SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Fix DNS path check

Browse source 
* Make it dynamic by the domain given for the check.
 * Change reporting text to be more clear about which is the dynamic
   part (in lack of direct access to the path which was checked.)
This commit is contained in:
Bernhard Reiter 2022-05-17 15:34:39 +02:00
parent e4c2c00879
commit 2cfb4b8e49
No known key found for this signature in database
GPG key ID: 2B7BA3BF9BC3A554
2 changed files with 8 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

12
cmd/csaf_checker/processor.go
View file

@ -1032,7 +1032,7 @@ func (p *processor) checkPGPKeys(domain string) error {
} }
// checkWellknownMetadataReporter checks if the provider-metadata.json file is // checkWellknownMetadataReporter checks if the provider-metadata.json file is
// avaialable under the /.well-known/csaf/ directory. // available under the /.well-known/csaf/ directory.
// It returns nil if all checks are passed, otherwise error. // It returns nil if all checks are passed, otherwise error.
func (p *processor) checkWellknownMetadataReporter(domain string) error { func (p *processor) checkWellknownMetadataReporter(domain string) error {
@ -1044,7 +1044,7 @@ func (p *processor) checkWellknownMetadataReporter(domain string) error {
res, err := client.Get(path) res, err := client.Get(path)
if err != nil { if err != nil {
p.badWellknownMetadata.add("Fetiching %s failed: %v", path, err) p.badWellknownMetadata.add("Fetching %s failed: %v", path, err)
return errContinue return errContinue
} }
if res.StatusCode != http.StatusOK { if res.StatusCode != http.StatusOK {
@ -1065,10 +1065,10 @@ func (p *processor) checkDNSPathReporter(domain string) error {
p.badDNSPath.use() p.badDNSPath.use()
path := "https://csaf.data.security.domain.tld" path := "https://csaf.data.security." + domain
res, err := client.Get(path) res, err := client.Get(path)
if err != nil { if err != nil {
p.badDNSPath.add("Fetiching %s failed: %v", path, err) p.badDNSPath.add("Fetching %s failed: %v", path, err)
return errContinue return errContinue
} }
if res.StatusCode != http.StatusOK { if res.StatusCode != http.StatusOK {
@ -1080,12 +1080,12 @@ func (p *processor) checkDNSPathReporter(domain string) error {
defer res.Body.Close() defer res.Body.Close()
content, err := io.ReadAll(res.Body) content, err := io.ReadAll(res.Body)
if err != nil { if err != nil {
p.badDNSPath.add("Error while reading the response form %s", path) p.badDNSPath.add("Error while reading the response from %s", path)
return errContinue return errContinue
} }
hash.Write(content) hash.Write(content)
if !bytes.Equal(hash.Sum(nil), p.pmd256) { if !bytes.Equal(hash.Sum(nil), p.pmd256) {
p.badDNSPath.add("The csaf.data.security.domain.tld DNS record does not serve the provider-metatdata.json") p.badDNSPath.add("%s does not serve the same provider-metadata.json as previously found", path)
return errContinue return errContinue
} }

4
cmd/csaf_checker/reporters.go
View file

@ -137,11 +137,11 @@ func (r *wellknownMetadataReporter) report(p *processor, domain *Domain) {
func (r *dnsPathReporter) report(p *processor, domain *Domain) { func (r *dnsPathReporter) report(p *processor, domain *Domain) {
req := r.requirement(domain) req := r.requirement(domain)
if !p.badDNSPath.used() { if !p.badDNSPath.used() {
req.message("No csaf.data.security.domain.tld DNS record checked.") req.message("No download from https://csaf.data.security.DOMAIN attempted.")
return return
} }
if len(p.badDNSPath) == 0 { if len(p.badDNSPath) == 0 {
req.message("csaf.data.security.domain.tld DNS record is available and serves the provider-metadata.json.") req.message("https://csaf.data.security.DOMAIN is available and serves the provider-metadata.json.")
return return
} }
req.Messages = p.badDNSPath req.Messages = p.badDNSPath