SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 05:40:11 +01:00
Code Issues Releases Activity Actions
1116 commits 13 branches 34 tags 8.5 MiB
Commit graph

1116 commits

This branch
This branch
All branches
Author SHA1 Message Date
Christoph Klassen
ce886f138a
Merge pull request #648 from gocsaf/update-modver
Some checks failed
generate-markdown / auto-update-readme (push) Has been cancelled
Details 
Update modver
 2025-06-20 08:59:50 +02:00
koplas
cb291bb81b
Update modver 2025-06-19 14:39:02 +02:00
Christoph Klassen
12cde3aa3c
Merge pull request #637 from gocsaf/api-break-action
Some checks failed
generate-markdown / auto-update-readme (push) Has been cancelled
Details
Go / build (push) Has been cancelled
Details
Go / run_modver (push) Has been cancelled
Details 
Add semver breaking changes detection
 2025-06-18 09:04:37 +02:00
Christoph Klassen
fa1861385a
Merge pull request #643 from gocsaf/jsonschema-upgrade 
Upgrade jsonschema to v6
 2025-06-18 08:51:06 +02:00
koplas
dcdbc5d49d
Add semver breaking changes detection 2025-06-13 18:50:57 +02:00
koplas
34705f3c6e Address comments
Some checks failed
Go / build (push) Has been cancelled
Details
2025-06-13 11:01:43 +02:00
koplas
6955c4e37c Upgrade node.js and format workflow file 2025-06-13 10:19:21 +02:00
koplas
fc64bf7165
Upgrade jsonschema to v6 2025-06-12 15:53:39 +02:00
JanHoefelmeyer
161ec1f15c
Merge pull request #635 from gocsaf/remove-golint-action
Some checks failed
generate-markdown / auto-update-readme (push) Has been cancelled
Details 
Remove golint github action
 2025-06-10 07:45:56 +02:00
Christoph Klassen
3ab00e8759
Remove golint github action 
We use Revive already which is a replacement for golint and golint isn't maintained anyway.
 2025-05-28 11:30:46 +02:00
Paul Schwabauer
2f599ab017
Fix aggregator URL handling (#631) 
* Fix aggregator URL handling

Parts of the URL were not path escaped. This results in a wrong URL; if
the provider name contains characters that need to be escaped.

* Simplify JoinPath usage
 2025-04-02 17:05:29 +02:00
JanHoefelmeyer
a05ba731dd
Merge pull request #629 from gocsaf/body-close 
Avoid memory leak
 2025-03-25 08:20:22 +01:00
koplas
2c5ef1fd5f
Avoid memory leak 
Move `resp.Body.Close()` before check of status code.

Reported by @mgoetzegb here: https://github.com/gocsaf/csaf/pull/625#issuecomment-2744067770
 2025-03-24 13:32:43 +01:00
Paul Schwabauer
0848143a0b
Update lint (#626) 
* Update linter

* Format

* Fix lint
 2025-03-19 09:39:07 +01:00
Paul Schwabauer
5709b14650
Extend structured logging usage in aggregator (#622) 
* Extend structured logging usage in aggregator

* Use structured logging in advisories processor

* Remove unnecessary inner function

* Format

* Feat: Add verbose flag to example aggregator toml (in comment)

---------

Co-authored-by: JanHoefelmeyer <jan.hoefelmeyer@intevation.de>
 2025-03-19 09:04:19 +01:00
JanHoefelmeyer
cf4cf7c6c1
Merge pull request #625 from gocsaf/close-body-downloader 
Move advisory downloading to download context method
 2025-03-17 11:59:52 +01:00
Sascha L. Teichmann
5437d8127a Store downloader in context 2025-03-17 09:10:03 +01:00
Sascha L. Teichmann
a7821265ca Move advisory downloading to download context method 2025-03-17 08:57:05 +01:00
JanHoefelmeyer
e916f19ee4
Merge pull request #624 from gocsaf/add-acao-header 
feat: add access-control-allow-origin header
 2025-03-14 17:38:59 +01:00
koplas
17f6a3ac7e
Fix inconsistent format 2025-03-14 10:26:19 +01:00
JanHoefelmeyer
8163f57851
Compare changes dates (#609) 
* Feat: Compare dates in changes.csv to those within the files if existent

* Fix: remove debug output and fix typo

* Make map handling consistent

* Improve: refactor time extraction

* fix: some syntax fixes

* Small nits

* Fix: Check changes before stopping the scan of already tested advisories

* Revert "Fix: Check changes before stopping the scan of already tested advisories - bad way to solve the problem, can cause problems"

This reverts commit d38dc285cc.

* fix: delay checking of changes dates so it is not skipped most of the
time

* Fix time comparison

---------

Co-authored-by: koplas <pschwabauer@intevation.de>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
 2025-03-14 10:05:56 +01:00
Bernhard Reiter
527fe71992
feat: set acao header 
* adapt provider-setup.md to changes for the acao header.
 2025-03-13 18:30:38 +01:00
Bernhard Reiter
4429dd6985
feat: add access-control-allow-origin header 
.. for better access from web applications.

improve #479
 2025-03-13 18:23:28 +01:00
JanHoefelmeyer
ed55b659b4
Merge pull request #621 from gocsaf/error-charset 
Report error in checker if content type is not correct
 2025-03-13 12:34:49 +01:00
koplas
534d6f049f Add content-type error report test 2025-03-10 12:04:46 +01:00
koplas
3cfafa8263 Report error in checker if content type is not correct 
Related: #606
 2025-03-10 11:11:34 +01:00
Paul Schwabauer
3e16741ed5
Merge pull request #554 from gocsaf/sha-handling 
Improve SHA* marking
 2025-03-10 09:40:53 +01:00
Marcus Perlick
ec0c3f9c2c
Fix potential leak of HTTP response body in downloadJSON of csaf_aggregator (#618) 2025-03-10 09:24:49 +01:00
Paul Schwabauer
900dcede46
Merge pull request #619 from gocsaf/uploader-signed-docu 
Add documentation for externally signed documents
 2025-03-06 09:37:32 +01:00
Paul Schwabauer
24f9af7f26
Add documentation for externally signed documents 
Closes #607
 2025-03-05 09:55:11 +01:00
koplas
1d1c5698da
Merge branch 'main' into sha-handling 2025-03-05 09:41:29 +01:00
Paul Schwabauer
e91bdec201
Add example for iterating product id and product helper (#617) 
* Add example for iterating product id and product helper

* simplify code a bit

* Remove newline

---------

Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
 2025-03-03 17:31:21 +01:00
JanHoefelmeyer
20fdffa5cc
Merge pull request #615 from gocsaf/dev-19 
update runner for release to 22.04, other actions and go version, thus also newer glibc
 2025-03-03 11:08:38 +01:00
koplas
3afa8d8b2e
Upgrade to artifact action v4 2025-02-25 15:41:11 +01:00
Bernhard Reiter
a4a90f4f92
update go version to 1.23 2025-02-25 15:07:34 +01:00
Bernhard Reiter
6e02de974e
update release workflow dependencies and so glibc 
* Update runner to ubuntu-22.04 which is the eldest to be supported
   by github from 2025-04-01.
 * Update github actions and go version needed.
 2025-02-25 15:03:38 +01:00
JanHoefelmeyer
c208a8fc8c
Merge pull request #613 from gocsaf/errorsForLookupChecks 
Errors for lookup checks
 2025-02-07 17:31:10 +01:00
JanHoefelmeyer
82a6929e4d Fix: Poor phrasing corrected 2025-01-29 09:41:16 +01:00
JanHoefelmeyer
02787b24b7 Update comments, clean up security check 2025-01-29 09:26:59 +01:00
JanHoefelmeyer
7d74543bbb Fix: Now give errors if lookup methods fail, refactor accordingly 2025-01-29 09:02:18 +01:00
JanHoefelmeyer
69df4c0624
Merge pull request #612 from gocsaf/bernhardreiter-patch-1 
Update README.md to exchange csaf.io until it is fixed
 2025-01-29 07:38:20 +01:00
Bernhard E. Reiter
84026b682d
Update README.md to exchange csaf.io until it is fixed 2025-01-28 17:41:54 +01:00
Christoph Klassen
ed22136d49
Merge pull request #599 from gocsaf/copy-license 
Add Apache 2.0 license to root folder
 2025-01-23 13:06:36 +01:00
Paul Schwabauer
8e5236a2b6
Merge pull request #602 from gocsaf/remote-validator-warn 
Warn if no remote validator was specified
 2025-01-23 12:40:20 +01:00
koplas
6e8c2ecc05
Check remote validator even if file validation fails 
This makes it consistent with the handling of schema
validation.
 2025-01-23 12:22:11 +01:00
Christoph Klassen
93c1a0b185
Merge pull request #611 from gocsaf/label-type 
Fix typo in error message
 2025-01-23 12:11:51 +01:00
koplas
59d2cef082
Fix typos 2025-01-23 11:53:57 +01:00
koplas
028f468d6f
Fix typo in error message 
Closes #608
 2025-01-23 10:32:13 +01:00
Paul Schwabauer
5907a391df
Merge pull request #605 from gocsaf/dev-17 
fix: Content-Type header for JSON responses (minor)
 2025-01-17 19:11:49 +01:00
JanHoefelmeyer
b6721e1d5a Add check for missing either sha256 or sha512 hashes only 2025-01-10 11:42:54 +01:00