gocsaf · bernhardreiter · Aug 17, 2023 · Aug 17, 2023
diff --git a/cmd/csaf_aggregator/config.go b/cmd/csaf_aggregator/config.go
@@ -22,6 +22,7 @@ import (
 	"github.com/csaf-poc/csaf_distribution/v2/csaf"
 	"github.com/csaf-poc/csaf_distribution/v2/internal/certs"
 	"github.com/csaf-poc/csaf_distribution/v2/internal/filter"
+	"github.com/csaf-poc/csaf_distribution/v2/internal/models"
 	"github.com/csaf-poc/csaf_distribution/v2/internal/options"
 	"github.com/csaf-poc/csaf_distribution/v2/util"
 	"golang.org/x/time/rate"
@@ -61,6 +62,8 @@ type provider struct {
 	ClientKey        *string `toml:"client_key"`
 	ClientPassphrase *string `toml:"client_passphrase"`
 
+	Range *models.TimeRange `toml:"timerange"`
+
 	clientCerts   []tls.Certificate
 	ignorePattern filter.PatternMatcher
 }
@@ -88,6 +91,8 @@ type config struct {
 	ClientKey        *string `toml:"client_key"`
 	ClientPassphrase *string `toml:"client_passphrase"`
 
+	Range *models.TimeRange `long:"timerange" short:"t" description:"RANGE of time from which advisories to download" value-name:"RANGE" toml:"timerange"`
+
 	// LockFile tries to lock to a given file.
 	LockFile *string `toml:"lock_file"`
 
@@ -156,6 +161,20 @@ func (c *config) tooOldForInterims() func(time.Time) bool {
 	return func(t time.Time) bool { return t.Before(from) }
 }
 
+// ageAccept returns a function which checks if a given time
+// is in the accepted download interval of the provider or
+// the global config.
+func (p *provider) ageAccept(c *config) func(time.Time) bool {
+	switch {
+	case p.Range != nil:
+		return p.Range.Contains
+	case c.Range != nil:
+		return c.Range.Contains
+	default:
+		return nil
+	}
+}
+
 // ignoreFile returns true if the given URL should not be downloaded.
 func (p *provider) ignoreURL(u string, c *config) bool {
 	return p.ignorePattern.Matches(u) || c.ignorePattern.Matches(u)

diff --git a/cmd/csaf_aggregator/mirror.go b/cmd/csaf_aggregator/mirror.go
@@ -78,6 +78,8 @@ func (w *worker) mirrorInternal() (*csaf.AggregatorCSAFProvider, error) {
 		w.metadataProvider,
 		base)
 
+	afp.AgeAccept = w.provider.ageAccept(w.processor.cfg)
+
 	if err := afp.Process(w.mirrorFiles); err != nil {
 		return nil, err
 	}
@@ -494,6 +496,7 @@ func (w *worker) mirrorFiles(tlpLabel csaf.TLPLabel, files []csaf.AdvisoryFile)
 	yearDirs := make(map[int]string)
 
 	for _, file := range files {
+
 		u, err := url.Parse(file.URL())
 		if err != nil {
 			log.Printf("error: %s\n", err)

diff --git a/docs/csaf_aggregator.md b/docs/csaf_aggregator.md
@@ -6,6 +6,7 @@
   csaf_aggregator [OPTIONS]
 
 Application Options:
+  -t, --timerange=RANGE     RANGE of time from which advisories to download
   -i, --interim             Perform an interim scan
       --version             Display version of the binary
   -c, --config=TOML-FILE    Path to config TOML file
@@ -99,6 +100,7 @@ client_cert             // path to client certificate to access access-protected
 client_key              // path to client key to access access-protected advisories
 client_passphrase       // client passphrase to access access-protected advisories
 header                  // adds extra HTTP header fields to the client
+timerange               // Accepted time range of advisories to handle. See checker doc for details.
 ```
 
 Next we have two TOML _tables_:

diff --git a/docs/examples/aggregator.toml b/docs/examples/aggregator.toml
@@ -10,6 +10,7 @@ insecure = true
 #interim_years =
 #passphrase =
 #write_indices = false
+#timerange =
 
 # specification requires at least two providers (default),
 # to override for testing, enable:
@@ -31,6 +32,7 @@ insecure = true
   create_service_document = true
 #  rate = 1.5
 #  insecure = true
+#  timerange =
 
 [[providers]]
   name = "local-dev-provider2"