{"ref":"refs/heads/main","before":"e4d65e96026d40bd04e274bcb6adec863652b9dc","after":"d94494148e89877973b2735cb58ebe2fa37272de","repository":{"id":19279199,"node_id":"MDEwOlJlcG9zaXRvcnkxOTI3OTE5OQ==","name":"openscap","full_name":"OpenSCAP/openscap","private":false,"owner":{"name":"OpenSCAP","email":null,"login":"OpenSCAP","id":7439934,"node_id":"MDEyOk9yZ2FuaXphdGlvbjc0Mzk5MzQ=","avatar_url":"https://avatars.githubusercontent.com/u/7439934?v=4","gravatar_id":"","url":"https://api.github.com/users/OpenSCAP","html_url":"https://github.com/OpenSCAP","followers_url":"https://api.github.com/users/OpenSCAP/followers","following_url":"https://api.github.com/users/OpenSCAP/following{/other_user}","gists_url":"https://api.github.com/users/OpenSCAP/gists{/gist_id}","starred_url":"https://api.github.com/users/OpenSCAP/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/OpenSCAP/subscriptions","organizations_url":"https://api.github.com/users/OpenSCAP/orgs","repos_url":"https://api.github.com/users/OpenSCAP/repos","events_url":"https://api.github.com/users/OpenSCAP/events{/privacy}","received_events_url":"https://api.github.com/users/OpenSCAP/received_events","type":"Organization","user_view_type":"public","site_admin":false},"html_url":"https://github.com/OpenSCAP/openscap","description":"NIST Certified SCAP 1.2 toolkit","fork":false,"url":"https://api.github.com/repos/OpenSCAP/openscap","forks_url":"https://api.github.com/repos/OpenSCAP/openscap/forks","keys_url":"https://api.github.com/repos/OpenSCAP/openscap/keys{/key_id}","collaborators_url":"https://api.github.com/repos/OpenSCAP/openscap/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/OpenSCAP/openscap/teams","hooks_url":"https://api.github.com/repos/OpenSCAP/openscap/hooks","issue_events_url":"https://api.github.com/repos/OpenSCAP/openscap/issues/events{/number}","events_url":"https://api.github.com/repos/OpenSCAP/openscap/events","assignees_url":"https://api.github.com/repos/OpenSCAP/openscap/assignees{/user}","branches_url":"https://api.github.com/repos/OpenSCAP/openscap/branches{/branch}","tags_url":"https://api.github.com/repos/OpenSCAP/openscap/tags","blobs_url":"https://api.github.com/repos/OpenSCAP/openscap/git/blobs{/sha}","git_tags_url":"https://api.github.com/repos/OpenSCAP/openscap/git/tags{/sha}","git_refs_url":"https://api.github.com/repos/OpenSCAP/openscap/git/refs{/sha}","trees_url":"https://api.github.com/repos/OpenSCAP/openscap/git/trees{/sha}","statuses_url":"https://api.github.com/repos/OpenSCAP/openscap/statuses/{sha}","languages_url":"https://api.github.com/repos/OpenSCAP/openscap/languages","stargazers_url":"https://api.github.com/repos/OpenSCAP/openscap/stargazers","contributors_url":"https://api.github.com/repos/OpenSCAP/openscap/contributors","subscribers_url":"https://api.github.com/repos/OpenSCAP/openscap/subscribers","subscription_url":"https://api.github.com/repos/OpenSCAP/openscap/subscription","commits_url":"https://api.github.com/repos/OpenSCAP/openscap/commits{/sha}","git_commits_url":"https://api.github.com/repos/OpenSCAP/openscap/git/commits{/sha}","comments_url":"https://api.github.com/repos/OpenSCAP/openscap/comments{/number}","issue_comment_url":"https://api.github.com/repos/OpenSCAP/openscap/issues/comments{/number}","contents_url":"https://api.github.com/repos/OpenSCAP/openscap/contents/{+path}","compare_url":"https://api.github.com/repos/OpenSCAP/openscap/compare/{base}...{head}","merges_url":"https://api.github.com/repos/OpenSCAP/openscap/merges","archive_url":"https://api.github.com/repos/OpenSCAP/openscap/{archive_format}{/ref}","downloads_url":"https://api.github.com/repos/OpenSCAP/openscap/downloads","issues_url":"https://api.github.com/repos/OpenSCAP/openscap/issues{/number}","pulls_url":"https://api.github.com/repos/OpenSCAP/openscap/pulls{/number}","milestones_url":"https://api.github.com/repos/OpenSCAP/openscap/milestones{/number}","notifications_url":"https://api.github.com/repos/OpenSCAP/openscap/notifications{?since,all,participating}","labels_url":"https://api.github.com/repos/OpenSCAP/openscap/labels{/name}","releases_url":"https://api.github.com/repos/OpenSCAP/openscap/releases{/id}","deployments_url":"https://api.github.com/repos/OpenSCAP/openscap/deployments","created_at":1398781414,"updated_at":"2026-06-12T07:14:50Z","pushed_at":1781278125,"git_url":"git://github.com/OpenSCAP/openscap.git","ssh_url":"git@github.com:OpenSCAP/openscap.git","clone_url":"https://github.com/OpenSCAP/openscap.git","svn_url":"https://github.com/OpenSCAP/openscap","homepage":"https://www.open-scap.org/tools/openscap-base","size":32273,"stargazers_count":1738,"watchers_count":1738,"language":"XSLT","has_issues":true,"has_projects":true,"has_downloads":true,"has_wiki":true,"has_pages":false,"has_discussions":true,"forks_count":437,"mirror_url":null,"archived":false,"disabled":false,"open_issues_count":62,"license":{"key":"lgpl-2.1","name":"GNU Lesser General Public License v2.1","spdx_id":"LGPL-2.1","url":"https://api.github.com/licenses/lgpl-2.1","node_id":"MDc6TGljZW5zZTEx"},"allow_forking":true,"is_template":false,"web_commit_signoff_required":false,"has_pull_requests":true,"pull_request_creation_policy":"all","topics":["compliance","cpe","data-stream","openscap","oval","scanning","scap","xccdf"],"visibility":"public","forks":437,"open_issues":62,"watchers":1738,"default_branch":"main","stargazers":1738,"master_branch":"main","organization":"OpenSCAP","custom_properties":{}},"pusher":{"name":"Mab879","email":"m@tthewburket.com"},"forced":false,"organization":{"login":"OpenSCAP","id":7439934,"node_id":"MDEyOk9yZ2FuaXphdGlvbjc0Mzk5MzQ=","url":"https://api.github.com/orgs/OpenSCAP","repos_url":"https://api.github.com/orgs/OpenSCAP/repos","events_url":"https://api.github.com/orgs/OpenSCAP/events","hooks_url":"https://api.github.com/orgs/OpenSCAP/hooks","issues_url":"https://api.github.com/orgs/OpenSCAP/issues","members_url":"https://api.github.com/orgs/OpenSCAP/members{/member}","public_members_url":"https://api.github.com/orgs/OpenSCAP/public_members{/member}","avatar_url":"https://avatars.githubusercontent.com/u/7439934?v=4","description":"Open Source Security Compliance Solution"},"sender":{"login":"Mab879","id":207087,"node_id":"MDQ6VXNlcjIwNzA4Nw==","avatar_url":"https://avatars.githubusercontent.com/u/207087?v=4","gravatar_id":"","url":"https://api.github.com/users/Mab879","html_url":"https://github.com/Mab879","followers_url":"https://api.github.com/users/Mab879/followers","following_url":"https://api.github.com/users/Mab879/following{/other_user}","gists_url":"https://api.github.com/users/Mab879/gists{/gist_id}","starred_url":"https://api.github.com/users/Mab879/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/Mab879/subscriptions","organizations_url":"https://api.github.com/users/Mab879/orgs","repos_url":"https://api.github.com/users/Mab879/repos","events_url":"https://api.github.com/users/Mab879/events{/privacy}","received_events_url":"https://api.github.com/users/Mab879/received_events","type":"User","user_view_type":"public","site_admin":false},"created":false,"deleted":false,"base_ref":null,"compare":"https://github.com/OpenSCAP/openscap/compare/e4d65e96026d...d94494148e89","commits":[{"id":"da50724a2b046e56c036f7c856502467e4623d82","tree_id":"cda96df3a191cde8a980a288e9f5497d636ac846","distinct":false,"message":"XCCDF/OVAL/CPE/DS: fix NULL-pointer dereferences on malformed input\n\nMissing XML attributes/namespaces/text make libxml return NULL, which was\nthen passed to strcmp/atoi/atof or dereferenced. Guard these and make the\nshared string helpers NULL-tolerant.\n\n- common/util.h: oscap_str_startswith()/oscap_str_endswith() return false on\n  a NULL string (matching oscap_strcmp/oscap_streq).\n- OVAL: guard the optional `version` attribute before atoi() in oval_state,\n  oval_definition, oval_object, oval_variable, oval_resultDefinition; guard\n  the `reported` attribute (oval_directives); guard a NULL frame from a\n  duplicate variable id (oval_varModel).\n- XCCDF: NULL-safe atof() for empty lower/upper-bound and score elements\n  (value.c, result.c); reject a NULL <TestResult> (benchmark.c); skip a\n  <platform> with no @idref before strlen() (item.c); reject a NULL profile\n  in tailoring (tailoring.c).\n- DS: NULL-safe id comparisons in sds_index / rds; reject a component with no\n  id as a hash key (ds_rds_session.c).","timestamp":"2026-06-03T08:46:38Z","url":"https://github.com/OpenSCAP/openscap/commit/da50724a2b046e56c036f7c856502467e4623d82","author":{"name":"Edouard Schweisguth","email":"edouard.schweisguth@datadoghq.com","date":"2026-06-03T08:46:38Z","username":"edznux-dd"},"committer":{"name":"Edouard Schweisguth","email":"edouard.schweisguth@datadoghq.com","date":"2026-06-03T08:46:38Z","username":"edznux-dd"},"added":[],"removed":[],"modified":["src/DS/ds_rds_session.c","src/DS/rds.c","src/DS/sds_index.c","src/OVAL/oval_definition.c","src/OVAL/oval_directives.c","src/OVAL/oval_object.c","src/OVAL/oval_state.c","src/OVAL/oval_varModel.c","src/OVAL/oval_variable.c","src/OVAL/results/oval_resultDefinition.c","src/XCCDF/benchmark.c","src/XCCDF/item.c","src/XCCDF/result.c","src/XCCDF/tailoring.c","src/XCCDF/value.c","src/common/util.h"]},{"id":"906022e8472c17b3d23fc3eddbc103741773f26c","tree_id":"631013d91732ca2cc2142571d11ef7e7030e52f1","distinct":false,"message":"address PR comments","timestamp":"2026-06-04T08:21:45Z","url":"https://github.com/OpenSCAP/openscap/commit/906022e8472c17b3d23fc3eddbc103741773f26c","author":{"name":"Edouard Schweisguth","email":"edouard.schweisguth@datadoghq.com","date":"2026-06-04T08:21:45Z","username":"edznux-dd"},"committer":{"name":"Edouard Schweisguth","email":"edouard.schweisguth@datadoghq.com","date":"2026-06-04T08:21:45Z","username":"edznux-dd"},"added":[],"removed":[],"modified":["src/DS/sds_index.c","src/XCCDF/result.c","src/XCCDF/value.c"]},{"id":"e23bbcb38885aac27f560d3b562bdb4146e4c6c0","tree_id":"bfaf4cc1084e96791df6aad2d010ca5527018207","distinct":false,"message":"Add regression test for fixed bugs/vulns","timestamp":"2026-06-08T10:05:52Z","url":"https://github.com/OpenSCAP/openscap/commit/e23bbcb38885aac27f560d3b562bdb4146e4c6c0","author":{"name":"Edouard Schweisguth","email":"edouard.schweisguth@datadoghq.com","date":"2026-06-08T10:05:52Z","username":"edznux-dd"},"committer":{"name":"Edouard Schweisguth","email":"edouard.schweisguth@datadoghq.com","date":"2026-06-08T10:05:52Z","username":"edznux-dd"},"added":["tests/API/OVAL/unittests/test_null_ptr_regression.oval.xml","tests/API/OVAL/unittests/test_null_ptr_regression.sh","tests/API/OVAL/unittests/test_null_ptr_regression_varmodel.oval_variables.xml","tests/API/XCCDF/unittests/test_null_ptr_regression.sh","tests/API/XCCDF/unittests/test_null_ptr_xccdf_empty_testresult.xml","tests/API/XCCDF/unittests/test_null_ptr_xccdf_platform_no_idref.xml","tests/API/XCCDF/unittests/test_null_ptr_xccdf_tailoring_empty_profile.xml","tests/DS/test_null_ptr_rds_missing_rel_type.xml","tests/DS/test_null_ptr_regression.sh","tests/DS/test_null_ptr_sds_empty_collection.xml","tests/DS/test_null_ptr_sds_stream_no_id.xml"],"removed":[],"modified":["tests/API/OVAL/unittests/CMakeLists.txt","tests/API/XCCDF/unittests/CMakeLists.txt","tests/DS/CMakeLists.txt","tests/test_common.sh.in"]},{"id":"d94494148e89877973b2735cb58ebe2fa37272de","tree_id":"4547d3c8f2ef764070b7c93f83a0949bf82e76b2","distinct":true,"message":"Merge pull request #2361 from edznux-dd/fix/null-pointer-deref\n\nXCCDF/OVAL/CPE/DS: fix NULL-pointer dereferences on malformed input","timestamp":"2026-06-12T10:28:45-05:00","url":"https://github.com/OpenSCAP/openscap/commit/d94494148e89877973b2735cb58ebe2fa37272de","author":{"name":"Matthew Burket","email":"mburket@redhat.com","date":"2026-06-12T10:28:45-05:00","username":"Mab879"},"committer":{"name":"GitHub","email":"noreply@github.com","date":"2026-06-12T10:28:45-05:00","username":"web-flow"},"added":["tests/API/OVAL/unittests/test_null_ptr_regression.oval.xml","tests/API/OVAL/unittests/test_null_ptr_regression.sh","tests/API/OVAL/unittests/test_null_ptr_regression_varmodel.oval_variables.xml","tests/API/XCCDF/unittests/test_null_ptr_regression.sh","tests/API/XCCDF/unittests/test_null_ptr_xccdf_empty_testresult.xml","tests/API/XCCDF/unittests/test_null_ptr_xccdf_platform_no_idref.xml","tests/API/XCCDF/unittests/test_null_ptr_xccdf_tailoring_empty_profile.xml","tests/DS/test_null_ptr_rds_missing_rel_type.xml","tests/DS/test_null_ptr_regression.sh","tests/DS/test_null_ptr_sds_empty_collection.xml","tests/DS/test_null_ptr_sds_stream_no_id.xml"],"removed":[],"modified":["src/DS/ds_rds_session.c","src/DS/rds.c","src/DS/sds_index.c","src/OVAL/oval_definition.c","src/OVAL/oval_directives.c","src/OVAL/oval_object.c","src/OVAL/oval_state.c","src/OVAL/oval_varModel.c","src/OVAL/oval_variable.c","src/OVAL/results/oval_resultDefinition.c","src/XCCDF/benchmark.c","src/XCCDF/item.c","src/XCCDF/result.c","src/XCCDF/tailoring.c","src/XCCDF/value.c","src/common/util.h","tests/API/OVAL/unittests/CMakeLists.txt","tests/API/XCCDF/unittests/CMakeLists.txt","tests/DS/CMakeLists.txt","tests/test_common.sh.in"]}],"head_commit":{"id":"d94494148e89877973b2735cb58ebe2fa37272de","tree_id":"4547d3c8f2ef764070b7c93f83a0949bf82e76b2","distinct":true,"message":"Merge pull request #2361 from edznux-dd/fix/null-pointer-deref\n\nXCCDF/OVAL/CPE/DS: fix NULL-pointer dereferences on malformed input","timestamp":"2026-06-12T10:28:45-05:00","url":"https://github.com/OpenSCAP/openscap/commit/d94494148e89877973b2735cb58ebe2fa37272de","author":{"name":"Matthew Burket","email":"mburket@redhat.com","date":"2026-06-12T10:28:45-05:00","username":"Mab879"},"committer":{"name":"GitHub","email":"noreply@github.com","date":"2026-06-12T10:28:45-05:00","username":"web-flow"},"added":["tests/API/OVAL/unittests/test_null_ptr_regression.oval.xml","tests/API/OVAL/unittests/test_null_ptr_regression.sh","tests/API/OVAL/unittests/test_null_ptr_regression_varmodel.oval_variables.xml","tests/API/XCCDF/unittests/test_null_ptr_regression.sh","tests/API/XCCDF/unittests/test_null_ptr_xccdf_empty_testresult.xml","tests/API/XCCDF/unittests/test_null_ptr_xccdf_platform_no_idref.xml","tests/API/XCCDF/unittests/test_null_ptr_xccdf_tailoring_empty_profile.xml","tests/DS/test_null_ptr_rds_missing_rel_type.xml","tests/DS/test_null_ptr_regression.sh","tests/DS/test_null_ptr_sds_empty_collection.xml","tests/DS/test_null_ptr_sds_stream_no_id.xml"],"removed":[],"modified":["src/DS/ds_rds_session.c","src/DS/rds.c","src/DS/sds_index.c","src/OVAL/oval_definition.c","src/OVAL/oval_directives.c","src/OVAL/oval_object.c","src/OVAL/oval_state.c","src/OVAL/oval_varModel.c","src/OVAL/oval_variable.c","src/OVAL/results/oval_resultDefinition.c","src/XCCDF/benchmark.c","src/XCCDF/item.c","src/XCCDF/result.c","src/XCCDF/tailoring.c","src/XCCDF/value.c","src/common/util.h","tests/API/OVAL/unittests/CMakeLists.txt","tests/API/XCCDF/unittests/CMakeLists.txt","tests/DS/CMakeLists.txt","tests/test_common.sh.in"]}}