SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Improve checker regarding PMD location problems

Browse source 
* Change checking to test for Security, wellknown and DNS requirement at once and only throws error if all three fail.
* Use security.txt parser from csaf/util to extract provider url.
* Improve code comments and messages for the reports.

Co-authored-by: Jan Höfelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
This commit is contained in:
JanHoefelmeyer 2022-08-26 13:31:56 +02:00 committed by GitHub
parent a62484c31c
commit 3bb8ea0019
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 112 additions and 104 deletions
Download patch file Download diff file Expand all files Collapse all files

4
csaf/util.go
View file

@ -217,7 +217,7 @@ func LoadProviderMetadataForDomain(
// Valid provider metadata under well-known.
var wellknownGood *LoadedProviderMetadata
// First try well-know path
// First try the well-known path.
wellknownURL := "https://" + domain + "/.well-known/csaf/provider-metadata.json"
wellknownResult := LoadProviderMetadataFromURL(
client, wellknownURL, already, logging)
@ -249,7 +249,7 @@ func LoadProviderMetadataForDomain(
// security.txt contains good entries.
if len(secGoods) > 0 {
// we have a wellknown good take it.
// we already have a good wellknown, take it.
if wellknownGood != nil {
// check if first of security urls is identical to wellknown.
if bytes.Equal(wellknownGood.Hash, secGoods[0].Hash) {