Update README

- update input and output examples - add license text
Use correct long description from DSA long RDF
2023-01-22 13:23:27 +01:00 · 2023-01-22 13:18:57 +01:00
6 changed files with 119 additions and 16 deletions
--- a/3
+++ b/3
@ -1,10 +1,11 @@
 FROM golang:1.19-bullseye AS builder

 WORKDIR /build
-COPY go.mod /build/
+COPY go.mod go.sum /build/
 COPY cmd /build/cmd/
 COPY internal /build/internal/

+RUN go test -v ./...
 RUN CGO_ENABLED=0 go build ./cmd/debian-dsa

 FROM alpine:3
--- a/README.md
+++ b/README.md
@ -6,6 +6,21 @@ this can be used to trigger registry-image or docker-image builds when security

 The source code for the resource type is available at https://git.dittberner.info/jan/concourse-dsa-resource

+## License
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
 ## Usage

 To use the resource type in your own Concourse pipeline you will have to define the resource type and a resource:
@ -50,11 +65,11 @@ shortened and pretty-printed example output looks like this:
  [
    {
      "date": "2023-01-18",
-      "title": "DSA-5322 firefox-esr"
+      "title": "DSA-5322"
    },
    {
      "date": "2023-01-19",
-      "title": "DSA-5323 libitext5-java"
+      "title": "DSA-5323"
    }
  ]
  ```
@ -72,7 +87,7 @@ metadata. If the version exists. The following input example returns the output
    "params": {},
    "version": {
      "date": "2023-01-18",
-      "title": "DSA-5322 firefox-esr"
+      "title": "DSA-5322"
    }
  }
  ```
@ -83,11 +98,12 @@ metadata. If the version exists. The following input example returns the output
  {
    "version": {
      "date": "2023-01-18",
-      "title": "DSA-5322 firefox-esr"
+      "dsa": "DSA-5322"
    },
    "metadata": {
      "link": "https://www.debian.org/security/2023/dsa-5322",
-      "description": "security update"
+      "package": "firefox-esr",
+      "description": "Multiple security issues have been found in the Mozilla Firefox web\nbrowser, which could potentially result in the execution of arbitrary\ncode, information disclosure or spoofing."
    }
  }
  ```
--- a/go.mod
+++ b/go.mod
@ -1,3 +1,11 @@
 module git.dittberner.info/concourse-dsa-resource

 go 1.19
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/stretchr/objx v0.5.0 // indirect
+	github.com/stretchr/testify v1.8.1 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
--- a/go.sum
+++ b/go.sum
@ -0,0 +1,17 @@
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
--- a/internal/resource/dsa/dsa.go
+++ b/internal/resource/dsa/dsa.go
@ -81,8 +81,8 @@ func getRdfData(full bool) (*rdfData, error) {
 }

 type Version struct {
-	Date  string `json:"date"`
-	Title string `json:"title"`
+	Date      string `json:"date"`
+	DSANumber string `json:"dsa"`
 }

 func (v Version) String() string {
@ -104,6 +104,7 @@ type getInput struct {

 type MetaData struct {
 	Link        string `json:"link"`
+	Package     string `json:"package"`
 	Description string `json:"description"`
 }

@ -126,7 +127,7 @@ func (r *VersionRange) Len() int {
 }

 func (r *VersionRange) Less(i, j int) bool {
-	return r.versions[i].Date <= r.versions[j].Date && r.versions[i].Title < r.versions[j].Title
+	return r.versions[i].Date <= r.versions[j].Date && r.versions[i].DSANumber < r.versions[j].DSANumber
 }

 func (r *VersionRange) Swap(i, j int) {
@ -161,7 +162,9 @@ func (r *Resource) Check() error {
 	dates := &VersionRange{}

 	for _, item := range dsaData.Items {
-		dates.addVersion(Version{Date: item.Date, Title: item.Title})
+		parts := strings.SplitN(item.Title, " ", 2)
+
+		dates.addVersion(Version{Date: item.Date, DSANumber: parts[0]})
 	}

 	sort.Sort(dates)
@ -185,19 +188,26 @@ func (r *Resource) Get(_ string) error {
 		return fmt.Errorf("could not interpret version from Concourse as date: %w", err)
 	}

-	dsaData, err := getRdfData(false)
+	dsaData, err := getRdfData(true)
 	if err != nil {
 		log.Fatalf("could not get DSA RDF data: %v", err)
 	}

 	for _, item := range dsaData.Items {
-		if item.Date == input.Version.Date && item.Title == input.Version.Title {
+		if item.Date == input.Version.Date && strings.HasPrefix(item.Title, input.Version.DSANumber) {
+			parts := strings.SplitN(item.Title, " ", 3)
+
 			err = r.writeGetOutput(Version{
-				Date:  item.Date,
-				Title: item.Title,
+				Date:      item.Date,
+				DSANumber: parts[0],
 			}, MetaData{
-				Link:        item.Link,
-				Description: strings.TrimSpace(item.Description),
+				Link:    item.Link,
+				Package: parts[1],
+				Description: strings.TrimSpace(
+					strings.ReplaceAll(strings.ReplaceAll(
+						item.Description, "<p>", ""), "</p>", "\n",
+					),
+				),
 			})

 			if err != nil {
--- a/internal/resource/dsa/dsa_test.go
+++ b/internal/resource/dsa/dsa_test.go
@ -0,0 +1,51 @@
+package dsa
+
+import (
+	"bytes"
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestResource_Check(t *testing.T) {
+	input := strings.NewReader("{}")
+	output := &bytes.Buffer{}
+
+	resource := NewResource(input, output)
+
+	err := resource.Check()
+
+	assert.NoError(t, err)
+
+	result := output.String()
+
+	assert.NotEmpty(t, result)
+}
+
+func TestResource_Get(t *testing.T) {
+	rdf, err := getRdfData(false)
+
+	item := rdf.Items[0]
+
+	parts := strings.SplitN(item.Title, " ", 2)
+
+	require.NoError(t, err)
+
+	input := strings.NewReader(fmt.Sprintf(
+		`{"source":{},"params":{},"version":{"date":"%s","dsa":"%s"}}`, item.Date, parts[0],
+	))
+	output := &bytes.Buffer{}
+
+	resource := NewResource(input, output)
+
+	err = resource.Get("/tmp")
+
+	assert.NoError(t, err)
+
+	result := output.String()
+
+	assert.NotEmpty(t, result)
+}
Author	SHA1	Message	Date
Jan Dittberner	63b77842cf	Update README - update input and output examples - add license text	2023-01-22 13:23:27 +01:00
Jan Dittberner	182f21944b	Use correct long description from DSA long RDF - use date and DSA number as version identifier - add tests for Check and Get calls	2023-01-22 13:18:57 +01:00