PMD: Support legacy security.txt location as fallback.#506
Merged
Conversation
JanHoefelmeyer
requested changes
Nov 13, 2023
Contributor
JanHoefelmeyer
left a comment
There was a problem hiding this comment.
The checker still doesn't search for the Security.txt within the legacy location. This needs to be adjusted before merging.
Contributor
Author
Addressed with 0a2b69b |
…e paths are checked
JanHoefelmeyer
approved these changes
Nov 14, 2023
tschmidtb51
requested changes
Nov 16, 2023
Collaborator
tschmidtb51
left a comment
There was a problem hiding this comment.
Regarding the csaf_checker: The reporting seems to be sub-optimal:
Requirement 7 reports a warning of an unexpected situation "fetching the .well-known/security.txt fails with 404"
Requirement 8 does report that "fetching the .well-known/security.txt fails with 404" but does not state that the one under /security.txt was found.
Actions:
- We need to add at least under 8 that the /security.txt was found (and if it had a CSAF entry).
- We need to confirm that no security.txt (at all) does not result in an error (in requirement 7) if one of the other ways led to a PMD
Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com>
… under .well-known and legacy location into different messages to improve readability
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
If we don't find the security.txt in the well-known folder try to find it under https://domain/security.txt as a fallback.
Solves #503