changes.csv: check quoting

[tschmidtb51]

Currently, the csaf_checker does not report if one of the fields in a changes.csv is not quoted. Can we change that to report this violation?

[lebogg]

Using the csv package from the standard library it is not possible to change that, I guess. These quotes are automatically being removed: "The beginning and ending quote are not part of the field" (see https://pkg.go.dev/encoding/csv).

One option would be to implement a io.Reader yourself. Or maybe you can build a wrapper around the CSV reader @oxisto?

[bernhardreiter]

@tschmidtb51 can you elaborate, why you see this as a violation?

In CSAF 2.0 there is no precise definition of the format of changes.csv, only an example file.

Assuming that other standards are a good choice to refer to, https://www.rfc-editor.org/rfc/rfc4180#page-2 is the IETF one and has

5. Each field may or may not be enclosed in double quotes [..]

So some fields without double quotes are allowed by RFC4180. It depends on the field value.

Looking at a different standard body, e.g. https://www.w3.org/TR/sparql12-results-csv-tsv/#csv-terms has and example with fields without double quotes: https://www.w3.org/TR/sparql12-results-csv-tsv/#csv-example

As CSAF 2.0 does not add restrictions, having fields without double quotes is not a documented violation against it.