SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Merge branch 'main' into csaf_searcher

Browse source
This commit is contained in:
JanHoefelmeyer 2023-10-18 10:24:34 +02:00
commit 226dc961f3
68 changed files with 1726 additions and 246 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/release.yml vendored
View file

@ -7,7 +7,7 @@ on:
jobs:
releases-matrix:
name: Release Go binaries
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v3

2
Makefile
View file

@ -59,7 +59,7 @@ testsemver:
# Set -ldflags parameter to pass the semversion.
LDFLAGS = -ldflags "-X github.com/csaf-poc/csaf_distribution/v2/util.SemVersion=$(SEMVER)"
LDFLAGS = -ldflags "-X github.com/csaf-poc/csaf_distribution/v3/util.SemVersion=$(SEMVER)"
# Build binaries and place them under bin-$(GOOS)-$(GOARCH)
# Using 'Target-specific Variable Values' to specify the build target system

34
README.md
View file

@ -2,27 +2,31 @@
An implementation of a [CSAF 2.0](https://docs.oasis-open.org/csaf/csaf/v2.0/csd02/csaf-v2.0-csd02.html) trusted provider, checker, aggregator and downloader. Includes an uploader command line tool for the trusted provider.
## [csaf_provider](docs/csaf_provider.md)
## Tools for users
### [csaf_downloader](docs/csaf_downloader.md)
is a tool for downloading advisories from a provider.
Can be used for automated forwarding of CSAF documents.
### [csaf_validator](docs/csaf_validator.md)
is a tool to validate local advisories files against the JSON Schema and an optional remote validator.
## Tools for advisory providers
### [csaf_provider](docs/csaf_provider.md)
is an implementation of the role CSAF Trusted Provider, also offering
a simple HTTPS based management service.
## [csaf_uploader](docs/csaf_uploader.md)
is a command line tool that uploads CSAF documents to the `csaf_provider`.
### [csaf_uploader](docs/csaf_uploader.md)
is a command line tool to upload CSAF documents to the `csaf_provider`.
## [csaf_aggregator](docs/csaf_aggregator.md)
is an implementation of the role CSAF Aggregator.
### [csaf_checker](docs/csaf_checker.md)
is a tool for testing a CSAF Trusted Provider according to [Section 7 of the CSAF standard](https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html#7-distributing-csaf-documents).
## [csaf_checker](docs/csaf_checker.md)
is a tool for testing a CSAF Trusted Provider according to [Section 7 of the CSAF standard](https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html#7-distributing-csaf-documents). Does check requirements without considering the indicated `role` yet.
## [csaf_downloader](docs/csaf_downloader.md)
is a tool for downloading advisories from a provider.
## [csaf_validator](docs/csaf_validator.md)
is a tool to validate local advisories files against the JSON Schema and an optional remote validator.
### [csaf_aggregator](docs/csaf_aggregator.md)
is a CSAF Aggregator, to list or mirror providers.
## Setup
Note that binaries for the server side are only available and tested
Binaries for the server side are only available and tested
for GNU/Linux-Systems, e.g. Ubuntu LTS.
They are likely to run on similar systems when build from sources.
@ -69,7 +73,7 @@ will update the machine generated code.
## License
- csaf_distribution is licensed as Free Software under MIT License.
- `csaf_distribution` is licensed as Free Software under MIT License.
- See the specific source files
for details, the license itself can be found in the directory `LICENSES/`.

2
cmd/csaf_aggregator/client.go
View file

@ -13,7 +13,7 @@ import (
"io"
"net/http"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
var errNotFound = errors.New("not found")

12
cmd/csaf_aggregator/config.go
View file

@ -19,12 +19,12 @@ import (
"time"
"github.com/ProtonMail/gopenpgp/v2/crypto"
"github.com/csaf-poc/csaf_distribution/v2/csaf"
"github.com/csaf-poc/csaf_distribution/v2/internal/certs"
"github.com/csaf-poc/csaf_distribution/v2/internal/filter"
"github.com/csaf-poc/csaf_distribution/v2/internal/models"
"github.com/csaf-poc/csaf_distribution/v2/internal/options"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/csaf"
"github.com/csaf-poc/csaf_distribution/v3/internal/certs"
"github.com/csaf-poc/csaf_distribution/v3/internal/filter"
"github.com/csaf-poc/csaf_distribution/v3/internal/models"
"github.com/csaf-poc/csaf_distribution/v3/internal/options"
"github.com/csaf-poc/csaf_distribution/v3/util"
"golang.org/x/time/rate"
)

4
cmd/csaf_aggregator/full.go
View file

@ -18,8 +18,8 @@ import (
"sync"
"time"
"github.com/csaf-poc/csaf_distribution/v2/csaf"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/csaf"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
type fullJob struct {

4
cmd/csaf_aggregator/indices.go
View file

@ -20,8 +20,8 @@ import (
"strings"
"time"
"github.com/csaf-poc/csaf_distribution/v2/csaf"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/csaf"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
const (

4
cmd/csaf_aggregator/interim.go
View file

@ -25,8 +25,8 @@ import (
"sync"
"time"
"github.com/csaf-poc/csaf_distribution/v2/csaf"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/csaf"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
type interimJob struct {

2
cmd/csaf_aggregator/lazytransaction.go
View file

@ -13,7 +13,7 @@ import (
"os"
"path/filepath"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
type lazyTransaction struct {

4
cmd/csaf_aggregator/lister.go
View file

@ -11,8 +11,8 @@ package main
import (
"fmt"
"github.com/csaf-poc/csaf_distribution/v2/csaf"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/csaf"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
// mirrorAllowed checks if mirroring is allowed.

2
cmd/csaf_aggregator/main.go
View file

@ -14,7 +14,7 @@ import (
"os"
"path/filepath"
"github.com/csaf-poc/csaf_distribution/v2/internal/options"
"github.com/csaf-poc/csaf_distribution/v3/internal/options"
"github.com/gofrs/flock"
)

4
cmd/csaf_aggregator/mirror.go
View file

@ -30,8 +30,8 @@ import (
"github.com/ProtonMail/gopenpgp/v2/constants"
"github.com/ProtonMail/gopenpgp/v2/crypto"
"github.com/csaf-poc/csaf_distribution/v2/csaf"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/csaf"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
// mirrorAllowed checks if mirroring is allowed.

5
cmd/csaf_aggregator/processor.go
View file

@ -15,8 +15,9 @@ import (
"path/filepath"
"github.com/ProtonMail/gopenpgp/v2/crypto"
"github.com/csaf-poc/csaf_distribution/v2/csaf"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/csaf"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
type processor struct {

8
cmd/csaf_checker/config.go
View file

@ -13,10 +13,10 @@ import (
"fmt"
"net/http"
"github.com/csaf-poc/csaf_distribution/v2/internal/certs"
"github.com/csaf-poc/csaf_distribution/v2/internal/filter"
"github.com/csaf-poc/csaf_distribution/v2/internal/models"
"github.com/csaf-poc/csaf_distribution/v2/internal/options"
"github.com/csaf-poc/csaf_distribution/v3/internal/certs"
"github.com/csaf-poc/csaf_distribution/v3/internal/filter"
"github.com/csaf-poc/csaf_distribution/v3/internal/models"
"github.com/csaf-poc/csaf_distribution/v3/internal/options"
)
type outputFormat string

3
cmd/csaf_checker/links.go
View file

@ -14,7 +14,8 @@ import (
"net/url"
"github.com/PuerkitoBio/goquery"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
type (

8
cmd/csaf_checker/links_test.go
View file

@ -1,3 +1,11 @@
// This file is Free Software under the MIT License
// without warranty, see README.md and LICENSES/MIT.txt for details.
//
// SPDX-License-Identifier: MIT
//
// SPDX-FileCopyrightText: 2022 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
// Software-Engineering: 2022 Intevation GmbH <https://intevation.de>
package main
import (

2
cmd/csaf_checker/main.go
View file

@ -12,7 +12,7 @@ package main
import (
"log"
"github.com/csaf-poc/csaf_distribution/v2/internal/options"
"github.com/csaf-poc/csaf_distribution/v3/internal/options"
)
// run uses a processor to check all the given domains or direct urls

33
cmd/csaf_checker/processor.go
View file

@ -32,8 +32,9 @@ import (
"github.com/ProtonMail/gopenpgp/v2/crypto"
"golang.org/x/time/rate"
"github.com/csaf-poc/csaf_distribution/v2/csaf"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/csaf"
"github.com/csaf-poc/csaf_distribution/v3/internal/models"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
// topicMessages stores the collected topicMessages for a specific topic.
@ -666,12 +667,9 @@ func (p *processor) integrity(
var folderYear *int
if m := yearFromURL.FindStringSubmatch(u); m != nil {
year, _ := strconv.Atoi(m[1])
// Check if we are in checking time interval.
if accept := p.cfg.Range; accept != nil && !accept.Contains(
time.Date(
year, 12, 31, // Assume last day of year.
23, 59, 59, 0, // 23:59:59
time.UTC)) {
// Check if the year is in the accepted time interval.
if accept := p.cfg.Range; accept != nil &&
!accept.Intersects(models.Year(year)) {
continue
}
folderYear = &year
@ -1115,6 +1113,8 @@ func (p *processor) checkMissing(string) error {
for _, f := range files {
v := p.alreadyChecked[f]
var where []string
// mistake contains which requirements are broken
var mistake whereType
for mask := rolieMask; mask <= listingMask; mask <<= 1 {
if maxMask&mask == mask {
var in string
@ -1122,11 +1122,26 @@ func (p *processor) checkMissing(string) error {
in = "in"
} else {
in = "not in"
// Which file is missing entries?
mistake |= mask
}
where = append(where, in+" "+mask.String())
}
}
p.badIntegrities.error("%s %s", f, strings.Join(where, ", "))
// List error in all appropriate categories
if mistake&(rolieMask|indexMask|changesMask|listingMask) == 0 {
continue
}
joined := strings.Join(where, ", ")
report := func(mask whereType, msgs *topicMessages) {
if mistake&mask != 0 {
msgs.error("%s %s", f, joined)
}
}
report(rolieMask, &p.badROLIEFeed)
report(indexMask, &p.badIndices)
report(changesMask, &p.badChanges)
report(listingMask, &p.badDirListings)
}
return nil
}

4
cmd/csaf_checker/report.go
View file

@ -18,8 +18,8 @@ import (
"os"
"time"
"github.com/csaf-poc/csaf_distribution/v2/csaf"
"github.com/csaf-poc/csaf_distribution/v2/internal/models"
"github.com/csaf-poc/csaf_distribution/v3/csaf"
"github.com/csaf-poc/csaf_distribution/v3/internal/models"
)
// MessageType is the kind of the message.

2
cmd/csaf_checker/reporters.go
View file

@ -13,7 +13,7 @@ import (
"sort"
"strings"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
type (

4
cmd/csaf_checker/roliecheck.go
View file

@ -15,8 +15,8 @@ import (
"sort"
"strings"
"github.com/csaf-poc/csaf_distribution/v2/csaf"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/csaf"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
// identifier consist of document/tracking/id and document/publisher/namespace,

2
cmd/csaf_checker/rules.go
View file

@ -12,7 +12,7 @@ import (
"fmt"
"sort"
"github.com/csaf-poc/csaf_distribution/v2/csaf"
"github.com/csaf-poc/csaf_distribution/v3/csaf"
)
type ruleCondition int

85
cmd/csaf_downloader/config.go
View file

@ -12,16 +12,17 @@ import (
"crypto/tls"
"fmt"
"io"
"log"
"log/slog"
"net/http"
"os"
"path/filepath"
"time"
"github.com/csaf-poc/csaf_distribution/v2/internal/certs"
"github.com/csaf-poc/csaf_distribution/v2/internal/filter"
"github.com/csaf-poc/csaf_distribution/v2/internal/models"
"github.com/csaf-poc/csaf_distribution/v2/internal/options"
"github.com/csaf-poc/csaf_distribution/v3/internal/certs"
"github.com/csaf-poc/csaf_distribution/v3/internal/filter"
"github.com/csaf-poc/csaf_distribution/v3/internal/models"
"github.com/csaf-poc/csaf_distribution/v3/internal/options"
)
const (
@ -30,7 +31,7 @@ const (
defaultForwardQueue = 5
defaultValidationMode = validationStrict
defaultLogFile = "downloader.log"
defaultLogLevel = logLevelInfo
defaultLogLevel = slog.LevelInfo
)
type validationMode string
@ -40,15 +41,6 @@ const (
validationUnsafe = validationMode("unsafe")
)
type logLevel string
const (
logLevelDebug = logLevel("debug")
logLevelInfo = logLevel("info")
logLevelWarn = logLevel("warn")
logLevelError = logLevel("error")
)
type config struct {
Directory string `short:"d" long:"directory" description:"DIRectory to store the downloaded files in" value-name:"DIR" toml:"directory"`
Insecure bool `long:"insecure" description:"Do not check TLS certificates from provider" toml:"insecure"`
@ -57,7 +49,6 @@ type config struct {
ClientKey *string `long:"client-key" description:"TLS client private key file (PEM encoded data)" value-name:"KEY-FILE" toml:"client_key"`
ClientPassphrase *string `long:"client-passphrase" description:"Optional passphrase for the client cert (limited, experimental, see doc)" value-name:"PASSPHRASE" toml:"client_passphrase"`
Version bool `long:"version" description:"Display version of the binary" toml:"-"`
Verbose bool `long:"verbose" short:"v" description:"Verbose output" toml:"verbose"`
NoStore bool `long:"nostore" short:"n" description:"Do not store files" toml:"no_store"`
Rate *float64 `long:"rate" short:"r" description:"The average upper limit of https operations per second (defaults to unlimited)" toml:"rate"`
Worker int `long:"worker" short:"w" description:"NUMber of concurrent downloads" value-name:"NUM" toml:"worker"`
@ -78,9 +69,9 @@ type config struct {
ForwardQueue int `long:"forwardqueue" description:"Maximal queue LENGTH before forwarder" value-name:"LENGTH" toml:"forward_queue"`
ForwardInsecure bool `long:"forwardinsecure" description:"Do not check TLS certificates from forward endpoint" toml:"forward_insecure"`
LogFile string `long:"logfile" description:"FILE to log downloading to" value-name:"FILE" toml:"log_file"`
LogFile *string `long:"logfile" description:"FILE to log downloading to" value-name:"FILE" toml:"log_file"`
//lint:ignore SA5008 We are using choice or than once: debug, info, warn, error
LogLevel logLevel `long:"loglevel" description:"LEVEL of logging details" value-name:"LEVEL" choice:"debug" choice:"info" choice:"warn" choice:"error" toml:"log_level"`
LogLevel *options.LogLevel `long:"loglevel" description:"LEVEL of logging details" value-name:"LEVEL" choice:"debug" choice:"info" choice:"warn" choice:"error" toml:"log_level"`
Config string `short:"c" long:"config" description:"Path to config TOML file" value-name:"TOML-FILE" toml:"-"`
@ -97,6 +88,10 @@ var configPaths = []string{
// parseArgsConfig parses the command line and if need a config file.
func parseArgsConfig() ([]string, *config, error) {
var (
logFile = defaultLogFile
logLevel = &options.LogLevel{Level: defaultLogLevel}
)
p := options.Parser[config]{
DefaultConfigLocations: configPaths,
ConfigLocation: func(cfg *config) string { return cfg.Config },
@ -107,8 +102,8 @@ func parseArgsConfig() ([]string, *config, error) {
cfg.RemoteValidatorPresets = []string{defaultPreset}
cfg.ValidationMode = defaultValidationMode
cfg.ForwardQueue = defaultForwardQueue
cfg.LogFile = defaultLogFile
cfg.LogLevel = defaultLogLevel
cfg.LogFile = &logFile
cfg.LogLevel = logLevel
},
// Re-establish default values if not set.
EnsureDefaults: func(cfg *config) {
@ -123,30 +118,35 @@ func parseArgsConfig() ([]string, *config, error) {
default:
cfg.ValidationMode = validationStrict
}
if cfg.LogFile == nil {
cfg.LogFile = &logFile
}
if cfg.LogLevel == nil {
cfg.LogLevel = logLevel
}
},
}
return p.Parse()
}
// UnmarshalText implements [encoding/text.TextUnmarshaler].
// UnmarshalText implements [encoding.TextUnmarshaler].
func (vm *validationMode) UnmarshalText(text []byte) error {
switch m := validationMode(text); m {
case validationStrict, validationUnsafe:
*vm = m
default:
return fmt.Errorf(`invalid value %q (expected "strict" or "unsafe"`, m)
return fmt.Errorf(`invalid value %q (expected "strict" or "unsafe)"`, m)
}
return nil
}
// UnmarshalText implements [encoding/text.TextUnmarshaler].
func (ll *logLevel) UnmarshalText(text []byte) error {
switch l := logLevel(text); l {
case logLevelDebug, logLevelInfo, logLevelWarn, logLevelError:
*ll = l
default:
return fmt.Errorf(`invalid value %q (expected "debug", "info", "warn", "error")`, l)
// UnmarshalFlag implements [flags.UnmarshalFlag].
func (vm *validationMode) UnmarshalFlag(value string) error {
var v validationMode
if err := v.UnmarshalText([]byte(value)); err != nil {
return err
}
*vm = v
return nil
}
@ -155,20 +155,9 @@ func (cfg *config) ignoreURL(u string) bool {
return cfg.ignorePattern.Matches(u)
}
// slogLevel converts logLevel to [slog.Level].
func (ll logLevel) slogLevel() slog.Level {
switch ll {
case logLevelDebug:
return slog.LevelDebug
case logLevelInfo:
return slog.LevelInfo
case logLevelWarn:
return slog.LevelWarn
case logLevelError:
return slog.LevelError
default:
return slog.LevelInfo
}
// verbose is considered a log level equal or less debug.
func (cfg *config) verbose() bool {
return cfg.LogLevel.Level <= slog.LevelDebug
}
// prepareDirectory ensures that the working directory
@ -209,26 +198,28 @@ func dropSubSeconds(_ []string, a slog.Attr) slog.Attr {
// prepareLogging sets up the structured logging.
func (cfg *config) prepareLogging() error {
var w io.Writer
if cfg.LogFile == "" {
if cfg.LogFile == nil || *cfg.LogFile == "" {
log.Println("using STDERR for logging")
w = os.Stderr
} else {
var fname string
// We put the log inside the download folder
// if it is not absolute.
if filepath.IsAbs(cfg.LogFile) {
fname = cfg.LogFile
if filepath.IsAbs(*cfg.LogFile) {
fname = *cfg.LogFile
} else {
fname = filepath.Join(cfg.Directory, cfg.LogFile)
fname = filepath.Join(cfg.Directory, *cfg.LogFile)
}
f, err := os.OpenFile(fname, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0644)
if err != nil {
return err
}
log.Printf("using %q for logging\n", *cfg.LogFile)
w = f
}
ho := slog.HandlerOptions{
//AddSource: true,
Level: cfg.LogLevel.slogLevel(),
Level: cfg.LogLevel.Level,
ReplaceAttr: dropSubSeconds,
}
handler := slog.NewJSONHandler(w, &ho)

53
cmd/csaf_downloader/downloader.go
View file

@ -33,8 +33,8 @@ import (
"github.com/ProtonMail/gopenpgp/v2/crypto"
"golang.org/x/time/rate"
"github.com/csaf-poc/csaf_distribution/v2/csaf"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/csaf"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
type downloader struct {
@ -92,10 +92,26 @@ func (d *downloader) addStats(o *stats) {
d.stats.add(o)
}
// logRedirect logs redirects of the http client.
func logRedirect(req *http.Request, via []*http.Request) error {
vs := make([]string, len(via))
for i, v := range via {
vs[i] = v.URL.String()
}
slog.Debug("Redirecting",
"to", req.URL.String(),
"via", strings.Join(vs, " -> "))
return nil
}
func (d *downloader) httpClient() util.Client {
hClient := http.Client{}
if d.cfg.verbose() {
hClient.CheckRedirect = logRedirect
}
var tlsConfig tls.Config
if d.cfg.Insecure {
tlsConfig.InsecureSkipVerify = true
@ -120,8 +136,11 @@ func (d *downloader) httpClient() util.Client {
}
// Add optional URL logging.
if d.cfg.Verbose {
client = &util.LoggingClient{Client: client}
if d.cfg.verbose() {
client = &util.LoggingClient{
Client: client,
Log: httpLog("downloader"),
}
}
// Add optional rate limiting.
@ -135,6 +154,16 @@ func (d *downloader) httpClient() util.Client {
return client
}
// httpLog does structured logging in a [util.LoggingClient].
func httpLog(who string) func(string, string) {
return func(method, url string) {
slog.Debug("http",
"who", who,
"method", method,
"url", url)
}
}
func (d *downloader) download(ctx context.Context, domain string) error {
client := d.httpClient()
@ -142,9 +171,9 @@ func (d *downloader) download(ctx context.Context, domain string) error {
lpmd := loader.Load(domain)
if d.cfg.Verbose {
if d.cfg.verbose() {
for i := range lpmd.Messages {
slog.Info("Loading provider-metadata.json",
slog.Debug("Loading provider-metadata.json",
"domain", domain,
"message", lpmd.Messages[i].Message)
}
@ -331,7 +360,7 @@ func (d *downloader) logValidationIssues(url string, errors []string, err error)
return
}
if len(errors) > 0 {
if d.cfg.Verbose {
if d.cfg.verbose() {
slog.Error("CSAF file has validation errors",
"url", url,
"error", strings.Join(errors, ", "))
@ -388,9 +417,7 @@ nextAdvisory:
}
if d.cfg.ignoreURL(file.URL()) {
if d.cfg.Verbose {
slog.Warn("Ignoring URL", "url", file.URL())
}
slog.Debug("Ignoring URL", "url", file.URL())
continue
}
@ -438,22 +465,18 @@ nextAdvisory:
// Only hash when we have a remote counter part we can compare it with.
if remoteSHA256, s256Data, err = loadHash(client, file.SHA256URL()); err != nil {
if d.cfg.Verbose {
slog.Warn("Cannot fetch SHA256",
"url", file.SHA256URL(),
"error", err)
}
} else {
s256 = sha256.New()
writers = append(writers, s256)
}
if remoteSHA512, s512Data, err = loadHash(client, file.SHA512URL()); err != nil {
if d.cfg.Verbose {
slog.Warn("Cannot fetch SHA512",
"url", file.SHA512URL(),
"error", err)
}
} else {
s512 = sha512.New()
writers = append(writers, s512)
@ -506,12 +529,10 @@ nextAdvisory:
var sign *crypto.PGPSignature
sign, signData, err = loadSignature(client, file.SignURL())
if err != nil {
if d.cfg.Verbose {
slog.Warn("Downloading signature failed",
"url", file.SignURL(),
"error", err)
}
}
if sign != nil {
if err := d.checkSignature(data.Bytes(), sign); err != nil {
if !d.cfg.IgnoreSignatureCheck {

45
cmd/csaf_downloader/forwarder.go
View file

@ -19,8 +19,8 @@ import (
"path/filepath"
"strings"
"github.com/csaf-poc/csaf_distribution/v2/internal/misc"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/internal/misc"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
// failedForwardDir is the name of the special sub folder
@ -116,8 +116,11 @@ func (f *forwarder) httpClient() util.Client {
}
// Add optional URL logging.
if f.cfg.Verbose {
client = &util.LoggingClient{Client: client}
if f.cfg.verbose() {
client = &util.LoggingClient{
Client: client,
Log: httpLog("forwarder"),
}
}
f.client = client
@ -184,17 +187,11 @@ func (f *forwarder) buildRequest(
// storeFailedAdvisory stores an advisory in a special folder
// in case the forwarding failed.
func (f *forwarder) storeFailedAdvisory(filename, doc, sha256, sha512 string) error {
dir := filepath.Join(f.cfg.Directory, failedForwardDir)
// Create special folder if it does not exist.
if _, err := os.Stat(dir); err != nil {
if os.IsNotExist(err) {
dir := filepath.Join(f.cfg.Directory, failedForwardDir)
if err := os.MkdirAll(dir, 0755); err != nil {
return err
}
} else {
return err
}
}
// Store parts which are not empty.
for _, x := range []struct {
p string
@ -223,6 +220,19 @@ func (f *forwarder) storeFailed(filename, doc, sha256, sha512 string) {
}
}
// limitedString reads max bytes from reader and returns it as a string.
// Longer strings are indicated by "..." as a suffix.
func limitedString(r io.Reader, max int) (string, error) {
var msg strings.Builder
if _, err := io.Copy(&msg, io.LimitReader(r, int64(max))); err != nil {
return "", err
}
if msg.Len() >= max {
msg.WriteString("...")
}
return msg.String(), nil
}
// forward sends a given document with filename, status and
// checksums to the forwarder. This is async to the degree
// till the configured queue size is filled.
@ -249,16 +259,15 @@ func (f *forwarder) forward(
}
if res.StatusCode != http.StatusCreated {
defer res.Body.Close()
var msg strings.Builder
io.Copy(&msg, io.LimitReader(res.Body, 512))
var dots string
if msg.Len() >= 512 {
dots = "..."
}
if msg, err := limitedString(res.Body, 512); err != nil {
slog.Error("reading forward result failed",
"error", err)
} else {
slog.Error("forwarding failed",
"filename", filename,
"body", msg.String()+dots,
"body", msg,
"status_code", res.StatusCode)
}
f.storeFailed(filename, doc, sha256, sha512)
} else {
f.succeeded++

429
cmd/csaf_downloader/forwarder_test.go Normal file
View file

@ -0,0 +1,429 @@
// This file is Free Software under the MIT License
// without warranty, see README.md and LICENSES/MIT.txt for details.
//
// SPDX-License-Identifier: MIT
//
// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
package main
import (
"bufio"
"bytes"
"encoding/json"
"errors"
"io"
"log/slog"
"mime"
"mime/multipart"
"net/http"
"os"
"path/filepath"
"strings"
"testing"
"github.com/csaf-poc/csaf_distribution/v3/internal/options"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
func TestValidationStatusUpdate(t *testing.T) {
sv := validValidationStatus
sv.update(invalidValidationStatus)
sv.update(validValidationStatus)
if sv != invalidValidationStatus {
t.Fatalf("got %q expected %q", sv, invalidValidationStatus)
}
sv = notValidatedValidationStatus
sv.update(validValidationStatus)
sv.update(notValidatedValidationStatus)
if sv != notValidatedValidationStatus {
t.Fatalf("got %q expected %q", sv, notValidatedValidationStatus)
}
}
func TestForwarderLogStats(t *testing.T) {
orig := slog.Default()
defer slog.SetDefault(orig)
var buf bytes.Buffer
h := slog.NewJSONHandler(&buf, &slog.HandlerOptions{
Level: slog.LevelInfo,
})
lg := slog.New(h)
slog.SetDefault(lg)
cfg := &config{}
fw := newForwarder(cfg)
fw.failed = 11
fw.succeeded = 13
done := make(chan struct{})
go func() {
defer close(done)
fw.run()
}()
fw.log()
fw.close()
<-done
type fwStats struct {
Msg string `json:"msg"`
Succeeded int `json:"succeeded"`
Failed int `json:"failed"`
}
sc := bufio.NewScanner(bytes.NewReader(buf.Bytes()))
found := false
for sc.Scan() {
var fws fwStats
if err := json.Unmarshal(sc.Bytes(), &fws); err != nil {
t.Fatalf("JSON parsing log failed: %v", err)
}
if fws.Msg == "Forward statistics" &&
fws.Failed == 11 &&
fws.Succeeded == 13 {
found = true
break
}
}
if err := sc.Err(); err != nil {
t.Fatalf("scanning log failed: %v", err)
}
if !found {
t.Fatal("Cannot find forward statistics in log")
}
}
func TestForwarderHTTPClient(t *testing.T) {
cfg := &config{
ForwardInsecure: true,
ForwardHeader: http.Header{
"User-Agent": []string{"curl/7.55.1"},
},
LogLevel: &options.LogLevel{Level: slog.LevelDebug},
}
fw := newForwarder(cfg)
if c1, c2 := fw.httpClient(), fw.httpClient(); c1 != c2 {
t.Fatal("expected to return same client twice")
}
}
func TestForwarderReplaceExtension(t *testing.T) {
for _, x := range [][2]string{
{"foo", "foo.ext"},
{"foo.bar", "foo.ext"},
{".bar", ".ext"},
{"", ".ext"},
} {
if got := replaceExt(x[0], ".ext"); got != x[1] {
t.Fatalf("got %q expected %q", got, x[1])
}
}
}
func TestForwarderBuildRequest(t *testing.T) {
// Good case ...
cfg := &config{
ForwardURL: "https://example.com",
}
fw := newForwarder(cfg)
req, err := fw.buildRequest(
"test.json", "{}",
invalidValidationStatus,
"256",
"512")
if err != nil {
t.Fatalf("buildRequest failed: %v", err)
}
mediaType, params, err := mime.ParseMediaType(req.Header.Get("Content-Type"))
if err != nil {
t.Fatalf("no Content-Type found")
}
if !strings.HasPrefix(mediaType, "multipart/") {
t.Fatalf("media type is not multipart")
}
mr := multipart.NewReader(req.Body, params["boundary"])
var foundAdvisory, foundValidationStatus, found256, found512 bool
for {
p, err := mr.NextPart()
if err == io.EOF {
break
}
if err != nil {
t.Fatalf("parsing multipart failed: %v", err)
}
data, err := io.ReadAll(p)
if err != nil {
t.Fatal(err)
}
cd := p.Header["Content-Disposition"]
if len(cd) == 0 {
continue
}
switch contains := func(name string) bool {
return strings.Contains(cd[0], `name="`+name+`"`)
}; {
case contains("advisory"):
if a := string(data); a != "{}" {
t.Fatalf("advisory: got %q expected %q", a, "{}")
}
foundAdvisory = true
case contains("validation_status"):
if vs := validationStatus(data); vs != invalidValidationStatus {
t.Fatalf("validation_status: got %q expected %q",
vs, invalidValidationStatus)
}
foundValidationStatus = true
case contains("hash-256"):
if h := string(data); h != "256" {
t.Fatalf("hash-256: got %q expected %q", h, "256")
}
found256 = true
case contains("hash-512"):
if h := string(data); h != "512" {
t.Fatalf("hash-512: got %q expected %q", h, "512")
}
found512 = true
}
}
switch {
case !foundAdvisory:
t.Fatal("advisory not found")
case !foundValidationStatus:
t.Fatal("validation_status not found")
case !found256:
t.Fatal("hash-256 not found")
case !found512:
t.Fatal("hash-512 not found")
}
// Bad case ...
cfg.ForwardURL = "%"
if _, err := fw.buildRequest(
"test.json", "{}",
invalidValidationStatus,
"256",
"512",
); err == nil {
t.Fatal("bad forward URL should result in an error")
}
}
type badReader struct{ error }
func (br *badReader) Read([]byte) (int, error) { return 0, br.error }
func TestLimitedString(t *testing.T) {
for _, x := range [][2]string{
{"xx", "xx"},
{"xxx", "xxx..."},
{"xxxx", "xxx..."},
} {
got, err := limitedString(strings.NewReader(x[0]), 3)
if err != nil {
t.Fatal(err)
}
if got != x[1] {
t.Fatalf("got %q expected %q", got, x[1])
}
}
if _, err := limitedString(&badReader{error: os.ErrInvalid}, 3); err == nil {
t.Fatal("expected to fail with an error")
}
}
func TestStoreFailedAdvisory(t *testing.T) {
dir, err := os.MkdirTemp("", "storeFailedAdvisory")
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(dir)
cfg := &config{Directory: dir}
fw := newForwarder(cfg)
badDir := filepath.Join(dir, failedForwardDir)
if err := os.WriteFile(badDir, []byte("test"), 0664); err != nil {
t.Fatal(err)
}
if err := fw.storeFailedAdvisory("advisory.json", "{}", "256", "512"); err == nil {
t.Fatal("if the destination exists as a file an error should occur")
}
if err := os.Remove(badDir); err != nil {
t.Fatal(err)
}
if err := fw.storeFailedAdvisory("advisory.json", "{}", "256", "512"); err != nil {
t.Fatal(err)
}
sha256Path := filepath.Join(dir, failedForwardDir, "advisory.json.sha256")
// Write protect advisory.
if err := os.Chmod(sha256Path, 0); err != nil {
t.Fatal(err)
}
if err := fw.storeFailedAdvisory("advisory.json", "{}", "256", "512"); err == nil {
t.Fatal("expected to fail with an error")
}
if err := os.Chmod(sha256Path, 0644); err != nil {
t.Fatal(err)
}
}
func TestStoredFailed(t *testing.T) {
dir, err := os.MkdirTemp("", "storeFailed")
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(dir)
orig := slog.Default()
defer slog.SetDefault(orig)
var buf bytes.Buffer
h := slog.NewJSONHandler(&buf, &slog.HandlerOptions{
Level: slog.LevelError,
})
lg := slog.New(h)
slog.SetDefault(lg)
cfg := &config{Directory: dir}
fw := newForwarder(cfg)
// An empty filename should lead to an error.
fw.storeFailed("", "{}", "256", "512")
if fw.failed != 1 {
t.Fatalf("got %d expected 1", fw.failed)
}
type entry struct {
Msg string `json:"msg"`
Level string `json:"level"`
}
sc := bufio.NewScanner(bytes.NewReader(buf.Bytes()))
found := false
for sc.Scan() {
var e entry
if err := json.Unmarshal(sc.Bytes(), &e); err != nil {
t.Fatalf("JSON parsing log failed: %v", err)
}
if e.Msg == "Storing advisory failed forwarding failed" && e.Level == "ERROR" {
found = true
break
}
}
if err := sc.Err(); err != nil {
t.Fatalf("scanning log failed: %v", err)
}
if !found {
t.Fatal("Cannot error logging statistics in log")
}
}
type fakeClient struct {
util.Client
state int
}
func (fc *fakeClient) Do(*http.Request) (*http.Response, error) {
// The different states simulates different responses from the remote API.
switch fc.state {
case 0:
fc.state = 1
return &http.Response{
Status: http.StatusText(http.StatusCreated),
StatusCode: http.StatusCreated,
}, nil
case 1:
fc.state = 2
return nil, errors.New("does not work")
case 2:
fc.state = 3
return &http.Response{
Status: http.StatusText(http.StatusBadRequest),
StatusCode: http.StatusBadRequest,
Body: io.NopCloser(&badReader{error: os.ErrInvalid}),
}, nil
default:
return &http.Response{
Status: http.StatusText(http.StatusBadRequest),
StatusCode: http.StatusBadRequest,
Body: io.NopCloser(strings.NewReader("This was bad!")),
}, nil
}
}
func TestForwarderForward(t *testing.T) {
dir, err := os.MkdirTemp("", "forward")
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(dir)
orig := slog.Default()
defer slog.SetDefault(orig)
// We dont care in details here as we captured them
// in the other test cases.
h := slog.NewJSONHandler(io.Discard, nil)
lg := slog.New(h)
slog.SetDefault(lg)
cfg := &config{
ForwardURL: "http://example.com",
Directory: dir,
}
fw := newForwarder(cfg)
// Use the fact that http client is cached.
fw.client = &fakeClient{}
done := make(chan struct{})
go func() {
defer close(done)
fw.run()
}()
// Iterate through states of http client.
for i := 0; i <= 3; i++ {
fw.forward(
"test.json", "{}",
invalidValidationStatus,
"256",
"512")
}
// Make buildRequest fail.
wait := make(chan struct{})
fw.cmds <- func(f *forwarder) {
f.cfg.ForwardURL = "%"
close(wait)
}
<-wait
fw.forward(
"test.json", "{}",
invalidValidationStatus,
"256",
"512")
fw.close()
<-done
}

2
cmd/csaf_downloader/main.go
View file

@ -15,7 +15,7 @@ import (
"os"
"os/signal"
"github.com/csaf-poc/csaf_distribution/v2/internal/options"
"github.com/csaf-poc/csaf_distribution/v3/internal/options"
)
func run(cfg *config, domains []string) error {

112
cmd/csaf_downloader/stats_test.go Normal file
View file

@ -0,0 +1,112 @@
// This file is Free Software under the MIT License
// without warranty, see README.md and LICENSES/MIT.txt for details.
//
// SPDX-License-Identifier: MIT
//
// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
package main
import (
"bytes"
"encoding/json"
"log/slog"
"testing"
)
func TestStatsAdd(t *testing.T) {
a := stats{
downloadFailed: 2,
filenameFailed: 3,
schemaFailed: 5,
remoteFailed: 7,
sha256Failed: 11,
sha512Failed: 13,
signatureFailed: 17,
succeeded: 19,
}
b := a
a.add(&b)
b.downloadFailed *= 2
b.filenameFailed *= 2
b.schemaFailed *= 2
b.remoteFailed *= 2
b.sha256Failed *= 2
b.sha512Failed *= 2
b.signatureFailed *= 2
b.succeeded *= 2
if a != b {
t.Fatalf("%v != %v", a, b)
}
}
func TestStatsTotalFailed(t *testing.T) {
a := stats{
downloadFailed: 2,
filenameFailed: 3,
schemaFailed: 5,
remoteFailed: 7,
sha256Failed: 11,
sha512Failed: 13,
signatureFailed: 17,
}
sum := a.downloadFailed +
a.filenameFailed +
a.schemaFailed +
a.remoteFailed +
a.sha256Failed +
a.sha512Failed +
a.signatureFailed
if got := a.totalFailed(); got != sum {
t.Fatalf("got %d expected %d", got, sum)
}
}
func TestStatsLog(t *testing.T) {
var out bytes.Buffer
h := slog.NewJSONHandler(&out, &slog.HandlerOptions{Level: slog.LevelInfo})
orig := slog.Default()
defer slog.SetDefault(orig)
slog.SetDefault(slog.New(h))
a := stats{
downloadFailed: 2,
filenameFailed: 3,
schemaFailed: 5,
remoteFailed: 7,
sha256Failed: 11,
sha512Failed: 13,
signatureFailed: 17,
succeeded: 19,
}
a.log()
type result struct {
Succeeded int `json:"succeeded"`
TotalFailed int `json:"total_failed"`
FilenameFailed int `json:"filename_failed"`
DownloadFailed int `json:"download_failed"`
SchemaFailed int `json:"schema_failed"`
RemoteFailed int `json:"remote_failed"`
SHA256Failed int `json:"sha256_failed"`
SHA512Failed int `json:"sha512_failed"`
SignatureFailed int `json:"signature_failed"`
}
var got result
if err := json.Unmarshal(out.Bytes(), &got); err != nil {
t.Fatal(err)
}
want := result{
Succeeded: a.succeeded,
TotalFailed: a.totalFailed(),
FilenameFailed: a.filenameFailed,
DownloadFailed: a.downloadFailed,
SchemaFailed: a.schemaFailed,
RemoteFailed: a.remoteFailed,
SHA256Failed: a.sha256Failed,
SHA512Failed: a.sha512Failed,
SignatureFailed: a.signatureFailed,
}
if got != want {
t.Fatalf("%v != %v", got, want)
}
}

5
cmd/csaf_provider/actions.go
View file

@ -25,8 +25,9 @@ import (
"github.com/ProtonMail/gopenpgp/v2/armor"
"github.com/ProtonMail/gopenpgp/v2/constants"
"github.com/ProtonMail/gopenpgp/v2/crypto"
"github.com/csaf-poc/csaf_distribution/v2/csaf"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/csaf"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
const dateFormat = time.RFC3339

3
cmd/csaf_provider/config.go
View file

@ -16,8 +16,9 @@ import (
"github.com/BurntSushi/toml"
"github.com/ProtonMail/gopenpgp/v2/crypto"
"github.com/csaf-poc/csaf_distribution/v2/csaf"
"golang.org/x/crypto/bcrypt"
"github.com/csaf-poc/csaf_distribution/v3/csaf"
)
const (

5
cmd/csaf_provider/create.go
View file

@ -21,8 +21,9 @@ import (
"unicode"
"github.com/ProtonMail/gopenpgp/v2/crypto"
"github.com/csaf-poc/csaf_distribution/v2/csaf"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/csaf"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
// ensureFolders initializes the paths and call functions to create

2
cmd/csaf_provider/files.go
View file

@ -13,7 +13,7 @@ import (
"crypto/sha512"
"os"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
func writeHashedFile(fname, name string, data []byte, armored string) error {

2
cmd/csaf_provider/indices.go
View file

@ -18,7 +18,7 @@ import (
"sort"
"time"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
func updateIndex(dir, fname string) error {

3
cmd/csaf_provider/main.go
View file

@ -16,8 +16,9 @@ import (
"net/http/cgi"
"os"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/jessevdk/go-flags"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
type options struct {

4
cmd/csaf_provider/rolie.go
View file

@ -15,8 +15,8 @@ import (
"strings"
"time"
"github.com/csaf-poc/csaf_distribution/v2/csaf"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/csaf"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
// mergeCategories merges the given categories into the old ones.

4
cmd/csaf_provider/transaction.go
View file

@ -12,8 +12,8 @@ import (
"os"
"path/filepath"
"github.com/csaf-poc/csaf_distribution/v2/csaf"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/csaf"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
func doTransaction(

5
cmd/csaf_uploader/config.go
View file

@ -15,10 +15,11 @@ import (
"os"
"github.com/ProtonMail/gopenpgp/v2/crypto"
"github.com/csaf-poc/csaf_distribution/v2/internal/certs"
"github.com/csaf-poc/csaf_distribution/v2/internal/options"
"golang.org/x/crypto/bcrypt"
"golang.org/x/term"
"github.com/csaf-poc/csaf_distribution/v3/internal/certs"
"github.com/csaf-poc/csaf_distribution/v3/internal/options"
)
const (

2
cmd/csaf_uploader/main.go
View file

@ -9,7 +9,7 @@
// Implements a command line tool that uploads csaf documents to csaf_provider.
package main
import "github.com/csaf-poc/csaf_distribution/v2/internal/options"
import "github.com/csaf-poc/csaf_distribution/v3/internal/options"
func main() {
args, cfg, err := parseArgsConfig()

6
cmd/csaf_uploader/processor.go
View file

@ -26,9 +26,9 @@ import (
"github.com/ProtonMail/gopenpgp/v2/constants"
"github.com/ProtonMail/gopenpgp/v2/crypto"
"github.com/csaf-poc/csaf_distribution/v2/csaf"
"github.com/csaf-poc/csaf_distribution/v2/internal/misc"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/csaf"
"github.com/csaf-poc/csaf_distribution/v3/internal/misc"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
type processor struct {

5
cmd/csaf_validator/main.go
View file

@ -16,9 +16,10 @@ import (
"os"
"path/filepath"
"github.com/csaf-poc/csaf_distribution/v2/csaf"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/jessevdk/go-flags"
"github.com/csaf-poc/csaf_distribution/v3/csaf"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
type options struct {

2
csaf/advisories.go
View file

@ -18,7 +18,7 @@ import (
"strings"
"time"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
// AdvisoryFile constructs the urls of a remote file.

2
csaf/models.go
View file

@ -17,7 +17,7 @@ import (
"strings"
"time"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
// TLPLabel is the traffic light policy of the CSAF.

2
csaf/providermetaloader.go
View file

@ -17,7 +17,7 @@ import (
"net/http"
"strings"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
// ProviderMetadataLoader helps load provider-metadata.json from

2
csaf/rolie.go
View file

@ -14,7 +14,7 @@ import (
"sort"
"time"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
// ROLIEServiceWorkspaceCollectionCategoriesCategory is a category in a ROLIE service collection.

2
csaf/summary.go
View file

@ -11,7 +11,7 @@ package csaf
import (
"time"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
const (

1
csaf/validation.go
View file

@ -92,6 +92,7 @@ func loadURL(s string) (io.ReadCloser, error) {
func (cs *compiledSchema) compile() {
c := jsonschema.NewCompiler()
c.AssertFormat = true
c.LoadURL = loadURL
cs.compiled, cs.err = c.Compile(cs.url)
}

