Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Make json parsing more strict #655

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JanHoefelmeyer merged 5 commits into from
Jul 8, 2025
Merged

Make json parsing more strict #655

JanHoefelmeyer merged 5 commits into from
Jul 8, 2025

Conversation

@koplas
Copy link
Contributor

@koplas koplas commented Jun 27, 2025

No description provided.

@koplas koplas requested review from JanHoefelmeyer and cintek June 27, 2025 15:03
@koplas koplas linked an issue Jun 27, 2025 that may be closed by this pull request
Don't accept trailing garbage when parsing json #654
Closed
@github-actions
Copy link

github-actions bot commented Jun 27, 2025
edited
Loading

Modver result

This report was generated by Modver,
a Go package and command that helps you obey semantic versioning rules in your Go module.

This PR does not require a change in your module’s version number.
(You might still consider bumping the patchlevel anyway.)

bernhardreiter
bernhardreiter reviewed Jun 30, 2025
View reviewed changes
@koplas koplas force-pushed the json-eof branch 2 times, most recently from 04db1ca to 3ed0e8b Compare July 2, 2025 08:44
JanHoefelmeyer
JanHoefelmeyer previously approved these changes Jul 2, 2025
View reviewed changes
bernhardreiter
bernhardreiter requested changes Jul 2, 2025
View reviewed changes
Copy link
Member

@bernhardreiter bernhardreiter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

License still missing.
Not the same interface.
Too many unrelated whitespace changes.

bernhardreiter
bernhardreiter previously approved these changes Jul 4, 2025
View reviewed changes
Copy link
Member

@bernhardreiter bernhardreiter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

JanHoefelmeyer
JanHoefelmeyer previously approved these changes Jul 4, 2025
View reviewed changes
Copy link
Contributor

@JanHoefelmeyer JanHoefelmeyer left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Due to how the checker is structured, the new code will miss the wrong keys in the PMD check, but since this is checked and caught a second time anyway (and solving it would take considerable effort): LGTM & works

Tested via setting up 3 new advisories in an existing, functioning provider. One has added garbage data, one an unknown field, one is fine. All 3 advisories were treated correctly by validator, checker, downloader and uploader

Also tested the new unit tests successfully

JanHoefelmeyer
JanHoefelmeyer approved these changes Jul 7, 2025
View reviewed changes
Copy link
Contributor

@JanHoefelmeyer JanHoefelmeyer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM & works

cintek
cintek approved these changes Jul 7, 2025
View reviewed changes
Copy link
Contributor

@cintek cintek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@JanHoefelmeyer JanHoefelmeyer merged commit ae184eb into main Jul 8, 2025
7 checks passed
This was referenced Sep 8, 2025
Merged
Merged
llugin added a commit to greenbone/csaf_distribution that referenced this pull request Sep 30, 2025
@llugin
Merge upstream (#90)
4cbfaa1 
## What

Add upstream changes. 

Only functional change to CSAF Downloader was that it now rejects CSAF
documents which contain trailing garbage data to the JSON:
gocsaf#655



## Why

Keep our fork up to date.
@bernhardreiter bernhardreiter deleted the json-eof branch October 23, 2025 11:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cintek cintek cintek approved these changes

@JanHoefelmeyer JanHoefelmeyer JanHoefelmeyer approved these changes

@bernhardreiter bernhardreiter bernhardreiter left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Don't accept trailing garbage when parsing json

5 participants

@koplas @bernhardreiter @cintek @JanHoefelmeyer