Commit e2f1240e authored by Leo's avatar Leo
Browse files


parent b4d147df
......@@ -109,26 +109,24 @@ function checkCVE(str, line)
violation("only integers and hyphens are valid after CVE-", line, "43", "SC")
-- The value right after CVE- is the year which must always be 4 digits (YYYY)
if not str:match("^CVE%-%d%d%d%d%-*") then
if not str:match("^CVE%-%d%d%d%d%-") then
violation("CVE identifiers have 4 digit year between the first and second hyphens", line, "44", "SC")
-- The last value of a CVE identifier is a collection of AT LEAST 4 digits
if not str:match("^CVE%-.*%-%d%d%d%d+$") then
if not str:match("^CVE%-.-%-%d%d%d%d+$") then
violation("CVE IDs are at least 4 digits", line, "45", "SC")
local _, n = str:gsub("%-", "")
-- There must be exactly 2 hyphens, as the string is CVE-YYYY-XXXX
if n ~= 2 then
violation("CVE identifiers must have exactly 2 hyphens", line, "46", "SC")
function verify(str)
-- We do this because we expect that we are run from apkbuild-lint
-- which sources the apkbuild
local pkgname = os.getenv("pkgname")
if pkgname == nil then
return 1
local yaml = require "lyaml"
local data = yaml.load(str)
assert(type(data.secfixes) == "table", pkgname .. ": secfixes is not a table")
for k,v in pairs(data.secfixes) do
assert(type(k) == "string", pkgname..": not a string: "..tostring(k))
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment