search

gocsaf / csaf

Tools to download or provide CSAF (Common Security Advisory Framework) documents.
https://csaf.io
40 stars 23 forks source link

Changes.csv incorrect #225

Closed tschmidtb51 closed 2 years ago

tschmidtb51 commented 2 years ago

The file changes.csv is not correctly constructed: Current output is:

2022-07-14T08:20:40Z,YYYY/filename.json

However, the spec requires the fields in a different order:

YYYY/filename.json,"2022-07-14T08:20:40Z"
tschmidtb51 commented 2 years ago

This may also affect csaf_aggregator and csaf_downloader.

s-l-teichmann commented 2 years ago

PR #228 should fix this in the provider, checker and the aggregator. The downloader is not affected as it falls back to index.txt to fetch the advisories when ROLIE is not supported.

tschmidtb51 commented 2 years ago

For consistence: All fields in the changes.csv should be quoted...

s-l-teichmann commented 2 years ago

We use https://pkg.go.dev/encoding/csv@go1.18.4#Writer from the standard library which does on-demand quoting.