13
docs/csaf_downloader.md
View file

@ -14,10 +14,8 @@ Application Options:
--client-key=KEY-FILE TLS client private key file (PEM encoded data)
--client-passphrase=PASSPHRASE Optional passphrase for the client cert (limited, experimental, see doc)
--version Display version of the binary
-v, --verbose Verbose output
-n, --nostore Do not store files
-r, --rate= The average upper limit of https operations per second (defaults to
unlimited)
-r, --rate= The average upper limit of https operations per second (defaults to unlimited)
-w, --worker=NUM NUMber of concurrent downloads (default: 2)
-t, --timerange=RANGE RANGE of time from which advisories to download
-f, --folder=FOLDER Download into a given subFOLDER
@ -65,7 +63,6 @@ insecure = false
# client_key # not set by default
# client_passphrase # not set by default
ignoresigcheck = false
verbose = false
# rate # set to unlimited
worker = 2
# timerange # not set by default
@ -126,6 +123,14 @@ In the config file this has to be noted as:
ignorepattern = [".*white.*", ".*red.*"]
```
#### Forwarding
The downloader is able to forward downloaded advisories and their checksums,
OpenPGP signatures and validation results to an HTTP endpoint.
The details of the implemented API are described [here](https://github.com/mfd2007/csaf_upload_interface).
**Attention** This is a work in progress. There is
no production ready server which implements this protocol.
The server in the linked repository is currently for development and testing only.
#### beware of client cert passphrase
The `client-passphrase` option implements a legacy private

4
docs/scripts/testDownloader.sh
View file

@ -18,7 +18,7 @@ echo '==== run downloader (1)'
mkdir ~/downloaded1
./bin-linux-amd64/csaf_downloader --directory ../downloaded1 \
--rate 4.1 --verbose --insecure localhost
--rate 4.1 --insecure localhost
echo
echo '==== this was downloaded (1)'
@ -32,7 +32,7 @@ echo '==== run downloader (2)'
mkdir ~/downloaded2
./bin-linux-amd64/csaf_downloader --directory ../downloaded2 \
--verbose --insecure https://localhost:9443/.well-known/csaf-aggregator/local-dev-provider2/provider-metadata.json
--insecure https://localhost:9443/.well-known/csaf-aggregator/local-dev-provider2/provider-metadata.json
echo
echo '==== this was downloaded (2)'

16
go.mod
View file

@ -1,4 +1,4 @@
module github.com/csaf-poc/csaf_distribution/v2
module github.com/csaf-poc/csaf_distribution/v3
go 1.21
@ -6,26 +6,26 @@ require (
github.com/BurntSushi/toml v1.3.2
github.com/PaesslerAG/gval v1.2.2
github.com/PaesslerAG/jsonpath v0.1.1
github.com/ProtonMail/gopenpgp/v2 v2.7.2
github.com/ProtonMail/gopenpgp/v2 v2.7.3
github.com/PuerkitoBio/goquery v1.8.1
github.com/gofrs/flock v0.8.1
github.com/jessevdk/go-flags v1.5.0
github.com/mitchellh/go-homedir v1.1.0
github.com/santhosh-tekuri/jsonschema/v5 v5.3.1
go.etcd.io/bbolt v1.3.7
golang.org/x/crypto v0.12.0
golang.org/x/term v0.11.0
golang.org/x/crypto v0.13.0
golang.org/x/term v0.12.0
golang.org/x/time v0.3.0
)
require (
github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect
github.com/andybalholm/cascadia v1.3.2 // indirect
github.com/cloudflare/circl v1.3.3 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/shopspring/decimal v1.3.1 // indirect
golang.org/x/net v0.14.0 // indirect
golang.org/x/sys v0.11.0 // indirect
golang.org/x/text v0.12.0 // indirect
golang.org/x/net v0.15.0 // indirect
golang.org/x/sys v0.12.0 // indirect
golang.org/x/text v0.13.0 // indirect
)

61
go.sum
View file

@ -1,5 +1,3 @@
github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=
github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/PaesslerAG/gval v1.0.0/go.mod h1:y/nm5yEyTeX6av0OfKJNp9rBNj2XrGhAf5+v24IBN1I=
@ -8,29 +6,19 @@ github.com/PaesslerAG/gval v1.2.2/go.mod h1:XRFLwvmkTEdYziLdaCeCa5ImcGVrfQbeNUbV
github.com/PaesslerAG/jsonpath v0.1.0/go.mod h1:4BzmtoM/PI8fPO4aQGIusjGxGir2BzcV0grWtFzq1Y8=
github.com/PaesslerAG/jsonpath v0.1.1 h1:c1/AToHQMVsduPAa4Vh6xp2U0evy4t8SWp8imEsylIk=
github.com/PaesslerAG/jsonpath v0.1.1/go.mod h1:lVboNxFGal/VwW6d9JzIy56bUsYAP6tH/x80vjnCseY=
github.com/ProtonMail/go-crypto v0.0.0-20230321155629-9a39f2531310/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE=
github.com/ProtonMail/go-crypto v0.0.0-20230424174541-a2e3b023bd29 h1:1QMcTLW3bmjbdwFYzodd8EnMA2+OhiZlmrLxoL3tQec=
github.com/ProtonMail/go-crypto v0.0.0-20230424174541-a2e3b023bd29/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE=
github.com/ProtonMail/go-crypto v0.0.0-20230626094100-7e9e0395ebec h1:vV3RryLxt42+ZIVOFbYJCH1jsZNTNmj2NYru5zfx+4E=
github.com/ProtonMail/go-crypto v0.0.0-20230626094100-7e9e0395ebec/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 h1:KLq8BE0KwCL+mmXnjLWEAOYO+2l2AE4YMmqG1ZpZHBs=
github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE=
github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k=
github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw=
github.com/ProtonMail/gopenpgp/v2 v2.7.1 h1:Awsg7MPc2gD3I7IFac2qE3Gdls0lZW8SzrFZ3k1oz0s=
github.com/ProtonMail/gopenpgp/v2 v2.7.1/go.mod h1:/BU5gfAVwqyd8EfC3Eu7zmuhwYQpKs+cGD8M//iiaxs=
github.com/ProtonMail/gopenpgp/v2 v2.7.2 h1:mIwxSUPezxNYq0RA5106VPWyKC+Ly3FvBUnBJh/7GWw=
github.com/ProtonMail/gopenpgp/v2 v2.7.2/go.mod h1:IhkNEDaxec6NyzSI0PlxapinnwPVIESk8/76da3Ct3g=
github.com/ProtonMail/gopenpgp/v2 v2.7.3 h1:AJu1OI/1UWVYZl6QcCLKGu9OTngS2r52618uGlje84I=
github.com/ProtonMail/gopenpgp/v2 v2.7.3/go.mod h1:IhkNEDaxec6NyzSI0PlxapinnwPVIESk8/76da3Ct3g=
github.com/PuerkitoBio/goquery v1.8.1 h1:uQxhNlArOIdbrH1tr0UXwdVFgDcZDrZVdcpygAcwmWM=
github.com/PuerkitoBio/goquery v1.8.1/go.mod h1:Q8ICL1kNUJ2sXGoAhPGUdYDJvgQgHzJsnnd3H7Ho5jQ=
github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
github.com/cloudflare/circl v1.3.2 h1:VWp8dY3yH69fdM7lM6A1+NhhVoDu9vqK0jOgmkQHFWk=
github.com/cloudflare/circl v1.3.2/go.mod h1:+CauBF6R70Jqcyl8N2hC8pAXYbWkGIezuSbuGLtRhnw=
github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@ -46,8 +34,6 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/santhosh-tekuri/jsonschema/v5 v5.3.0 h1:uIkTLo0AGRc8l7h5l9r+GcYi9qfVPt6lD4/bhmzfiKo=
github.com/santhosh-tekuri/jsonschema/v5 v5.3.0/go.mod h1:FKdcjfQW6rpZSnxxUvEA5H/cDPdvJ/SZJQLWWXWGrZ0=
github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4=
github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY=
github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
@ -55,6 +41,7 @@ github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFR
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ=
go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
@ -62,12 +49,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck=
golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@ -78,12 +61,9 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU=
golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ=
golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14=
golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8=
golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -92,30 +72,23 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ=
golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28=
golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo=
golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0=
golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
golang.org/x/term v0.12.0 h1:/ZfYdc3zq+q02Rv9vGqTeSItdzZTSNDmfTi0mBAuidU=
golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@ -123,12 +96,9 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58=
golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@ -140,3 +110,4 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

63
internal/certs/certs_test.go Normal file
View file

@ -0,0 +1,63 @@
// This file is Free Software under the MIT License
// without warranty, see README.md and LICENSES/MIT.txt for details.
//
// SPDX-License-Identifier: MIT
//
// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
package certs
import "testing"
// TestLoadCertificates tests if LoadCertificate correctly loads
// valid certificates and throws an error at invalid certificates,
// keys or passphrases
func TestLoadCertificates(t *testing.T) {
var (
testCert = "data/testclient.crt"
testKey = "data/testclientkey.pem"
passphrase = "qwer"
missingCert = "data/testclientcert_missing.crt"
missingTestkey = "data/testclientkey_missing.pem"
privateKey = "data/privated.pem"
privateCert = "data/cert.crt"
)
// Try to load cert that is not protected, expect success.
if cert, err := LoadCertificate(&testCert, &testKey, nil); cert == nil || err != nil {
t.Errorf("Failure: Couldn't load supposedly valid certificate.")
}
// Try to load no cert, expect error.
if cert, err := LoadCertificate(nil, &testKey, nil); cert != nil || err == nil {
t.Errorf("Failure: No error despite missing certificate")
}
// Try to load cert using a nonexistent key, expect error.
if cert, err := LoadCertificate(&testCert, &missingTestkey, nil); cert != nil || err == nil {
t.Errorf("Failure: No Failure while loading certificate using missing key.")
}
// Try to decrypt not encrypted cert, expect error
if cert, err := LoadCertificate(&testCert, &testKey, &passphrase); cert != nil || err == nil {
t.Errorf("Failure: Could load unprotected valid certificate with passphrase.")
}
// Try to load encrypted cert using a nonexistent key, but valid passphrase. Expect error.
if cert, err := LoadCertificate(&testCert, &missingTestkey, &passphrase); cert != nil || err == nil {
t.Errorf("Failure: No Failure while loading certificate using missing key with passphrase.")
}
// Try to load encrypted cert, expecting success.
if cert, err := LoadCertificate(&privateCert, &privateKey, &passphrase); cert == nil || err != nil {
t.Errorf("Failure: Couldn't load supposedly valid encrypted certificate.")
}
// Try to load wrong encrypted cert, expecting error.
if cert, err := LoadCertificate(&testKey, &privateKey, &passphrase); cert != nil || err == nil {
t.Errorf("Failure: No Failure while loading certificate using wrong encrypted key.")
}
// Try to load nonexistent encrypted cert, expecting error.
if cert, err := LoadCertificate(&missingCert, &privateKey, &passphrase); cert != nil || err == nil {
t.Errorf("Failure: No Failure while loading nonexistens certificate.")
}
// Try to load nonexistent encrypted cert, expecting error.
if cert, err := LoadCertificate(nil, nil, nil); cert != nil || err != nil {
t.Errorf("Failure: Expected nil return.")
}
}

37
internal/certs/data/cert.crt Normal file
View file

@ -0,0 +1,37 @@
-----BEGIN CERTIFICATE-----
MIIGajCCBNKgAwIBAgIUGNi4GgCUssOOe3k0VuHf3R0+d54wDQYJKoZIhvcNAQEL
BQAwgY0xFDASBgNVBAMTC0NvbW1vbiBuYW1lMRMwEQYDVQQLEwppbnRldmF0aW9u
MRMwEQYDVQQKEwppbnRldmF0aW9uMRMwEQYDVQQHEwppbnRldmF0aW9uMRUwEwYD
VQQIEwxMb3dlciBTYXhvbnkxCzAJBgNVBAYTAkdFMRIwEAYKCZImiZPyLGQBGRYC
REMwHhcNMjMwOTE5MDcwMDA1WhcNMjYwNjE0MDcwMDA3WjCB8DEQMA4GA1UEAxMH
cmVxdWVzdDETMBEGA1UECxMKaW50ZXZhdGlvbjETMBEGA1UEChMKaW50ZXZhdGlv
bjETMBEGA1UEBxMKb3NuYWJydWVjazEVMBMGA1UECBMMbG93ZXIgc2F4b255MQsw
CQYDVQQGEwJHRTESMBAGCgmSJomT8ixkARkWAkRDMREwDwYKCZImiZPyLGQBGRYB
LjERMA8GCgmSJomT8ixkARkWAS4xETAPBgoJkiaJk/IsZAEZFgEuMRMwEQYKCZIm
iZPyLGQBGRYDd3d3MRcwFQYKCZImiZPyLGQBARMHbm8gaWRlYTCCAaIwDQYJKoZI
hvcNAQEBBQADggGPADCCAYoCggGBAN0vZbLXtRzd61rR8Hos0BGnqCaJXIwGARwx
JojMyxASFT+KeC4QDRkgRrK6OY4k/i7TEHuUGk/Bm754++554wmmhDqv1Q4+VhhR
1K/JAz/HVZNTAR1rPKwG82lyEpPxlRNZg/QtF9DqQSoSkL/fJLs+rq4zlKozXzRE
auZ5Be8So1dXRZfMVUMDgtk+IX8+iCeZisiWfv62ttQ0EiuiXLagd6ruEuoCSVi2
tVswsC/Hp8AI2Ro56mmHiWthuae1H8yDWUFLSe9AQW65qC/xVUgo/nMpK2BYVFKb
70TMjl/dZM0Qn1tdiNyqCkbIhXjklZvZYhO+15TPkgDXDsqRUjpTrLZXLGrD6XIx
CRLZGY6YrUfsFTjUC6JrUrAR8zY7SLsYN5sUmFUSMpJnI+T/SD4p/0CXrKrbMOjW
Qqz6FX/WHPxvswGKHk5zHYGHrzx7OKmfVa6gzUgZSfOHj2xOOR2Un9DwNavIrmSC
WYXKZqig5qDyfzBvlXWEio/5GrDwgQIDAQABo4IBWzCCAVcwgcIGA1UdEQSBujCB
t4IrYSBkbnNOYW1lIG9mIHRoZSBzdWJqZWN0IG9mIHRoZSBjZXJ0aWZpY2F0ZYI3
YW4gYWRkaXRpb25hbCBkbnNOYW1lIG9mIHRoZSBzdWJqZWN0IG9mIHRoZSBjZXJ0
aWZpY2F0ZYIBLoIBLoIBLoIBLoIBLoIBLoIBLoIBLoIBLoIBLoIBLoIBLoIBLoIP
c2Vjb25kIGFkZGl0aW9ugg50aGlyZCBhZGRpdGlvboIHZG5zTmFtZTAMBgNVHRMB
Af8EAjAAMDEGA1UdJQQqMCgGCCsGAQUFBwMJBggrBgEFBQcDAgYIKwYBBQUHAwEG
CCsGAQUFBwMCMA8GA1UdDwEB/wQFAwMHsAAwHQYDVR0OBBYEFKrFhODjTKCopb+W
Qa29PsHR4HXgMB8GA1UdIwQYMBaAFCyZxCa1ZUHVy8LjikE8zumAiEgfMA0GCSqG
SIb3DQEBCwUAA4IBgQBTrAgh6d+qiLumEfmkNCmhewxKxDZp+Ni2nz9XRzNO2cQE
U0n8MdbnQInW3xJXng2sAcl1fQz0RN1hkyjDwi69mbbPgcTYmxJFvyt+zRYBe/Sq
4CGGkxEdPW94tMpQ6SrCn2mAMnvcq9A1pYBVYyPeUsaRHC5OUBFOMCevNy8JwNyY
MJ0H5HQCyCysbzA1d521pogGUs/tmbE+ym9zpV8vG0b6De1PexjVeGkTNYz6NCR2
VZTQ+OJ5iE5pHPEC1Qif44LrR9Kdn/wu3RjTYyHeBOJFjK+DKgleNF4QVTcZQIPE
snN4H+/VSgTZQ3kgWbtpd1m5oRBJovEc2Qe+l+iDFCk8OA4z/x+fkvOeD3NUAl7D
9Pt3cP3UtWUJp4NJn2dvUljmQhB02HSqdNBhqKSg4/cf7l8Zo1ejvBUosrlgw3C3
apDaC4/xk7woFKVYW25teH2ze+Gpz/YsLDtmL7Bri8CGVsqsN9yqO8SstwKBa3Rt
xQ2em6XnnanApT4iFX4=
-----END CERTIFICATE-----

42
internal/certs/data/privated.pem Normal file
View file

@ -0,0 +1,42 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-CBC,054A583F6C90570F
tlGw8qlO25FaQdRLkai5L1JHWz/5fC4zd3qFISWssYH2FEnz8yfYsCoRLivVYhJB
fswOTj9h5b1RYRsWfIwCGfyNeOj8hkQrLwCW607vbhydGGJ4xc5RBF9MK0QCjSNT
r8myedNyfI4nm5enNVFDqYsqAc7cA3m1qw+QsAhPOrASDTp5svHR7g9+T6P5GDHm
B79nap02kfmodC7ytmWDBEclJ45Y19LOucN0+Nl6JgKkQEfWB/p2s2kGAGY1Of3X
/ERPOqeqZdFSdPDyX+mrzjGVhypgjBaz7XRh8OSeW8UP70rE+9aZKn9fIs2NyYMH
wwCElUmFV1Ye+/JtE4+Rcu6pG7NrX1rAC+pqPZaF8PT/kEuawiwrMuU0RP/8Y6mn
PRZZGZhXwBcfWPDN+JIj7e1NAXynwP/d4Pc4nb1O6EG3/Yip+F9NNaNbEfS4z9eV
Se7Gr/ySwxFhww9KhMtFYhkb6DVzy7StXpDqDmLhaF+qGCl86XRzZHho6EwQi+9r
c3VXbgogbjwIP8OgAKIZLuMxETZb0rvOr87sMAiqWRx+gRhryNniNr70anY8Vkpl
jcw6SJdqWuvOGaKjxWgdcHOzHdISEu/W6z8euTzMxX6/C7hBrKT8Edt71Jha26a5
ZZNDH2XoqDphelfCbrARhw4P++KcnhPsY2da5cJ4021dfwXQGbGjcW1EAR3tCP/U
NKWc8Wm4dzuQSMqJERbWlXL8/UuvtyJR8VgNueg8EAHXCWBCS9i1i06gla9gPbdy
erhMDtUsJepFPDZVuqvm0dIjBaldl+74FHnPQ6+qFHXy6f71bGOmbonspnApqoeP
gc4zB65Nv+ws//XfdgwHhmtUkWS2ANPNQhU9o92l8XlqKicGC72dEEsR2TMS7fEW
K9/d06ZGu83FEXL43OXN79JmkpblonCWRgyVF7WPGufm+dtmR5zlIQruW2FJVwPZ
QmOioJYlSopOztyyBIuhZaNwVDQgoFtwHKRWAUseodzmHuPpvWCBjlL4hebJ7O0T
HGHGddqam3IPmyradhk0o1Qb54uk9rrzKWjcOEw850mJt3DnkHRNRgY96Gg0fA+m
+UxEOuGPvOudOMtC32vDKwAZ9eGgxAKea/kvaLFdPqwiq3B+IBetjSYGZ2kxVOAD
K8rHH6bnzrrasKHfOIBpw4MsiAG19sW1fFL61v5OXTcLOEQ/UVC8WinSj3JK894O
XjETyg8zvH+bYdlv9T2SGvAAzv1bJ3Iw9kb2VK0ZgwfwQgKpCDe6PEFLP7K2NNdF
zSw1GHOiDewsMD7VSfkmtevhzTOcQd/3uoyn/5ftcvcbqI4CGxP6kOxmul3NdfYl
insi95+IuhkSUQL02AdkI3SQhSnfmFRZSsy6JTXSN/7XOOzRFyMJcR1WlXOKFpt9
G/bYGjVmfxtRqH4ZO7irCPiM+ZudXvPCl5VhZReBsJeEJcNuR36QTJIL3RQHyKTD
9Z12PegrgPXDgkSns1s8phTu+GygIEh67yLPbPYohYYbJUOkab7Il3JauihnuMSP
2BDDbwdvL1V7TQCmnopNb1srZj3q/1eWKmik2U1kvc78c3W03NC5wFETic2QCM9z
u/IaKAjO/kvSB8+ClSYaZDVLuBgUHf0DSG9cb5eoPqFt3t4zuWQhQjJR1YlLtQsJ
YSQFf0WqGj6sA2+AIy6Fv3oitlOPtRi/2seZ8ACSqxbwUFf3to8ZA3rJNoaYLvsT
sz++DrA8oHr4eDOiCoLeU6MLNiUvB6RGtjDwhQDh2LoJJyAdh9wB3vaAmEJ1u3o4
cGyTCxbbkxRCWhMWW4NJbvdZORYhhhIu+TH5DaLgsZS1n+UF/amKQ0m8sj968Uo/
w05QBNm/F3zg5dpzyW7uEfti8DaP/apDcf1dHSpk9ERkJ/QSIdgzGmrROQvh2tF/
nvubXXMAex0tXFS6eyIZVgkT1S5eF001DsxIlp/jY6oFUYHquMcOQkyRAvUTvLO1
pkexrPYrmx/alP71nNrBfixSTHMuPVb2jC38ElzllgxHfaaI5Q1hef4lVaErNaQ3
m1hvE7dYkNomTt9fu/LHaxtw/P1eBlL44QcfqdqL67ROES+fB27d8vbajm1EQraw
QUoY+NM5KeQyKeRPWxDVQwAv02Lof/FSiB01yNqrzmRojtTykKB5VrnIA1DDP2vI
SoZjPZOSIJHh3qlDaKxlGOQD9Wp4OtIPLqxpBmRgGcq2AVtm57jRAF634nTGvB+N
7fvMpBay3EZy3sauM4MZk7bytJKK6huQjmER+GM/F/Wyw28L7rewK8ukPKx8Wybc
ljVLrduRPt97JH4WWejy+k5vv4LHWJLsGGU474YHGMXF2VE3kJ3JKj8Wm5gS6p/p
-----END RSA PRIVATE KEY-----

27
internal/certs/data/testclient.crt Normal file
View file

@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIEkDCCAvigAwIBAgIBFDANBgkqhkiG9w0BAQsFADBKMQ8wDQYDVQQDEwZUZXN0
ZXIxKjAoBgNVBAoTIUNTQUYgVG9vbHMgRGV2ZWxvcG1lbnQgKGludGVybmFsKTEL
MAkGA1UEBhMCREUwHhcNMjMwOTA0MDcyMjAzWhcNMjMxMDI0MDcyMjAzWjBVMRow
GAYDVQQDExFUTFMgVGVzdCBDbGllbnQgMTEqMCgGA1UEChMhQ1NBRiBUb29scyBE
ZXZlbG9wbWVudCAoaW50ZXJuYWwpMQswCQYDVQQGEwJERTCCAaIwDQYJKoZIhvcN
AQEBBQADggGPADCCAYoCggGBAN0vZbLXtRzd61rR8Hos0BGnqCaJXIwGARwxJojM
yxASFT+KeC4QDRkgRrK6OY4k/i7TEHuUGk/Bm754++554wmmhDqv1Q4+VhhR1K/J
Az/HVZNTAR1rPKwG82lyEpPxlRNZg/QtF9DqQSoSkL/fJLs+rq4zlKozXzREauZ5
Be8So1dXRZfMVUMDgtk+IX8+iCeZisiWfv62ttQ0EiuiXLagd6ruEuoCSVi2tVsw
sC/Hp8AI2Ro56mmHiWthuae1H8yDWUFLSe9AQW65qC/xVUgo/nMpK2BYVFKb70TM
jl/dZM0Qn1tdiNyqCkbIhXjklZvZYhO+15TPkgDXDsqRUjpTrLZXLGrD6XIxCRLZ
GY6YrUfsFTjUC6JrUrAR8zY7SLsYN5sUmFUSMpJnI+T/SD4p/0CXrKrbMOjWQqz6
FX/WHPxvswGKHk5zHYGHrzx7OKmfVa6gzUgZSfOHj2xOOR2Un9DwNavIrmSCWYXK
Zqig5qDyfzBvlXWEio/5GrDwgQIDAQABo3YwdDAMBgNVHRMBAf8EAjAAMBMGA1Ud
JQQMMAoGCCsGAQUFBwMCMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFKrFhODj
TKCopb+WQa29PsHR4HXgMB8GA1UdIwQYMBaAFI6GhktAq9L2uRChC9LcXeedKiUg
MA0GCSqGSIb3DQEBCwUAA4IBgQAbUDaIkmubooDde7BpZQx742BsPg4IN68bIg9A
3jI9codx9c8l9ROvZ/7FeRNXzhYrQUwzcKpwtQ1mB7kM85oXaTLxrtnkZAO2fFSb
8RA6QjOrnOvewWaO3moCZaPnN1wWtlnUev2tD7D2Tz/f20dE2wbDV0BGb8bU4eGI
UVgzYrMh0MHaC8LKoXUWP97jp/p+9CG4D2S1CmpzP2Nm1dS03oj4UHIUtamjivYY
vOeoKATXmj59lgYqqoAVbTH6f4mZlZGmzUhRxK6hck7xBdiXAwfta72m4WzE7HRh
nHAgO5aVWb6zltvVDJhYumB9Itv+LI7uU8fF9Uyc65SZ2BevxgikoDNxTx0oNr+4
hExQhJfKuPFF2NI1N2tPYJT53Cek/ZJfjX3TyBneqehthtRqoAIIEaF/QlXqzJIi
G66YFC3xFlLmaQh52DJkF2+hzcPhFTVQv3yCirGLUSS9Nm7vTO2wnnW5arZazSV+
enRZb3oiVYFVDh0Hymz9g5VraMw=
-----END CERTIFICATE-----

182
internal/certs/data/testclientkey.pem Normal file
View file

@ -0,0 +1,182 @@
Public Key Info:
Public Key Algorithm: RSA
Key Security Level: High (3072 bits)
modulus:
00:dd:2f:65:b2:d7:b5:1c:dd:eb:5a:d1:f0:7a:2c:d0
11:a7:a8:26:89:5c:8c:06:01:1c:31:26:88:cc:cb:10
12:15:3f:8a:78:2e:10:0d:19:20:46:b2:ba:39:8e:24
fe:2e:d3:10:7b:94:1a:4f:c1:9b:be:78:fb:ee:79:e3
09:a6:84:3a:af:d5:0e:3e:56:18:51:d4:af:c9:03:3f
c7:55:93:53:01:1d:6b:3c:ac:06:f3:69:72:12:93:f1
95:13:59:83:f4:2d:17:d0:ea:41:2a:12:90:bf:df:24
bb:3e:ae:ae:33:94:aa:33:5f:34:44:6a:e6:79:05:ef
12:a3:57:57:45:97:cc:55:43:03:82:d9:3e:21:7f:3e
88:27:99:8a:c8:96:7e:fe:b6:b6:d4:34:12:2b:a2:5c
b6:a0:77:aa:ee:12:ea:02:49:58:b6:b5:5b:30:b0:2f
c7:a7:c0:08:d9:1a:39:ea:69:87:89:6b:61:b9:a7:b5
1f:cc:83:59:41:4b:49:ef:40:41:6e:b9:a8:2f:f1:55
48:28:fe:73:29:2b:60:58:54:52:9b:ef:44:cc:8e:5f
dd:64:cd:10:9f:5b:5d:88:dc:aa:0a:46:c8:85:78:e4
95:9b:d9:62:13:be:d7:94:cf:92:00:d7:0e:ca:91:52
3a:53:ac:b6:57:2c:6a:c3:e9:72:31:09:12:d9:19:8e
98:ad:47:ec:15:38:d4:0b:a2:6b:52:b0:11:f3:36:3b
48:bb:18:37:9b:14:98:55:12:32:92:67:23:e4:ff:48
3e:29:ff:40:97:ac:aa:db:30:e8:d6:42:ac:fa:15:7f
d6:1c:fc:6f:b3:01:8a:1e:4e:73:1d:81:87:af:3c:7b
38:a9:9f:55:ae:a0:cd:48:19:49:f3:87:8f:6c:4e:39
1d:94:9f:d0:f0:35:ab:c8:ae:64:82:59:85:ca:66:a8
a0:e6:a0:f2:7f:30:6f:95:75:84:8a:8f:f9:1a:b0:f0
81:
public exponent:
01:00:01:
private exponent:
14:ff:c0:f9:ff:bc:b4:26:e5:87:53:d3:2e:e6:3e:42
ce:d6:0a:02:94:84:be:b5:30:46:02:50:8e:90:e0:cf
b6:b0:b7:a6:bd:48:cc:d5:8b:d8:ea:72:ff:af:dd:17
3c:be:d1:1b:ca:6d:cd:10:a6:86:a8:d9:d2:44:44:27
d0:65:51:65:0c:27:34:07:dc:7b:38:64:10:03:7c:f4
a1:cd:40:de:24:3a:e0:21:bc:ef:33:1d:9f:61:e8:57
ac:e4:9c:c0:7b:df:7c:f8:20:83:ac:0b:8e:0b:d3:62
eb:8a:8e:03:5b:a3:e5:08:ae:df:a7:fe:85:92:e8:a5
ae:58:46:72:d6:fc:91:43:b1:7b:a4:c0:5f:51:c3:50
0d:e2:67:e8:af:51:13:41:a9:8d:ef:fb:a1:a4:e2:84
7c:2b:a0:50:c5:fe:ed:84:a5:25:83:86:4a:d3:0f:56
37:38:e6:1e:26:7d:45:22:0b:ba:22:35:be:f8:8b:1b
72:90:13:c4:1f:c5:d1:34:b5:0e:b2:ee:f7:e1:b9:5e
a2:29:8d:f9:6e:23:4b:50:8f:35:c8:a9:f3:d2:1f:dd
ce:a0:96:50:2d:2e:af:cf:b5:e1:20:e7:e9:d2:49:ed
b5:0e:5b:3e:d1:4b:f1:fa:c2:73:3a:1b:51:34:7e:75
30:06:d2:47:d2:a8:2a:45:be:16:fb:8f:63:84:85:b7
bf:f7:c4:c5:3d:95:56:8c:d1:02:7f:58:ac:4d:11:7b
c5:55:f3:c8:4e:d7:d9:aa:62:b0:e3:1e:04:5c:97:d1
ca:e2:71:aa:8b:33:b4:34:e9:04:d4:70:7c:f4:cb:57
19:c1:03:23:f4:bc:4d:91:8f:b2:9a:99:1c:6c:81:2d
4d:2d:e9:a1:e3:ce:e3:c9:62:52:89:1f:47:86:61:f1
dd:bc:46:8d:79:0a:99:9d:aa:4b:a9:0a:72:54:db:dc
ae:48:be:60:4a:73:99:d8:3c:9e:07:78:05:df:87:39
prime1:
00:e9:63:0f:d7:49:31:27:a8:36:fe:95:bd:8d:05:c1
35:48:2e:03:4f:a6:57:54:3a:a4:95:3f:8e:9f:28:7c
d2:df:af:54:36:9e:7c:9f:c3:b9:64:8f:c0:b0:96:3c
aa:01:f6:9a:be:83:e2:85:20:0d:33:de:88:97:af:6f
be:3f:53:5a:a3:77:02:fd:81:17:91:3b:b2:2d:ab:78
db:d9:43:db:04:69:82:61:30:e4:96:ac:88:8b:f6:3f
56:c4:49:fd:d5:e5:8c:9d:30:ad:cf:d9:8d:5c:87:b5
27:4b:09:8e:19:ed:e2:11:3f:69:b2:47:be:70:39:11
41:a3:db:bb:b9:0e:e4:7b:50:d0:d2:c2:89:81:36:b9
6b:a6:fe:94:5b:06:66:e6:ed:86:52:42:5e:a9:0e:18
db:18:f9:14:21:3d:e0:3c:8d:79:c3:f5:d2:cc:51:65
fb:1c:49:ed:0a:d5:33:99:34:16:f9:1d:68:4a:78:da
5f:
prime2:
00:f2:9d:ae:5f:bd:b7:a3:87:a7:8d:30:46:06:8b:15
a9:e5:a9:58:1c:2b:3a:7e:78:35:36:56:31:42:df:46
87:e8:57:0d:6e:99:de:cf:fb:a8:72:16:71:4b:b3:ad
ed:74:07:cb:cf:7d:2b:12:89:66:c4:0f:8a:ea:e3:37
17:2c:75:92:11:7a:a6:da:29:24:33:9b:69:c2:64:68
03:db:31:de:fe:1d:a2:4d:9d:91:9f:f0:50:b8:8f:d0
22:11:b9:b0:95:98:5e:65:bf:45:97:9b:35:f2:98:27
46:7c:b2:86:eb:7b:8b:57:f2:c3:49:47:7d:01:4a:9a
b0:e6:67:05:e5:61:7a:ab:63:c8:cb:d8:44:69:88:72
a5:a9:60:89:60:df:e6:d9:4d:16:2b:35:7b:20:00:f3
3c:d1:78:f9:22:eb:48:c3:7f:78:63:e6:34:60:48:30
66:02:bb:38:c2:94:2e:b9:86:b2:2f:9a:4f:17:7f:e1
1f:
coefficient:
00:93:3e:7c:b9:ea:87:52:37:fa:d5:0a:36:fb:e1:d0
fc:62:4d:00:0b:ad:a8:fb:bd:34:53:96:c2:6c:a1:6a
49:b7:a0:24:33:16:95:79:14:ac:bb:75:8d:78:e9:10
fa:be:44:60:58:94:4a:9c:ba:64:1d:86:27:8b:7f:51
4d:80:b0:ff:7a:91:c0:4d:a4:aa:d1:f1:79:7d:8f:71
49:12:73:d4:44:5f:0c:2e:55:a6:d9:13:b8:3b:e5:dc
e1:14:98:7e:eb:5b:60:ad:d7:4b:da:c0:d8:3f:bf:70
92:53:8c:31:6a:8b:61:5e:a3:7d:ff:84:2c:7d:ed:9f
74:29:9a:e7:14:fb:c3:ab:8e:9f:60:6a:98:ab:86:0b
ea:fb:ff:20:2f:3b:a7:76:03:3a:55:bb:b2:c6:9c:b5
66:36:b8:1c:7f:9b:b6:62:89:ff:6a:d6:35:58:0b:f0
55:27:01:f0:67:8d:88:3f:74:48:3d:bf:8c:fc:05:62
47:
exp1:
00:99:16:2d:91:dd:a4:ac:8a:9e:68:27:f8:89:c4:38
93:a6:a0:e7:f3:1a:fd:35:76:b1:f6:64:16:3d:37:e5
88:bc:c8:d8:c8:6a:f4:fc:26:fa:38:88:42:b0:92:1b
80:b8:80:f5:c7:f9:e2:5f:c8:42:60:bf:9b:81:43:c6
5c:58:55:68:a2:c8:b1:e1:6f:07:f2:6f:e1:d4:2b:21
bf:b3:a7:da:c5:ee:1f:63:79:1a:b7:ea:bc:36:72:73
e1:8a:27:ae:a4:db:49:7c:e2:2d:60:a5:27:20:86:b3
c0:ee:6b:7a:16:6f:ff:55:a8:ee:bf:ce:67:90:5d:1e
80:9b:e6:ca:1f:fd:30:c9:e2:9c:d7:62:5b:a7:b2:29
b5:ff:78:06:00:1f:16:e8:6a:ed:2c:8f:f4:5f:97:ab
9e:2b:a7:56:18:e7:e9:6a:4e:b2:8c:63:76:be:26:b6
6a:1c:88:31:40:65:d0:ce:b1:68:50:47:85:dd:33:a0
a9:
exp2:
00:8d:b1:5f:7c:94:ed:62:39:40:b6:a9:a1:cc:02:80
c5:77:d6:9e:19:dd:79:4d:11:61:6a:79:8e:4d:92:de
bb:53:0b:3c:52:02:d5:69:3c:7d:95:1b:dc:51:2d:00
00:35:0a:b4:92:5a:74:c4:5f:b0:c0:02:9f:cc:2c:a5
29:08:93:25:9a:c5:ba:1a:a1:7a:7e:15:5e:ff:e3:ea
07:8e:85:a2:c9:60:7f:40:bb:2c:a8:6f:0e:85:ab:a0
0f:b5:b0:70:1b:fe:1f:eb:66:78:fb:60:ef:71:de:40
d9:de:cb:d9:16:40:52:12:2c:3a:b7:5a:63:fc:54:18
e2:05:bd:d7:68:ae:b4:98:d2:2f:1c:36:13:46:5b:25
31:f1:28:eb:32:c3:b1:2b:e9:e4:6f:99:cd:6d:d4:80
3a:5d:d0:3c:18:93:b7:2c:4e:0e:fe:b1:1c:97:ba:b1
61:72:68:eb:6e:60:62:a5:81:b0:21:33:0a:cc:1b:a8
5b:
Public Key PIN:
pin-sha256:iFdBnKP/7hZCLdj7qqTtdNPFjpZGka259fSYvv3X02U=
Public Key ID:
sha256:8857419ca3ffee16422dd8fbaaa4ed74d3c58e964691adb9f5f498befdd7d365
sha1:aac584e0e34ca0a8a5bf9641adbd3ec1d1e075e0
-----BEGIN RSA PRIVATE KEY-----
MIIG5QIBAAKCAYEA3S9lste1HN3rWtHweizQEaeoJolcjAYBHDEmiMzLEBIVP4p4
LhANGSBGsro5jiT+LtMQe5QaT8Gbvnj77nnjCaaEOq/VDj5WGFHUr8kDP8dVk1MB
HWs8rAbzaXISk/GVE1mD9C0X0OpBKhKQv98kuz6urjOUqjNfNERq5nkF7xKjV1dF
l8xVQwOC2T4hfz6IJ5mKyJZ+/ra21DQSK6JctqB3qu4S6gJJWLa1WzCwL8enwAjZ
GjnqaYeJa2G5p7UfzINZQUtJ70BBbrmoL/FVSCj+cykrYFhUUpvvRMyOX91kzRCf
W12I3KoKRsiFeOSVm9liE77XlM+SANcOypFSOlOstlcsasPpcjEJEtkZjpitR+wV
ONQLomtSsBHzNjtIuxg3mxSYVRIykmcj5P9IPin/QJesqtsw6NZCrPoVf9Yc/G+z
AYoeTnMdgYevPHs4qZ9VrqDNSBlJ84ePbE45HZSf0PA1q8iuZIJZhcpmqKDmoPJ/
MG+VdYSKj/kasPCBAgMBAAECggGAFP/A+f+8tCblh1PTLuY+Qs7WCgKUhL61MEYC
UI6Q4M+2sLemvUjM1YvY6nL/r90XPL7RG8ptzRCmhqjZ0kREJ9BlUWUMJzQH3Hs4
ZBADfPShzUDeJDrgIbzvMx2fYehXrOScwHvffPggg6wLjgvTYuuKjgNbo+UIrt+n
/oWS6KWuWEZy1vyRQ7F7pMBfUcNQDeJn6K9RE0Gpje/7oaTihHwroFDF/u2EpSWD
hkrTD1Y3OOYeJn1FIgu6IjW++IsbcpATxB/F0TS1DrLu9+G5XqIpjfluI0tQjzXI
qfPSH93OoJZQLS6vz7XhIOfp0knttQ5bPtFL8frCczobUTR+dTAG0kfSqCpFvhb7
j2OEhbe/98TFPZVWjNECf1isTRF7xVXzyE7X2apisOMeBFyX0cricaqLM7Q06QTU
cHz0y1cZwQMj9LxNkY+ympkcbIEtTS3poePO48liUokfR4Zh8d28Ro15Cpmdqkup
CnJU29yuSL5gSnOZ2DyeB3gF34c5AoHBAOljD9dJMSeoNv6VvY0FwTVILgNPpldU
OqSVP46fKHzS369UNp58n8O5ZI/AsJY8qgH2mr6D4oUgDTPeiJevb74/U1qjdwL9
gReRO7Itq3jb2UPbBGmCYTDklqyIi/Y/VsRJ/dXljJ0wrc/ZjVyHtSdLCY4Z7eIR
P2myR75wORFBo9u7uQ7ke1DQ0sKJgTa5a6b+lFsGZubthlJCXqkOGNsY+RQhPeA8
jXnD9dLMUWX7HEntCtUzmTQW+R1oSnjaXwKBwQDyna5fvbejh6eNMEYGixWp5alY
HCs6fng1NlYxQt9Gh+hXDW6Z3s/7qHIWcUuzre10B8vPfSsSiWbED4rq4zcXLHWS
EXqm2ikkM5tpwmRoA9sx3v4dok2dkZ/wULiP0CIRubCVmF5lv0WXmzXymCdGfLKG
63uLV/LDSUd9AUqasOZnBeVheqtjyMvYRGmIcqWpYIlg3+bZTRYrNXsgAPM80Xj5
IutIw394Y+Y0YEgwZgK7OMKULrmGsi+aTxd/4R8CgcEAmRYtkd2krIqeaCf4icQ4
k6ag5/Ma/TV2sfZkFj035Yi8yNjIavT8Jvo4iEKwkhuAuID1x/niX8hCYL+bgUPG
XFhVaKLIseFvB/Jv4dQrIb+zp9rF7h9jeRq36rw2cnPhiieupNtJfOItYKUnIIaz
wO5rehZv/1Wo7r/OZ5BdHoCb5sof/TDJ4pzXYlunsim1/3gGAB8W6GrtLI/0X5er
niunVhjn6WpOsoxjdr4mtmociDFAZdDOsWhQR4XdM6CpAoHBAI2xX3yU7WI5QLap
ocwCgMV31p4Z3XlNEWFqeY5Nkt67Uws8UgLVaTx9lRvcUS0AADUKtJJadMRfsMAC
n8wspSkIkyWaxboaoXp+FV7/4+oHjoWiyWB/QLssqG8OhaugD7WwcBv+H+tmePtg
73HeQNney9kWQFISLDq3WmP8VBjiBb3XaK60mNIvHDYTRlslMfEo6zLDsSvp5G+Z
zW3UgDpd0DwYk7csTg7+sRyXurFhcmjrbmBipYGwITMKzBuoWwKBwQCTPny56odS
N/rVCjb74dD8Yk0AC62o+700U5bCbKFqSbegJDMWlXkUrLt1jXjpEPq+RGBYlEqc
umQdhieLf1FNgLD/epHATaSq0fF5fY9xSRJz1ERfDC5VptkTuDvl3OEUmH7rW2Ct
10vawNg/v3CSU4wxaothXqN9/4Qsfe2fdCma5xT7w6uOn2BqmKuGC+r7/yAvO6d2
AzpVu7LGnLVmNrgcf5u2Yon/atY1WAvwVScB8GeNiD90SD2/jPwFYkc=
-----END RSA PRIVATE KEY-----

39
internal/filter/filter_test.go Normal file
View file

@ -0,0 +1,39 @@
// This file is Free Software under the MIT License
// without warranty, see README.md and LICENSES/MIT.txt for details.
//
// SPDX-License-Identifier: MIT
//
// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
package filter
import (
"testing"
)
// TestNewPatternMatcher tests if NewPatternMatcher recognizes
// whether a set of sample regular expressions is valid
func TestNewPatternMatcher(t *testing.T) {
var regex []string
if pm, err := NewPatternMatcher(regex); pm == nil || err != nil {
t.Errorf("Failure: Did not compile valid regex pattern")
}
regex = append(regex, "++")
if pm, err := NewPatternMatcher(regex); pm != nil || err == nil {
t.Errorf("Failure: No error returned at invalid compile pattern")
}
}
// TestMatches tests if Matches returns whether a given string
// matches a sample of the expressions correctly.
func TestMatches(t *testing.T) {
regex := []string{"a"}
pm, _ := NewPatternMatcher(regex)
if !pm.Matches("a") {
t.Errorf("Failure: Did not match two identical strings")
}
if pm.Matches("b") {
t.Errorf("Failure: Matched two non-matching strings")
}
}

25
internal/misc/mime_test.go Normal file
View file

@ -0,0 +1,25 @@
// This file is Free Software under the MIT License
// without warranty, see README.md and LICENSES/MIT.txt for details.
//
// SPDX-License-Identifier: MIT
//
// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
package misc
import (
"io"
"mime/multipart"
"testing"
)
// TestCreateFormFile tests if CreateFormFile throws an error when creating
// a FormFile
func TestCreateFormFile(t *testing.T) {
writer := multipart.NewWriter(io.Discard)
if _, err := CreateFormFile(writer, "csaf", "data", "application/json"); err != nil {
t.Errorf("Failure: failed to create an io.Writer via CreateFormFile")
}
}

13
internal/models/models.go
View file

@ -28,6 +28,14 @@ func NewTimeInterval(a, b time.Time) TimeRange {
return TimeRange{a, b}
}
// Year returns the time range for a given year.
func Year(year int) TimeRange {
return TimeRange{
time.Date(year, time.January, 1, 0, 0, 0, 0, time.UTC),
time.Date(year, time.December, 31, 23, 59, 59, int(time.Second-time.Nanosecond), time.UTC),
}
}
// guessDate tries to guess an RFC 3339 date time from a given string.
func guessDate(s string) (time.Time, bool) {
for _, layout := range []string{
@ -100,3 +108,8 @@ func (tr *TimeRange) UnmarshalFlag(s string) error {
func (tr TimeRange) Contains(t time.Time) bool {
return !(t.Before(tr[0]) || t.After(tr[1]))
}
// Intersects returns true if the two time ranges intersects.
func (tr TimeRange) Intersects(other TimeRange) bool {
return !(other[1].Before(tr[0]) || tr[1].Before(other[0]))
}

168
internal/models/models_test.go Normal file
View file

@ -0,0 +1,168 @@
// This file is Free Software under the MIT License
// without warranty, see README.md and LICENSES/MIT.txt for details.
//
// SPDX-License-Identifier: MIT
//
// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
package models
import (
"testing"
"time"
)
// TestNewTimeInterval tests the creation of time intervals via NewTimeInterval()
func TestNewTimeInterval(t *testing.T) {
var (
before = time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC)
after = time.Date(2010, time.November, 10, 23, 0, 0, 0, time.UTC)
pseudoTimeRange = TimeRange{before, after}
)
if NewTimeInterval(after, before) != pseudoTimeRange {
t.Errorf("Failure: Couldn't generate timerange.")
}
}
// TestGuessDate tests whether a sample of strings are correctly parsed into Dates by guessDate()
func TestGuessDate(t *testing.T) {
if _, guess := guessDate("2006-01-02T15:04:05"); !guess {
t.Errorf("Failure: Could not guess valid Date from valid string")
}
if _, guess := guessDate("2006"); !guess {
t.Errorf("Failure: Could not guess valid Date from valid string")
}
if _, guess := guessDate("2006-01-02"); !guess {
t.Errorf("Failure: Could not guess valid Date from valid string")
}
if _, guess := guessDate(""); guess {
t.Errorf("Failure: Guessed Date from invalid string")
}
}
// TestUnmarshalText tests whether UnmarshalText() correctly unmarshals a sample of byteSlices
func TestUnmarshalText(t *testing.T) {
testTimeRange := NewTimeInterval(
time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC),
time.Date(2010, time.November, 10, 23, 0, 0, 0, time.UTC))
byteSlice := []byte{'3', 'h'}
var emptySlice []byte
if testTimeRange.UnmarshalText(byteSlice) != nil {
t.Errorf(testTimeRange.UnmarshalText(byteSlice).Error())
}
if testTimeRange.UnmarshalText(emptySlice) == nil {
t.Errorf("Failure: UnmarshalText succeeded on invalid slice of bytes.")
}
}
// TestMarshalJSON tests whether MarshalJSON() correctly marshals a sample TimeRange
func TestMarshalJSON(t *testing.T) {
testTimeRange := NewTimeInterval(
time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC),
time.Date(2010, time.November, 10, 23, 0, 0, 0, time.UTC))
if _, err := testTimeRange.MarshalJSON(); err != nil {
t.Errorf("Failure: %v", err)
}
}
// TestUnmarshalFlag tests whether UnmarshalFlag() correctly extracts time from a given timeRange string.
func TestUnmarshalFlag(t *testing.T) {
testTimeRange := NewTimeInterval(
time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC),
time.Date(2010, time.November, 10, 23, 0, 0, 0, time.UTC))
if err := testTimeRange.UnmarshalFlag("3h"); err != nil {
t.Errorf(err.Error())
}
if err := testTimeRange.UnmarshalFlag("2006-01-02T15:04:05"); err != nil {
t.Errorf(err.Error())
}
if err := testTimeRange.UnmarshalFlag("2006-01-02T15:04:05a"); err == nil {
t.Errorf("Failure: Extracted time from invalid string")
}
if err := testTimeRange.UnmarshalFlag("2006-01-02T15:04:05a, 2007-01-02T15:04:05"); err == nil {
t.Errorf("Failure: Extracted time from invalid string")
}
if err := testTimeRange.UnmarshalFlag("2006-01-02T15:04:05, 2007-01-02T15:04:05a"); err == nil {
t.Errorf("Failure: Extracted time from invalid string")
}
if err := testTimeRange.UnmarshalFlag("2006-01-02T15:04:05, 2007-01-02T15:04:05"); err != nil {
t.Errorf(err.Error())
}
}
// TestContains tests whether Contains() correctly identifies a sample of points in time to be within
// a timerange or not.
func TestContains(t *testing.T) {
testTimeRange := NewTimeInterval(
time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC),
time.Date(2010, time.November, 10, 23, 0, 0, 0, time.UTC))
testPointInTime := time.Date(2010, time.March, 10, 23, 0, 0, 0, time.UTC)
testPointAfterTime := time.Date(2022, time.March, 10, 23, 0, 0, 0, time.UTC)
testPointBeforeTime := time.Date(2002, time.March, 10, 23, 0, 0, 0, time.UTC)
if !testTimeRange.Contains(testPointInTime) {
t.Errorf("Failure: Did not recognize point within timerange correctly.")
}
if testTimeRange.Contains(testPointAfterTime) {
t.Errorf("Failure: Did not recognize that a point in time was after a timerange correctly.")
}
if testTimeRange.Contains(testPointBeforeTime) {
t.Errorf("Failure: Did not recognize that a point in time was before a timerange correctly.")
}
}
// TestTimeRangeIntersects checks if TimeRange.Intersects works.
func TestTimeRangeIntersects(t *testing.T) {
var (
a = time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC)
b = a.AddDate(0, 0, 10)
c = b.AddDate(0, 0, 10)
d = c.AddDate(0, 0, 10)
)
for _, x := range []struct {
ranges [2]TimeRange
expected bool
}{
{ranges: [2]TimeRange{{a, b}, {a, b}}, expected: true}, // equal
{ranges: [2]TimeRange{{a, b}, {c, d}}, expected: false}, // disjoint
{ranges: [2]TimeRange{{a, b}, {b, c}}, expected: true}, // touching
{ranges: [2]TimeRange{{a, c}, {b, d}}, expected: true}, // overlapping
{ranges: [2]TimeRange{{a, d}, {b, c}}, expected: true}, // containing
{ranges: [2]TimeRange{{a, b}, {a, c}}, expected: true}, // containing touch left
{ranges: [2]TimeRange{{b, c}, {a, c}}, expected: true}, // containing touch right
} {
got1 := x.ranges[0].Intersects(x.ranges[1])
got2 := x.ranges[1].Intersects(x.ranges[0])
if got1 != got2 {
t.Fatalf("intersecting %v is not commutative", x.ranges)
}
if got1 != x.expected {
t.Fatalf("%v: got %t expected %t", x.ranges, got1, x.expected)
}
}
}
// TestTimeRangeYear checks if the Year construction works.
func TestTimeRangeYear(t *testing.T) {
var (
year = Year(1984)
first = time.Date(1984, time.January, 1, 0, 0, 0, 0, time.UTC)
before = first.Add(-time.Nanosecond)
after = time.Date(1984+1, time.January, 1, 0, 0, 0, 0, time.UTC)
last = after.Add(-time.Nanosecond)
)
for _, x := range []struct {
t time.Time
expected bool
}{
{t: first, expected: true},
{t: before, expected: false},
{t: last, expected: true},
{t: after, expected: false},
} {
if got := year.Contains(x.t); got != x.expected {
t.Fatalf("%v: got %t expected %t", x.t, got, x.expected)
}
}
}

1
internal/options/data/config.toml Normal file
View file

@ -0,0 +1 @@
Test = "data/config.toml"

2
internal/options/data/config_plus.toml Normal file
View file

@ -0,0 +1,2 @@
Test = "data/config_plus.toml"
surplus = true

1
internal/options/data/empty.toml Normal file
View file

@ -0,0 +1 @@
# Empty but valid config file

33
internal/options/log.go Normal file
View file

@ -0,0 +1,33 @@
// This file is Free Software under the MIT License
// without warranty, see README.md and LICENSES/MIT.txt for details.
//
// SPDX-License-Identifier: MIT
//
// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
package options
import (
"log/slog"
"strings"
)
// LogLevel implements a helper type to be used in configurations.
type LogLevel struct{ slog.Level }
// MarshalFlag implements [flags.Marshaler].
func (ll LogLevel) MarshalFlag() (string, error) {
t, err := ll.MarshalText()
return strings.ToLower(string(t)), err
}
// UnmarshalFlag implements [flags.Unmarshaler].
func (ll *LogLevel) UnmarshalFlag(value string) error {
var l slog.Level
if err := l.UnmarshalText([]byte(value)); err != nil {
return err
}
*ll = LogLevel{Level: l}
return nil
}

49
internal/options/log_test.go Normal file
View file

@ -0,0 +1,49 @@
// This file is Free Software under the MIT License
// without warranty, see README.md and LICENSES/MIT.txt for details.
//
// SPDX-License-Identifier: MIT
//
// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
package options
import (
"log/slog"
"testing"
)
func TestMarshalFlag(t *testing.T) {
ll := LogLevel{Level: slog.LevelInfo}
got, err := ll.MarshalFlag()
if err != nil {
t.Fatal(err)
}
if got != "info" {
t.Fatalf("got %q expected \"info\"", got)
}
}
func TestUnmarshalFlag(t *testing.T) {
for _, x := range []struct {
input string
expect slog.Level
}{
{input: "debug", expect: slog.LevelDebug},
{input: "info", expect: slog.LevelInfo},
{input: "warn", expect: slog.LevelWarn},
{input: "error", expect: slog.LevelError},
} {
var ll LogLevel
if err := ll.UnmarshalFlag(x.input); err != nil {
t.Fatalf("%q error: %v", x.input, err)
}
if ll.Level != x.expect {
t.Fatalf("%q: got %s expected %s", x.input, ll.Level, x.expect)
}
}
var ll LogLevel
if err := ll.UnmarshalFlag("invalid"); err == nil {
t.Fatal(`"invalid" should return an error`)
}
}

6
internal/options/options.go
View file

@ -3,8 +3,8 @@
//
// SPDX-License-Identifier: MIT
//
// SPDX-FileCopyrightText: 2022 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
// Software-Engineering: 2022 Intevation GmbH <https://intevation.de>
// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
// Package options contains helpers to handle command line options and config files.
package options
@ -18,7 +18,7 @@ import (
"github.com/jessevdk/go-flags"
"github.com/mitchellh/go-homedir"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/csaf-poc/csaf_distribution/v3/util"
)
// Parser helps parsing command line arguments and loading

206
internal/options/options_test.go Normal file
View file

@ -0,0 +1,206 @@
// This file is Free Software under the MIT License
// without warranty, see README.md and LICENSES/MIT.txt for details.
//
// SPDX-License-Identifier: MIT
//
// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
package options
import (
"errors"
"fmt"
"os"
"os/exec"
"testing"
)
type config struct {
Test string `long:"Test" description:"Test config struct"`
Version bool `long:"version" description:"test print version"`
ConfigLocation string `long:"configlocation" description:"test location"`
}
// TestParse helps parsing command line arguments and loading
// stored configurations from file.
func TestParse(t *testing.T) {
orig := os.Args
defer func() { os.Args = orig }()
os.Args = []string{"cmd"}
defaultConfigLocation := []string{"data/config.toml"}
p := Parser[config]{
DefaultConfigLocations: defaultConfigLocation,
ConfigLocation: func(cfg *config) string {
return cfg.ConfigLocation
},
Usage: "[OPTIONS] domain...",
HasVersion: func(cfg *config) bool { return cfg.Version },
SetDefaults: func(cfg *config) {
},
// Re-establish default values if not set.
EnsureDefaults: func(cfg *config) {
},
}
// Test searching for data/config.toml as config file
if _, _, err := p.Parse(); err != nil {
t.Errorf("Failure: Valid Parser using config location failed.")
}
// Test invalid flag
os.Args = []string{"cmd", "--invalid"}
fmt.Println("The following test should produce a warning.")
if _, _, err := p.Parse(); err == nil {
t.Errorf("Failure: Parsed invalid flag 'invalid'")
}
// Test with no default location; no config is loaded
var emptyLocation []string
p.DefaultConfigLocations = emptyLocation
os.Args = []string{"cmd"}
if _, _, err := p.Parse(); err != nil {
t.Errorf("Failure: Valid Parser without config location failed: %s", err.Error())
}
// Test failing to load TOML file
os.Args = []string{"cmd", "--configlocation=data/config_surplus.toml"}
if _, _, err := p.Parse(); err == nil {
t.Errorf("Failure: Parsed invalid toml file.")
}
// Test failing to expand Path
os.Args = []string{"cmd", "--configlocation=~~"}
if _, _, err := p.Parse(); err == nil {
t.Errorf("Failure: Invalid path expanded.")
}
// os.exit tests start here
// test the help flag
// if TEST_HELP was set, try parsing the help flag
if os.Getenv("TEST_HELP") == "1" {
os.Args = []string{"cmd", "--help"}
p.Parse()
return
}
// Build subprocess that can be exited
cmd := exec.Command(orig[0], "-test.run=TestParse")
cmd.Env = append(os.Environ(), "TEST_HELP=1")
err := cmd.Run()
if err != nil {
t.Fatalf(err.Error())
}
// test the version flag
if os.Getenv("TEST_VERSION") == "1" {
os.Args = []string{"cmd", "--version"}
p.Parse()
return
}
cmd = exec.Command(orig[0], "-test.run=TestParse")
cmd.Env = append(os.Environ(), "TEST_VERSION=1")
err = cmd.Run()
if err != nil {
t.Fatalf(err.Error())
}
}
// TestFindConfigFile tests if findConfigFile() correctly finds existing and
// doesn't find nonexisting config files
func TestFindConfigFile(t *testing.T) {
locations := []string{"data/config.toml"}
notLocation := []string{"notomllocation"}
errorExpandLocation := []string{"~~"}
if findConfigFile(locations) != "data/config.toml" {
t.Errorf("Failure: Couldn't find existing toml file in specified location")
}
if !(findConfigFile(notLocation) == "") {
t.Errorf("Failure: Supposedly found configuration file in nonexistant location")
}
fmt.Println("The following test should produce a warning.")
if !(findConfigFile(errorExpandLocation) == "") {
t.Errorf("Failure: Supposedly found configuration file in nonexistant location")
}
}
// TestLoadToml tests if loadTOML() can correctly load TOML files
func TestLoadToml(t *testing.T) {
var cfg config
if err := loadTOML(&cfg, "data/nonexistant.toml"); err.Error() != "open "+
"data/nonexistant.toml: no such file or directory" {
t.Errorf("Failure: Didn't throw the correct " +
"error on trying to load nonexistant file")
}
const errMsg = `could not parse ["surplus"] from "data/config_plus.toml"`
if err := loadTOML(&cfg, "data/config_plus.toml"); err.Error() != errMsg {
t.Errorf("Failure: Succeeded in parsing nonexistant parameter")
}
if err := loadTOML(&cfg, "data/config.toml"); err != nil {
t.Errorf(err.Error())
}
}
// TestErrorCheck checks whether the ErrorChecker correctly logs a fatal error
func TestErrorCheck(t *testing.T) {
if os.Getenv("TEST_ERROR") == "1" {
ErrorCheck(errors.New("succesful"))
return
}
cmd := exec.Command(os.Args[0], "-test.run=TestErrorCheck")
cmd.Env = append(os.Environ(), "TEST_ERROR=1")
err := cmd.Run()
if e, ok := err.(*exec.ExitError); ok && !e.Success() {
return
}
t.Fatalf("process ran with err %v, want exit status 1", err)
}
// TestSecondPassCommandlineParsing checks if the second pass
// of the command line passing is error checked.
func TestSecondPassCommandlineParsing(t *testing.T) {
orig := os.Args
defer func() { os.Args = orig }()
os.Args = []string{"cmd"}
p := Parser[config]{
ConfigLocation: func(cfg *config) string {
// This is a bit stupid.
os.Args = []string{"cmd", "--invalid"}
return "data/empty.toml"
},
}
if _, _, err := p.Parse(); err == nil {
t.Fatalf("Second command line parsing pass did not fail.\n")
}
}
// TestSecondPassCommandlineHelp triggers the help output in the
// second pass of the command line parsing.
func TestSecondPassCommandlineHelp(t *testing.T) {
if os.Getenv("TEST_ERROR") == "1" {
orig := os.Args
defer func() { os.Args = orig }()
os.Args = []string{"cmd"}
p := Parser[config]{
ConfigLocation: func(cfg *config) string {
// This is a bit stupid.
os.Args = []string{"cmd", "--help"}
return "data/empty.toml"
},
}
p.Parse()
t.Fatalf("Second command line parsing pass help should not reach this.\n")
return
}
cmd := exec.Command(os.Args[0], "-test.run=TestSecondPassCommandlineHelp")
cmd.Env = append(os.Environ(), "TEST_ERROR=1")
if err := cmd.Run(); err != nil {
t.Fatalf("process ran with err %v", err)
}
}

20
util/client.go
View file

@ -31,6 +31,7 @@ type Client interface {
// LoggingClient is a client that logs called URLs.
type LoggingClient struct {
Client
Log func(method, url string)
}
// LimitingClient is a Client implementing rate throttling.
@ -97,33 +98,42 @@ func (hc *HeaderClient) PostForm(url string, data url.Values) (*http.Response, e
url, "application/x-www-form-urlencoded", strings.NewReader(data.Encode()))
}
// log logs to a callback if given.
func (lc *LoggingClient) log(method, url string) {
if lc.Log != nil {
lc.Log(method, url)
} else {
log.Printf("[%s]: %s\n", method, url)
}
}
// Do implements the respective method of the Client interface.
func (lc *LoggingClient) Do(req *http.Request) (*http.Response, error) {
log.Printf("[DO]: %s\n", req.URL.String())
lc.log("DO", req.URL.String())
return lc.Client.Do(req)
}
// Get implements the respective method of the Client interface.
func (lc *LoggingClient) Get(url string) (*http.Response, error) {
log.Printf("[GET]: %s\n", url)
lc.log("GET", url)
return lc.Client.Get(url)
}
// Head implements the respective method of the Client interface.
func (lc *LoggingClient) Head(url string) (*http.Response, error) {
log.Printf("[HEAD]: %s\n", url)
lc.log("HEAD", url)
return lc.Client.Head(url)
}
// Post implements the respective method of the Client interface.
func (lc *LoggingClient) Post(url, contentType string, body io.Reader) (*http.Response, error) {
log.Printf("[POST]: %s\n", url)
lc.log("POST", url)
return lc.Client.Post(url, contentType, body)
}
// PostForm implements the respective method of the Client interface.
func (lc *LoggingClient) PostForm(url string, data url.Values) (*http.Response, error) {
log.Printf("[POST FORM]: %s\n", url)
lc.log("POST FORM", url)
return lc.Client.PostForm(url, data)
}

8
util/file_test.go
View file

@ -1,3 +1,11 @@
// This file is Free Software under the MIT License
// without warranty, see README.md and LICENSES/MIT.txt for details.
//
// SPDX-License-Identifier: MIT
//
// SPDX-FileCopyrightText: 2022 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
// Software-Engineering: 2022 Intevation GmbH <https://intevation.de>
package util
import (