Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add linting support for Bottlerocket Security Advisories #466

Open
ginglis13 opened this issue Feb 24, 2025 · 0 comments · May be fixed by #467
Open

Add linting support for Bottlerocket Security Advisories #466

ginglis13 opened this issue Feb 24, 2025 · 0 comments · May be fixed by #467

Comments

@ginglis13
Copy link
Contributor

ginglis13 commented Feb 24, 2025
edited
Loading

bottlerocket-os/bottlerocket-core-kit#381 highlights a need for linting of Bottlerocket Security Advisories (BRSAs) to enforce that advisory content is strictly ASCII characters.

BRSAs are the source of Bottlerocket's updateinfo.xml. If a BRSA encodes special characters, then the encoding of those characters to XML may result in malformed updates in updateinfo.xml. For example, text copied directly from https://nvidia.custhelp.com/app/answers/detail/a_id/5616 for CVE-2025-23359 uses a special "non-breaking hyphen" character for hyphens, resulted in encodings CVE‑2025‑23359 instead of using a normal "-"

Something like bottlerocket-os/bottlerocket-core-kit#381 (comment)

if find advisories -name '*.toml' -type f >/dev/null 2>&1 ; then
  export LC_ALL=C
  if grep --include '*.toml' -R -l -P ['\x80'-'\xFF'] advisories ; then
    echo "error: found non-ASCII characters in advisories" >&2
    exit 1
  fi
fi

may do the trick
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

twoliter: add check-advisories task to lint BRSAs ginglis13/twoliter
1 participant
@ginglis13