mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 21:47:20 +00:00
for #21304 # Checklist for submitter - [X] Manual QA for all new/changed functionality ## Details This PR adds a new validator for NVD feed files to be run as part of the nvd repo workflow. The intention is for that workflow to fail if any of the files it creates are not valid (i.e. they would not be parseable by the Fleet server) so that we don't publish and tag a release with bad files in it. This follows the pattern from https://github.com/fleetdm/fleet/issues/21300 as suggested by @iansltx. ## Testing I downloaded all of the latest release files to my local system using ```bash gh release download 202505190037 -D ~/Downloads/nvd ``` and then ran the validator on them with ```bash go run cmd/cpe/validate/main.go --db_dir ~/Downloads/nvd ``` To simulate file issues, I modified one section of each file to change a value into the wrong type, and validated that this caused the validator to panic. Examples: ``` panic: failed to load CPE translations: decode json: json: cannot unmarshal string into Go struct field CPETranslation.filter.vendor of type []string goroutine 1 [running]: main.checkCPETranslations({0x16dc975f9?, 0x14000192190?}) /Users/scott/Development/fleet/cmd/cpe/validate/main.go:34 +0xa8 main.main() /Users/scott/Development/fleet/cmd/cpe/validate/main.go:24 +0xb0 exit status 2 ``` --- ``` panic: failed to parse MacOffice release notes fleet_macoffice_release_notes_macoffice-2025_05_19.json: parsing time "xyz" as "2006-01-02T15:04:05Z07:00": cannot parse "xyz" as "2006" goroutine 1 [running]: main.checkMacOfficeNotes({0x16f7af5f9, 0x1a}) /Users/scott/Development/fleet/cmd/cpe/validate/main.go:56 +0x1f0 main.main() /Users/scott/Development/fleet/cmd/cpe/validate/main.go:25 +0xbc exit status 2 ``` --- ``` panic: failed to parse MSRC feed fleet_msrc_Windows_Server_2012_R2-2025_05_19.json: json: cannot unmarshal array into Go struct field Vulnerability.Vulnerabities.RemediatedBy of type bool goroutine 1 [running]: main.checkMSRCVulnerabilities({0x16f49b5f9, 0x1a}) /Users/scott/Development/fleet/cmd/cpe/validate/main.go:74 +0x1ac main.main() /Users/scott/Development/fleet/cmd/cpe/validate/main.go:26 +0xc8 exit status 2 ``` Additionally I tried the validator in [a run of the NVD workflow](https://github.com/fleetdm/nvd/actions/runs/15121687898/job/42505283781) and it executed successfully. |
||
|---|---|---|
| .. | ||
| testdata | ||
| validate | ||
| generate.go | ||
| generate_test.go | ||