Commit e38faa30 authored by Leo's avatar Leo

feat(secfixes-check): add support for checking GNUTLS-SA

parent 1a94b8ec
......@@ -136,6 +136,102 @@ local function checkRel(str, line)
end
end
--- Check the GNUTLS identifier for validy
local function checkGNUTLS(str, line)
local days = {
"01",
"02",
"03",
"04",
"05",
"06",
"07",
"08",
"09",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28",
"29",
"30",
"31"
}
local months = {
"01",
"02",
"03",
"04",
"05",
"06",
"07",
"08",
"09",
"10",
"11",
"12"
}
str = str:gsub("^GNUTLS%-SA", "")
---
-- Check if we were given just the string 'GNUTLS-SA'
---
if str:len() == 0 then
violation("GNUTLS-SA identifier given is empty", line, "51", "SC")
end
-- GNUTLS-SA Identifirs are made up of only integers and hyphens after the CVE- prefix
if not str:match("^%-[%d%-]*$") then
violation("GNUTLS-SA identifier given is not composed of only digits and hyphens", line, "51", "SC")
end
-- GNUTLS-SA Identifiers' first field is made of the the year in 4 digits YYYY
if not str:match("^%-%d%d%d%d") then
violation("GNUTLS-SA ID given has a bad year, it needs to be in YYYY format", line, "51", "SC")
end
-- GNUTLS-SA Identifiers' second field is the month in the format MM
if not str:match("^%-.-%-%d%d%-") then
violation("GNUTLS-SA ID given has a bad month, it needs to be in MM format", line, "51", "SC")
else
-- Extract the month
local substr = str:sub(7, 8)
---
-- Check if we have the substring in our set of months, if not then the
-- user gave us an invalid month
---
if not has(months, substr) then
violation("GNUTLS-SA ID has invalid month, it must be between 01 and 12", line, "51", "SC")
end
end
if not str:match("^%-.-%-.-%-%d%d$") then
violation("GNUTLS-SA ID given has a bad day, it needs to be in DD format", line, "51", "SC")
else
-- Extract the day
local substr = str:sub(10, 11)
---
-- Check if we have the substring in our set of days, if not then the
-- user gave us an invalid day
---
if not has(days, substr) then
violation("GNUTLS-SA ID given has a bad day, it needs to be between 01 and 31", line, "51", "SC")
end
end
end
--- Check the CVE identifier for validity
local function checkCVE(str, line)
---
......@@ -226,6 +322,8 @@ local function main(arg)
for splitv in string.gmatch(v, "[^ ]+") do
if splitv:match("^CVE") then
checkCVE(v, k)
elseif splitv:match("^GNUTLS%-SA") then
checkGNUTLS(v, k)
end
end
end
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment