blocked by required conditions
Details
2025-07-02 17:06:25 +02:00
koplas
01c43d96ce
Fix checker url base handling 2025-07-02 16:27:58 +02:00
koplas
3262e2ec2a
Fix aggregator url base handling 2025-07-02 15:33:37 +02:00
Christoph Klassen
c833c00f84
Merge pull request #649 from gocsaf/url-join
Some checks failed
generate-markdown / auto-update-readme (push) Has been cancelled
Details
Go / build (push) Has been cancelled
Details
Go / run_modver (push) Has been cancelled
Details 
Use JoinPath
 2025-06-26 08:18:39 +02:00
Christoph Klassen
4066704c1a
Merge pull request #633 from gocsaf/check-prefix-url
Some checks are pending
generate-markdown / auto-update-readme (push) Waiting to run
Details
Go / build (push) Waiting to run
Details
Go / run_modver (push) Blocked by required conditions
Details 
Check if canonical url prefix is valid
 2025-06-25 17:05:09 +02:00
JanHoefelmeyer
5d37dd1339 Move PMD error from logs to report.
Some checks failed
Go / build (push) Has been cancelled
Details
Go / run_modver (push) Has been cancelled
Details
2025-06-25 09:31:50 +02:00
JanHoefelmeyer
d09db6635d Fix: Assume most restrictive role to prevent false-positives
Some checks are pending
Go / build (push) Waiting to run
Details
Go / run_modver (push) Blocked by required conditions
Details
2025-06-24 17:24:08 +02:00
koplas
3f4fe5cf18
Also generate report when role is not available 2025-06-24 17:18:42 +02:00
JanHoefelmeyer
02d4931152 Fix: Return properly early 2025-06-24 17:06:55 +02:00
koplas
1098c6add0 Use correct base URL
Some checks failed
Go / build (push) Has been cancelled
Details
Go / run_modver (push) Has been cancelled
Details
2025-06-20 16:37:37 +02:00
koplas
091854a248 Always generate report
Some checks failed
Go / build (push) Has been cancelled
Details
Go / run_modver (push) Has been cancelled
Details 
Closes #385
 2025-06-20 14:24:05 +02:00
koplas
6ac97810d0
Use JoinPath 
This avoids issues where parts of the URL are discarded.
 2025-06-19 15:11:45 +02:00
koplas
91b5b4543e
Check if canonical url prefix is valid 2025-04-03 14:41:14 +02:00
Paul Schwabauer
2f599ab017
Fix aggregator URL handling (#631) 
* Fix aggregator URL handling

Parts of the URL were not path escaped. This results in a wrong URL; if
the provider name contains characters that need to be escaped.

* Simplify JoinPath usage
 2025-04-02 17:05:29 +02:00
koplas
2c5ef1fd5f
Avoid memory leak 
Move `resp.Body.Close()` before check of status code.

Reported by @mgoetzegb here: https://github.com/gocsaf/csaf/pull/625#issuecomment-2744067770
 2025-03-24 13:32:43 +01:00
Paul Schwabauer
0848143a0b
Update lint (#626) 
* Update linter

* Format

* Fix lint
 2025-03-19 09:39:07 +01:00
Paul Schwabauer
5709b14650
Extend structured logging usage in aggregator (#622) 
* Extend structured logging usage in aggregator

* Use structured logging in advisories processor

* Remove unnecessary inner function

* Format

* Feat: Add verbose flag to example aggregator toml (in comment)

---------

Co-authored-by: JanHoefelmeyer <jan.hoefelmeyer@intevation.de>
 2025-03-19 09:04:19 +01:00
Sascha L. Teichmann
5437d8127a Store downloader in context 2025-03-17 09:10:03 +01:00
Sascha L. Teichmann
a7821265ca Move advisory downloading to download context method 2025-03-17 08:57:05 +01:00
JanHoefelmeyer
8163f57851
Compare changes dates (#609) 
* Feat: Compare dates in changes.csv to those within the files if existent

* Fix: remove debug output and fix typo

* Make map handling consistent

* Improve: refactor time extraction

* fix: some syntax fixes

* Small nits

* Fix: Check changes before stopping the scan of already tested advisories

* Revert "Fix: Check changes before stopping the scan of already tested advisories - bad way to solve the problem, can cause problems"

This reverts commit d38dc285cc.

* fix: delay checking of changes dates so it is not skipped most of the
time

* Fix time comparison

---------

Co-authored-by: koplas <pschwabauer@intevation.de>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
 2025-03-14 10:05:56 +01:00
koplas
534d6f049f Add content-type error report test 2025-03-10 12:04:46 +01:00
koplas
3cfafa8263 Report error in checker if content type is not correct 
Related: #606
 2025-03-10 11:11:34 +01:00
Paul Schwabauer
3e16741ed5
Merge pull request #554 from gocsaf/sha-handling 
Improve SHA* marking
 2025-03-10 09:40:53 +01:00
Marcus Perlick
ec0c3f9c2c
Fix potential leak of HTTP response body in downloadJSON of csaf_aggregator (#618) 2025-03-10 09:24:49 +01:00
koplas
1d1c5698da
Merge branch 'main' into sha-handling 2025-03-05 09:41:29 +01:00
JanHoefelmeyer
82a6929e4d Fix: Poor phrasing corrected 2025-01-29 09:41:16 +01:00
JanHoefelmeyer
02787b24b7 Update comments, clean up security check 2025-01-29 09:26:59 +01:00
JanHoefelmeyer
7d74543bbb Fix: Now give errors if lookup methods fail, refactor accordingly 2025-01-29 09:02:18 +01:00
Paul Schwabauer
8e5236a2b6
Merge pull request #602 from gocsaf/remote-validator-warn 
Warn if no remote validator was specified
 2025-01-23 12:40:20 +01:00
koplas
6e8c2ecc05
Check remote validator even if file validation fails 
This makes it consistent with the handling of schema
validation.
 2025-01-23 12:22:11 +01:00
koplas
59d2cef082
Fix typos 2025-01-23 11:53:57 +01:00
koplas
028f468d6f
Fix typo in error message 
Closes #608
 2025-01-23 10:32:13 +01:00
JanHoefelmeyer
b6721e1d5a Add check for missing either sha256 or sha512 hashes only 2025-01-10 11:42:54 +01:00
koplas
9275a37a9f Format 2025-01-08 08:50:30 +01:00
koplas
b8a5fa72d5 Fix nil check in downloader 2025-01-08 08:49:42 +01:00
koplas
d8e903587a Warn only if the other hash could be fetched 2024-12-18 15:37:58 +01:00
Bernhard Reiter
95ff418a27
fix: Content-Type header for JSON responses 
* Remove `charset=utf-8` parameter, which is not allowed
     for JSON, according to rfc8259.
 2024-12-18 08:55:48 +01:00
koplas
bc5d149f74 Use exit code 1 for general errors, fix documentation 2024-12-16 19:28:24 +01:00
koplas
d38150c6a0
Add testdata for individual hash forbidden tests 2024-12-16 12:57:28 +01:00
koplas
b1a7620763
Extend processor SHA fetching tests 
Allow to forbid individual hashes from downloading. This allows to for
testing the behavior, if one of the hashes could not be downloaded.
 2024-12-16 12:23:10 +01:00
koplas
9dd4b7fc8d Add tests for no hash given or available 2024-12-13 15:54:39 +01:00
koplas
a3d6d6acfb Downgrade error to info in directory hash fetching 2024-12-13 14:26:00 +01:00
koplas
df65ad13cb
Fix: return correct exit code 2024-12-10 10:13:42 +01:00
koplas
68bd04676c Add requirement checker test data 2024-12-06 13:11:07 +01:00
koplas
5b6af7a4ad WIP: Add requirement tests 2024-12-04 18:04:08 +01:00
koplas
a51964be3f Add initial csaf_checker provider test 2024-12-04 16:02:03 +01:00