refactor(secfixes-check): use integer comparison for days and months

c528c1a3 · Leo · d892a86d · c528c1a3
Commit c528c1a3 authored Apr 03, 2020 by Leo
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 62 deletions

secfixes-check secfixes-check +5 -62

No files found.
--- a/secfixes-check
+++ b/secfixes-check
 #!/usr/bin/lua5.3

-local function has(set, neddle)
-	for _, v in ipairs(set) do
-		if v == neddle then
-			return true
-		end
-	end
-	return false
-end
-
 local function violation(str, line, tag, sevcer)
 	if os.getenv('SKIP_AL'..tag) then
 		return
@@ -138,55 +129,6 @@ end

 --- Check the GNUTLS identifier for validy
 local function checkGNUTLS(str, line)
-	local days = {
-		"01",
-		"02",
-		"03",
-		"04",
-		"05",
-		"06",
-		"07",
-		"08",
-		"09",
-		"10",
-		"11",
-		"12",
-		"13",
-		"14",
-		"15",
-		"16",
-		"17",
-		"18",
-		"19",
-		"20",
-		"21",
-		"22",
-		"23",
-		"24",
-		"25",
-		"26",
-		"27",
-		"28",
-		"29",
-		"30",
-		"31"
-	}
-
-	local months = {
-		"01",
-		"02",
-		"03",
-		"04",
-		"05",
-		"06",
-		"07",
-		"08",
-		"09",
-		"10",
-		"11",
-		"12"
-	}
-
 	str = str:gsub("^GNUTLS%-SA", "")

 	---
@@ -194,6 +136,7 @@ local function checkGNUTLS(str, line)
 	---
 	if str:len() == 0 then
 		violation("GNUTLS-SA identifier given is empty", line, "51", "SC")
+		return
 	end
 	-- GNUTLS-SA Identifirs are made up of only integers and hyphens after the CVE- prefix
 	if not str:match("^%-[%d%-]*$") then
@@ -208,12 +151,12 @@ local function checkGNUTLS(str, line)
 		violation("GNUTLS-SA ID given has a bad month, it needs to be in MM format", line, "51", "SC")
 	else
 		-- Extract the month
-		local substr = str:sub(7, 8)
+		local month = tonumber(str:sub(7, 8))
 		---
 		-- Check if we have the substring in our set of months, if not then the
 		-- user gave us an invalid month
 		---
-		if not has(months, substr) then
+		if (month < 1 or month > 12) then
 			violation("GNUTLS-SA ID has invalid month, it must be between 01 and 12", line, "51", "SC")
 		end
 	end
@@ -221,12 +164,12 @@ local function checkGNUTLS(str, line)
 		violation("GNUTLS-SA ID given has a bad day, it needs to be in DD format", line, "51", "SC")
 	else
 		-- Extract the day
-		local substr = str:sub(10, 11)
+		local day = tonumber(str:sub(10, 11))
 		---
 		-- Check if we have the substring in our set of days, if not then the
 		-- user gave us an invalid day
 		---
-		if not has(days, substr) then
+		if (day < 1 or day > 31) then
 			violation("GNUTLS-SA ID given has a bad day, it needs to be between 01 and 31", line, "51", "SC")
 		end
 	end