Implement version handling in check

- update input and output examples
- add license text

.gitignore

@@ -1 +1,5 @@
 /.idea/
+/check
+/debian-dsa
+/in
+/out

Dockerfile

@@ -1,10 +1,11 @@
 FROM golang:1.19-bullseye AS builder
 
 WORKDIR /build
-COPY go.mod /build/
+COPY go.mod go.sum /build/
 COPY cmd /build/cmd/
 COPY internal /build/internal/
 
+RUN go test -v ./...
 RUN CGO_ENABLED=0 go build ./cmd/debian-dsa
 
 FROM alpine:3

README.md

@@ -6,6 +6,21 @@ this can be used to trigger registry-image or docker-image builds when security
 
 The source code for the resource type is available at https://git.dittberner.info/jan/concourse-dsa-resource
 
+## License
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
 ## Usage
 
 To use the resource type in your own Concourse pipeline you will have to define the resource type and a resource:
@@ -50,11 +65,11 @@ shortened and pretty-printed example output looks like this:
   [
     {
       "date": "2023-01-18",
-      "title": "DSA-5322 firefox-esr"
+      "dsa": "DSA-5322"
     },
     {
       "date": "2023-01-19",
-      "title": "DSA-5323 libitext5-java"
+      "dsa": "DSA-5323"
     }
   ]
   ```
@@ -72,7 +87,7 @@ metadata. If the version exists. The following input example returns the output
     "params": {},
     "version": {
       "date": "2023-01-18",
-      "title": "DSA-5322 firefox-esr"
+      "dsa": "DSA-5322"
     }
   }
   ```
@@ -83,11 +98,12 @@ metadata. If the version exists. The following input example returns the output
   {
     "version": {
       "date": "2023-01-18",
-      "title": "DSA-5322 firefox-esr"
+      "dsa": "DSA-5322"
     },
     "metadata": {
       "link": "https://www.debian.org/security/2023/dsa-5322",
-      "description": "security update"
+      "package": "firefox-esr",
+      "description": "Multiple security issues have been found in the Mozilla Firefox web\nbrowser, which could potentially result in the execution of arbitrary\ncode, information disclosure or spoofing."
     }
   }
   ```

go.mod

@@ -1,3 +1,11 @@
 module git.dittberner.info/concourse-dsa-resource
 
 go 1.19
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/stretchr/objx v0.5.0 // indirect
+	github.com/stretchr/testify v1.8.1 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)

go.sum

@@ -0,0 +1,17 @@
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

internal/resource/dsa/dsa.go

@@ -81,8 +81,8 @@ func getRdfData(full bool) (*rdfData, error) {
 }
 
 type Version struct {
-	Date  string `json:"date"`
+	Date      string `json:"date"`
-	Title string `json:"title"`
+	DSANumber string `json:"dsa"`
 }
 
 func (v Version) String() string {
@@ -104,6 +104,7 @@ type getInput struct {
 
 type MetaData struct {
 	Link        string `json:"link"`
+	Package     string `json:"package"`
 	Description string `json:"description"`
 }
 
@@ -126,7 +127,7 @@ func (r *VersionRange) Len() int {
 }
 
 func (r *VersionRange) Less(i, j int) bool {
-	return r.versions[i].Date <= r.versions[j].Date && r.versions[i].Title < r.versions[j].Title
+	return r.versions[i].Date <= r.versions[j].Date && r.versions[i].DSANumber < r.versions[j].DSANumber
 }
 
 func (r *VersionRange) Swap(i, j int) {
@@ -146,8 +147,10 @@ func (r *Resource) Check() error {
 		return fmt.Errorf("could not parse input from Concourse: %w", err)
 	}
 
+	var inputDate time.Time
+
 	if len(input.Version.Date) > 0 {
-		_, err = parseISODate(input.Version.Date)
+		inputDate, err = parseISODate(input.Version.Date)
 		if err != nil {
 			return fmt.Errorf("could not interpret version from Concourse as date: %w", err)
 		}
@@ -161,7 +164,16 @@ func (r *Resource) Check() error {
 	dates := &VersionRange{}
 
 	for _, item := range dsaData.Items {
-		dates.addVersion(Version{Date: item.Date, Title: item.Title})
+		parts := strings.SplitN(item.Title, " ", 2)
+
+		versionDate, err := parseISODate(item.Date)
+		if err != nil {
+			return fmt.Errorf("could not interpret date from RDF feed as date: %w", err)
+		}
+
+		if inputDate.IsZero() || inputDate.Before(versionDate) {
+			dates.addVersion(Version{Date: item.Date, DSANumber: parts[0]})
+		}
 	}
 
 	sort.Sort(dates)
@@ -185,19 +197,26 @@ func (r *Resource) Get(_ string) error {
 		return fmt.Errorf("could not interpret version from Concourse as date: %w", err)
 	}
 
-	dsaData, err := getRdfData(false)
+	dsaData, err := getRdfData(true)
 	if err != nil {
 		log.Fatalf("could not get DSA RDF data: %v", err)
 	}
 
 	for _, item := range dsaData.Items {
-		if item.Date == input.Version.Date && item.Title == input.Version.Title {
+		if item.Date == input.Version.Date && strings.HasPrefix(item.Title, input.Version.DSANumber) {
+			parts := strings.SplitN(item.Title, " ", 3)
+
 			err = r.writeGetOutput(Version{
-				Date:  item.Date,
+				Date:      item.Date,
-				Title: item.Title,
+				DSANumber: parts[0],
 			}, MetaData{
-				Link:        item.Link,
+				Link:    item.Link,
-				Description: strings.TrimSpace(item.Description),
+				Package: parts[1],
+				Description: strings.TrimSpace(
+					strings.ReplaceAll(strings.ReplaceAll(
+						item.Description, "<p>", ""), "</p>", "\n",
+					),
+				),
 			})
 
 			if err != nil {

internal/resource/dsa/dsa_test.go

@@ -0,0 +1,51 @@
+package dsa
+
+import (
+	"bytes"
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestResource_Check(t *testing.T) {
+	input := strings.NewReader("{}")
+	output := &bytes.Buffer{}
+
+	resource := NewResource(input, output)
+
+	err := resource.Check()
+
+	assert.NoError(t, err)
+
+	result := output.String()
+
+	assert.NotEmpty(t, result)
+}
+
+func TestResource_Get(t *testing.T) {
+	rdf, err := getRdfData(false)
+
+	item := rdf.Items[0]
+
+	parts := strings.SplitN(item.Title, " ", 2)
+
+	require.NoError(t, err)
+
+	input := strings.NewReader(fmt.Sprintf(
+		`{"source":{},"params":{},"version":{"date":"%s","dsa":"%s"}}`, item.Date, parts[0],
+	))
+	output := &bytes.Buffer{}
+
+	resource := NewResource(input, output)
+
+	err = resource.Get("/tmp")
+
+	assert.NoError(t, err)
+
+	result := output.String()
+
+	assert.NotEmpty(t, result)
+}