SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 05:40:11 +01:00
Code Issues Releases Activity Actions

Move cert handling into library and add option passphrase. Adjust uploader and checker.

Browse source
This commit is contained in:
Sascha L. Teichmann 2023-08-02 21:02:58 +02:00
parent 873eb4879b
commit 017a6b0a10
5 changed files with 140 additions and 74 deletions
Download patch file Download diff file Expand all files Collapse all files

62
docs/csaf_checker.md
View file

@ -7,25 +7,26 @@ Usage:
csaf_checker [OPTIONS] domain...
Application Options:
-o, --output=REPORT-FILE File name of the generated report
-f, --format=[json|html] Format of report (default: json)
--insecure Do not check TLS certificates from provider
--client-cert=CERT-FILE TLS client certificate file (PEM encoded data)
--client-key=KEY-FILE TLS client private key file (PEM encoded data)
--version Display version of the binary
-v, --verbose Verbose output
-r, --rate= The average upper limit of https operations per second (defaults to unlimited)
-y, --years=YEARS Number of years to look back from now
-t, --timerange=RANGE RANGE of time from which advisories to download
-i, --ignorepattern=PATTERN Dont download files if there URLs match any of the given PATTERNs
-H, --header= One or more extra HTTP header fields
--validator=URL URL to validate documents remotely
--validatorcache=FILE FILE to cache remote validations
--validatorpreset= One or more presets to validate remotely (default: [mandatory])
-c, --config=TOML-FILE Path to config TOML file
-o, --output=REPORT-FILE File name of the generated report
-f, --format=[json|html] Format of report (default: json)
--insecure Do not check TLS certificates from provider
--client-cert=CERT-FILE TLS client certificate file (PEM encoded data)
--client-key=KEY-FILE TLS client private key file (PEM encoded data)
--client-passphrase=PASSPHRASE Optional passphrase for the client certificate
--version Display version of the binary
-v, --verbose Verbose output
-r, --rate= The average upper limit of https operations per second (defaults to unlimited)
-y, --years=YEARS Number of years to look back from now
-t, --timerange=RANGE RANGE of time from which advisories to download
-i, --ignorepattern=PATTERN Dont download files if there URLs match any of the given PATTERNs
-H, --header= One or more extra HTTP header fields
--validator=URL URL to validate documents remotely
--validatorcache=FILE FILE to cache remote validations
--validatorpreset= One or more presets to validate remotely (default: [mandatory])
-c, --config=TOML-FILE Path to config TOML file
Help Options:
-h, --help Show this help message
-h, --help Show this help message
```
Will check all given _domains_, by trying each as a CSAF provider.
@ -42,19 +43,20 @@ csaf_checker.toml
with `~` expanding to `$HOME` on unixoid systems and `%HOMEPATH` on Windows systems.
Supported options in config files:
```
output = ""
format = "json"
insecure = false
# client_cert # not set by default
# client_key # not set by default
verbose = false
# rate # not set by default
# years # not set by default
# timerange # not set by default
# header # not set by default
# validator # not set by default
# validatorcache # not set by default
validatorpreset = ["mandatory"]
output = ""
format = "json"
insecure = false
# client_cert # not set by default
# client_key # not set by default
# client_passphrase # not set by default
verbose = false
# rate # not set by default
# years # not set by default
# timerange # not set by default
# header # not set by default
# validator # not set by default
# validatorcache # not set by default
validatorpreset = ["mandatory"]
```
Usage example: