single spec test

.pipelines/prchecks/CveSpecFilePRCheck/AntiPatternDetector.py

@@ -98,6 +98,7 @@ def __init__(self, repo_root: str):
             'cve-patch-mismatch': Severity.ERROR,
             'unused-patch-file': Severity.WARNING,
             'patch-without-cve-ref': Severity.WARNING,
+            'incorrect-patch-case': Severity.ERROR,
 
             # CVE related issues
             'missing-cve-reference': Severity.ERROR,
@@ -172,11 +173,28 @@ def detect_patch_file_issues(self, spec_content: str, file_path: str, file_list:
 
         # Extract patch references from spec file with line numbers
         # Updated regex to handle both simple filenames and full URLs
+        # Made case-insensitive to detect all patch references (we'll flag incorrect case separately)
         patch_regex = r'^Patch(\d+):\s+(.+?)$'
         patch_refs = {}
 
         for line_num, line in enumerate(spec_content.split('\n'), 1):
-            match = re.match(patch_regex, line.strip())
+            # First, check for incorrect lowercase 'patch' usage
+            if line.strip().startswith('patch') and ':' in line:
+                lowercase_match = re.match(r'^patch(\d+):\s+(.+?)$', line.strip())
+                if lowercase_match:
+                    patterns.append(AntiPattern(
+                        id='incorrect-patch-case',
+                        name="Incorrect Patch Reference Case",
+                        description=f"Patch reference uses lowercase 'patch' instead of 'Patch' (RPM spec convention requires uppercase 'P')",
+                        severity=self.severity_map.get('incorrect-patch-case', Severity.ERROR),
+                        file_path=file_path,
+                        line_number=line_num,
+                        context=line.strip(),
+                        recommendation="Change 'patch' to 'Patch' to follow RPM spec file conventions"
+                    ))
+
+            # Now detect all patch references (case-insensitive) for further validation
+            match = re.match(patch_regex, line.strip(), re.IGNORECASE)
             if match:
                 patch_file = match.group(2).strip()
 

.pipelines/prchecks/CveSpecFilePRCheck/CveSpecFilePRCheck.py

@@ -765,8 +765,16 @@ def main():
             pr_number = int(os.environ.get("GITHUB_PR_NUMBER", "0"))
 
             if pr_number:
-                # Post organized comment
-                github_client.post_pr_comment(pr_number, analysis_result)
+                logger.info(f"Posting GitHub comment to PR #{pr_number}")
+
+                # Format and post organized comment
+                comment = github_client.format_multi_spec_comment(analysis_result)
+                success = github_client.post_comment(pr_number, comment)
+
+                if success:
+                    logger.info("Successfully posted GitHub comment")
+                else:
+                    logger.warning("Failed to post GitHub comment")
 
                 # Update checks API if enabled
                 if os.environ.get("USE_CHECKS_API", "false").lower() == "true":
@@ -775,8 +783,10 @@ def main():
                         analysis_result.overall_severity,
                         analysis_result.summary_statistics
                     )
+            else:
+                logger.warning("GITHUB_PR_NUMBER not set, skipping GitHub comment")
         except Exception as e:
-            logger.error(f"Failed to update GitHub status: {e}")
+            logger.error(f"Failed to update GitHub status: {e}", exc_info=True)
 
     # Return appropriate exit code
     return get_severity_exit_code(analysis_result.overall_severity)

.pipelines/prchecks/CveSpecFilePRCheck/GitHubClient.py

@@ -56,7 +56,8 @@ class GitHubClient:
 
     def __init__(self):
         """Initialize the GitHub client with authentication."""
-        self.token = os.environ.get('GITHUB_TOKEN')
+        # Try GITHUB_TOKEN first, then fall back to SYSTEM_ACCESSTOKEN (for ADO)
+        self.token = os.environ.get('GITHUB_TOKEN') or os.environ.get('SYSTEM_ACCESSTOKEN')
         self.repo = os.environ.get('GITHUB_REPOSITORY', 'microsoft/azurelinux')
         self.api_base = 'https://api.github.com'
 

.pipelines/prchecks/CveSpecFilePRCheck/pr_check_report.txt

@@ -1,14 +1,14 @@
 ================================================================================
 CVE SPEC FILE CHECK - ANALYSIS REPORT
 ================================================================================
-Generated: 2025-10-14T17:34:56.229364
+Generated: 2025-10-14T18:15:21.600829
 
 EXECUTIVE SUMMARY
 ----------------------------------------
 Total Spec Files Analyzed: 1
 Specs with Errors: 1
 Specs with Warnings: 0
-Total Issues Found: 8
+Total Issues Found: 9
 Overall Severity: ERROR
 
 PACKAGE ANALYSIS DETAILS
@@ -17,7 +17,7 @@ PACKAGE ANALYSIS DETAILS
 Package: azcopy
 Spec File: SPECS/azcopy/azcopy.spec
 Status: ERROR
-Issues: 4 errors, 4 warnings
+Issues: 5 errors, 4 warnings
 
   Anti-Patterns Detected:
     - unused-patch-file: 4 occurrence(s)
@@ -30,15 +30,18 @@ Issues: 4 errors, 4 warnings
       • Patch file 'CVE-2024-51744.patch' contains CVE reference but CVE-2024-51744 is n...
       • Patch file 'CVE-2025-30204.patch' contains CVE reference but CVE-2025-30204 is n...
       ... and 1 more
+    - missing-cve-in-changelog: 1 occurrence(s)
+      • CVE-2025-1111 is referenced in the spec file but not mentioned in any changelog ...
 
 RECOMMENDED ACTIONS
 ----------------------------------------
 
 azcopy:
-  • Add CVE-2025-30204 to the spec file changelog entry
+  • Add CVE-2025-22868 to the spec file changelog entry
   • Add CVE-2024-51744 to the spec file changelog entry
+  • Add CVE-2025-1111 to a changelog entry
+  • Add CVE-2025-30204 to the spec file changelog entry
   • Add CVE-2025-22870 to the spec file changelog entry
-  • Add CVE-2025-22868 to the spec file changelog entry
 
 ================================================================================
 END OF REPORT

.pipelines/prchecks/CveSpecFilePRCheck/pr_check_results.json

@@ -1,20 +1,20 @@
 {
-  "timestamp": "2025-10-14T17:34:56.229698",
+  "timestamp": "2025-10-14T18:15:21.601167",
   "overall_severity": "ERROR",
-  "total_issues": 8,
+  "total_issues": 9,
   "summary_statistics": {
     "total_specs": 1,
     "specs_with_errors": 1,
     "specs_with_warnings": 0,
-    "total_errors": 4,
+    "total_errors": 5,
     "total_warnings": 4
   },
   "spec_results": [
     {
       "spec_path": "SPECS/azcopy/azcopy.spec",
       "package_name": "azcopy",
       "severity": "ERROR",
-      "summary": "4 errors, 4 warnings",
+      "summary": "5 errors, 4 warnings",
       "anti_patterns": [
         {
           "id": "unused-patch-file",
@@ -79,6 +79,14 @@
           "severity": "ERROR",
           "line_number": null,
           "recommendation": "Add CVE-2025-22868 to the spec file changelog entry"
+        },
+        {
+          "id": "missing-cve-in-changelog",
+          "name": "Missing CVE in Changelog",
+          "description": "CVE-2025-1111 is referenced in the spec file but not mentioned in any changelog entry",
+          "severity": "ERROR",
+          "line_number": null,
+          "recommendation": "Add CVE-2025-1111 to a changelog entry"
         }
       ],
       "ai_analysis": ""

SPECS/azcopy/azcopy.spec

@@ -31,6 +31,7 @@ Patch0:         CVE-2025-22868.patch
 Patch1:         CVE-2025-30204.patch
 Patch2:         CVE-2025-22870.patch
 Patch3:         CVE-2024-51744.patch
+patch4:         CVE-2025-1111.patch
 
 BuildRequires:  golang >= 1.17.9
 BuildRequires:  git