feat: add rpm package verification #632
Conversation
Signed-off-by: Miaha <miahacybersec@gmail.com>
MiahaCybersec
requested review from
jeremyrickard,
sozercan and
ashnamehrotra
as code owners
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #632 +/- ##
==========================================
+ Coverage 32.51% 34.20% +1.69%
==========================================
Files 17 18 +1
Lines 1621 1523 -98
==========================================
- Hits 527 521 -6
+ Misses 1062 969 -93
- Partials 32 33 +1 ☔ View full report in Codecov by Sentry. |
Signed-off-by: Miaha <miahacybersec@gmail.com>
pkg/pkgmgr/rpm.go
Outdated
| return err == nil | ||
| } | ||
|
|
||
| func isValidPackage(ver string) error { |
There was a problem hiding this comment.
could we add a unit test to rpm_test file for this function?
Signed-off-by: Miaha <miahacybersec@gmail.com>
Signed-off-by: Miaha <miahacybersec@gmail.com>
| // TODO: Verify if there are format correctness check that need to be added given lack of support in rpmVer lib | ||
| return true | ||
| err := isValidPackage(v) | ||
| return err == nil |
There was a problem hiding this comment.
instead of isValidPackage maybe we could leave it in this function since we are just checking version?
| for _, s := range ver { | ||
| if !unicode.IsDigit(s) && !unicode.IsLetter(s) && !strings.ContainsRune(allowedSymbols, s) { | ||
| return errors.New("upstream_version includes invalid character") | ||
| } |
There was a problem hiding this comment.
maybe we can log the upstream_version in the error message. Otherwise the checks look good to me based on the docs!
Signed-off-by: Miaha <miahacybersec@gmail.com>
Closes #601