Commit 920dbc62 authored by Leo's avatar Leo
Browse files

secfixes-check: check for wrong indentation of CVE identifiers

parent fe2cdf05
......@@ -60,21 +60,57 @@ function readFile(file)
-- the end, match anything since we check later if this key is
-- actually writen with a valid pkgver and pkgrel
---
if l:match("^%s%s%S*[^:]$") then
if l:match("^%s%s[%d]%S*[^:]$") then
violation("missing colon on '"..l:gsub("%s%s", "").."'", linenum, "38", "SC")
-- Add the colon at the end to represent a string
l = l..":"
end
---
-- Check if the CVE Identifier has a prefixed hyphen to indicate it
-- is a value inside the table
-- Checks for possible CVE identifiers with the wrong identation
-- so match anything that doesn't start with 4 whitespaces and
-- then match everything that has 5 whitespaces or more so we
-- catch everything that is not purely 4 whitespaces and then
-- not an whitespace
---
if l:match("^%s%s%s%s") then
if not l:match("^%s%s%s%s%- ") then
if not (l:match("^%s%s%s%s") or l:match("^%s%s%s%s%s")) then
le = l:gsub("^%s+", "")
---
-- Check if they begin with '- ' that means they have the correct mapping
-- for yaml and merely have the wrong indentation
---
if le:match("^%-%s") then
violation("CVE identifier identation is 5 whitespaces", linenum, "47", "SC")
l = le:gsub("^", " ")
end
---
-- Check if they begin with an integer and are followed by a collection exclusively
-- composed of integers and hyphens until the end. That means they are missing the
-- correct yaml mapping and the CVE identifier
---
if (le:match("^%d[%d%-]*$") or le:match("^%-[%d%-]*$")) then
violation("CVE identifier identation is 5 whitespaces", linenum, "47", "SC")
violation("missing hyphen on '"..l:gsub("^%s+", "").."'", linenum, "41", "SC")
-- If the string doesn't start with a hyphen then add it
-- we will add the '- CVE' later
if le:sub(1, 1) ~= "-" then
le = '-'..le
end
l = le:gsub("^", " - CVE")
end
---
-- Check if they begin with 'CVE' that means they are missing the correct mapping
-- for yaml
---
if le:match("^CVE") then
violation("missing hyphen on '"..l:gsub("^%s+", "").."'", linenum, "41", "SC")
l = l:gsub("^ ", " - ")
violation("CVE identifier identation is 5 whitespaces", linenum, "47", "SC")
l = le:gsub("^", " - ")
end
end
if (l:match("^%s%s%s%s") and not l:match("^%s%s%s%s%- ")) then
violation("missing hyphen on '"..l:gsub("^%s+", "").."'", linenum, "41", "SC")
l = l:gsub("^%s+", " - ")
end
y["yaml"] = y["yaml"]..l.."\n"
y["str"][linenum] = l
line = f:read("*line")
......@@ -95,7 +131,7 @@ function checkRel(str, line)
violation("invalid pkgrel", line, "40", "SC")
end
-- Check if the pkgver value is made up only of valid charachters
if not str:match("^[%d%.%-%_a-zA-Z]*%-r") then
if not str:match("^%d[%d%.%-%_a-zA-Z]*%-r") then
violation("invalid pkgver", line, "39", "SC")
end
end
......@@ -132,9 +168,9 @@ function verify(str)
assert(type(data.secfixes) == "table", "secfixes is not a table")
for k,v in pairs(data.secfixes) do
assert(type(k) == "not a string: "..tostring(k))
assert(type(k) == "string", "not a string: "..tostring(k))
assert(string.match(k, "^[%d]+"), "invalid string: "..tostring(k))
assert(type(v) == "not a table: "..k)
assert(type(v) == "table", "not a table: "..k)
end
end
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment