mirror of
https://github.com/gocsaf/csaf.git
synced 2025-12-22 11:55:40 +01:00
Add CLI flags to specify what hash is preferred
This commit is contained in:
koplas
parent
be2e4e7424
commit
37c9eaf346
2 changed files with 34 additions and 28 deletions
|
|
@ -41,6 +41,13 @@ const (
|
|||
validationUnsafe = validationMode("unsafe")
|
||||
)
|
||||
|
||||
type hashAlgorithm string
|
||||
|
||||
const (
|
||||
algSha256 = hashAlgorithm("SHA256")
|
||||
algSha2512 = hashAlgorithm("SHA512")
|
||||
)
|
||||
|
||||
type config struct {
|
||||
Directory string `short:"d" long:"directory" description:"DIRectory to store the downloaded files in" value-name:"DIR" toml:"directory"`
|
||||
Insecure bool `long:"insecure" description:"Do not check TLS certificates from provider" toml:"insecure"`
|
||||
|
|
@ -79,6 +86,9 @@ type config struct {
|
|||
|
||||
clientCerts []tls.Certificate
|
||||
ignorePattern filter.PatternMatcher
|
||||
|
||||
//lint:ignore SA5008 We are using choice or than once: sha256, sha512
|
||||
PreferredHash hashAlgorithm `long:"preferred_hash" short:"h" choice:"sha256" choice:"sha512" value-name:"HASH" description:"HASH to prefer" toml:"preferred_hash"`
|
||||
}
|
||||
|
||||
// configPaths are the potential file locations of the config file.
|
||||
|
|
@ -220,7 +230,7 @@ func (cfg *config) prepareLogging() error {
|
|||
w = f
|
||||
}
|
||||
ho := slog.HandlerOptions{
|
||||
//AddSource: true,
|
||||
// AddSource: true,
|
||||
Level: cfg.LogLevel.Level,
|
||||
ReplaceAttr: dropSubSeconds,
|
||||
}
|
||||
|
|
|
|||
|
|
@ -53,7 +53,6 @@ type downloader struct {
|
|||
const failedValidationDir = "failed_validation"
|
||||
|
||||
func newDownloader(cfg *config) (*downloader, error) {
|
||||
|
||||
var validator csaf.RemoteValidator
|
||||
|
||||
if cfg.RemoteValidator != "" {
|
||||
|
|
@ -103,7 +102,6 @@ func logRedirect(req *http.Request, via []*http.Request) error {
|
|||
}
|
||||
|
||||
func (d *downloader) httpClient() util.Client {
|
||||
|
||||
hClient := http.Client{}
|
||||
|
||||
if d.cfg.verbose() {
|
||||
|
|
@ -253,7 +251,6 @@ func (d *downloader) downloadFiles(
|
|||
label csaf.TLPLabel,
|
||||
files []csaf.AdvisoryFile,
|
||||
) error {
|
||||
|
||||
var (
|
||||
advisoryCh = make(chan csaf.AdvisoryFile)
|
||||
errorCh = make(chan error)
|
||||
|
|
@ -303,7 +300,6 @@ func (d *downloader) loadOpenPGPKeys(
|
|||
base *url.URL,
|
||||
expr *util.PathEval,
|
||||
) error {
|
||||
|
||||
src, err := expr.Eval("$.public_openpgp_keys", doc)
|
||||
if err != nil {
|
||||
// no keys.
|
||||
|
|
@ -357,7 +353,6 @@ func (d *downloader) loadOpenPGPKeys(
|
|||
defer res.Body.Close()
|
||||
return crypto.NewKeyFromArmoredReader(res.Body)
|
||||
}()
|
||||
|
||||
if err != nil {
|
||||
slog.Warn(
|
||||
"Reading public OpenPGP key failed",
|
||||
|
|
@ -501,31 +496,35 @@ nextAdvisory:
|
|||
signData []byte
|
||||
)
|
||||
|
||||
// Only hash when we have a remote counterpart we can compare it with.
|
||||
if remoteSHA256, s256Data, err = loadHash(client, file.SHA256URL()); err != nil {
|
||||
if !file.IsDirectory() {
|
||||
slog.Warn("Cannot fetch SHA256",
|
||||
"url", file.SHA256URL(),
|
||||
"error", err)
|
||||
if (d.cfg.PreferredHash != "sha512" || file.SHA512URL() == "") && file.SHA256URL() != "" {
|
||||
// Only hash when we have a remote counterpart we can compare it with.
|
||||
if remoteSHA256, s256Data, err = loadHash(client, file.SHA256URL()); err != nil {
|
||||
if !file.IsDirectory() {
|
||||
slog.Warn("Cannot fetch SHA256",
|
||||
"url", file.SHA256URL(),
|
||||
"error", err)
|
||||
} else {
|
||||
slog.Info("SHA256 not present", "file", file.URL())
|
||||
}
|
||||
} else {
|
||||
slog.Info("SHA256 not present", "file", file.URL())
|
||||
s256 = sha256.New()
|
||||
writers = append(writers, s256)
|
||||
}
|
||||
} else {
|
||||
s256 = sha256.New()
|
||||
writers = append(writers, s256)
|
||||
}
|
||||
|
||||
if remoteSHA512, s512Data, err = loadHash(client, file.SHA512URL()); err != nil {
|
||||
if !file.IsDirectory() {
|
||||
slog.Warn("Cannot fetch SHA512",
|
||||
"url", file.SHA512URL(),
|
||||
"error", err)
|
||||
if (d.cfg.PreferredHash != "sha256" || file.SHA256URL() == "") && file.SHA512URL() != "" {
|
||||
if remoteSHA512, s512Data, err = loadHash(client, file.SHA512URL()); err != nil {
|
||||
if !file.IsDirectory() {
|
||||
slog.Warn("Cannot fetch SHA512",
|
||||
"url", file.SHA512URL(),
|
||||
"error", err)
|
||||
} else {
|
||||
slog.Info("SHA512 not present", "file", file.URL())
|
||||
}
|
||||
} else {
|
||||
slog.Info("SHA512 not present", "file", file.URL())
|
||||
s512 = sha512.New()
|
||||
writers = append(writers, s512)
|
||||
}
|
||||
} else {
|
||||
s512 = sha512.New()
|
||||
writers = append(writers, s512)
|
||||
}
|
||||
|
||||
// Remember the data as we need to store it to file later.
|
||||
|
|
@ -757,9 +756,6 @@ func loadSignature(client util.Client, p string) (*crypto.PGPSignature, []byte,
|
|||
}
|
||||
|
||||
func loadHash(client util.Client, p string) ([]byte, []byte, error) {
|
||||
if p == "" {
|
||||
return nil, nil, fmt.Errorf("no hash path provided")
|
||||
}
|
||||
resp, err := client.Get(p)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue