SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Implemented links on directory listings checking

Browse source
This commit is contained in:
Sascha L. Teichmann 2022-05-17 01:22:30 +02:00
parent 32be3602b6
commit 3bbd37c441
4 changed files with 92 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

49
cmd/csaf_checker/links.go
View file

@ -10,11 +10,49 @@ package main
import ( import (
"io" "io"
"net/http"
"net/url"
"github.com/PuerkitoBio/goquery" "github.com/PuerkitoBio/goquery"
) )
func linksOnPage(r io.Reader) ([]string, error) { func (p *processor) linksOnPageURL(baseDir string) ([]string, error) {
base, err := url.Parse(baseDir)
if err != nil {
return nil, err
}
client := p.httpClient()
p.checkTLS(baseDir)
res, err := client.Get(baseDir)
p.badDirListings.use()
if err != nil {
p.badDirListings.add("Fetching %s failed: %v", base, err)
return nil, errContinue
}
if res.StatusCode != http.StatusOK {
p.badDirListings.add("Fetching %s failed. Status code %d (%s)",
base, res.StatusCode, res.Status)
return nil, errContinue
}
defer res.Body.Close()
// Links may be relative
return linksOnPage(res.Body, func(link string) (string, error) {
u, err := url.Parse(link)
if err != nil {
return "", err
}
return base.ResolveReference(u).String(), nil
})
}
func linksOnPage(r io.Reader, resolve func(string) (string, error)) ([]string, error) {
doc, err := goquery.NewDocumentFromReader(r) doc, err := goquery.NewDocumentFromReader(r)
if err != nil { if err != nil {
@ -23,11 +61,16 @@ func linksOnPage(r io.Reader) ([]string, error) {
var links []string var links []string
doc.Find("a").Each(func(i int, s *goquery.Selection) { doc.Find("a").Each(func(_ int, s *goquery.Selection) {
if err != nil {
return
}
if link, ok := s.Attr("href"); ok { if link, ok := s.Attr("href"); ok {
if link, err = resolve(link); err == nil {
links = append(links, link) links = append(links, link)
} }
}
}) })
return links, nil return links, err
} }

5
cmd/csaf_checker/links_test.go
View file

@ -23,7 +23,10 @@ const page0 = `<html>
func TestLinksOnPage(t *testing.T) { func TestLinksOnPage(t *testing.T) {
links, err := linksOnPage(strings.NewReader(page0)) links, err := linksOnPage(
strings.NewReader(page0),
func(s string) (string, error) { return s, nil },
)
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }

32
cmd/csaf_checker/processor.go
View file

@ -59,6 +59,7 @@ type processor struct {
badFolders topicMessages badFolders topicMessages
badWellknownMetadata topicMessages badWellknownMetadata topicMessages
badDNSPath topicMessages badDNSPath topicMessages
badDirListings topicMessages
expr *util.PathEval expr *util.PathEval
} }
@ -85,6 +86,8 @@ const (
rolieChangesMask rolieChangesMask
indexMask indexMask
changesMask changesMask
listingMask
rolieListingMask
) )
func (wt whereType) String() string { func (wt whereType) String() string {
@ -99,6 +102,10 @@ func (wt whereType) String() string {
return "index.txt" return "index.txt"
case changesMask: case changesMask:
return "changes.csv" return "changes.csv"
case listingMask:
return "directory listing"
case rolieListingMask:
return "directory listing [ROLIE]"
default: default:
var mixed []string var mixed []string
for mask := rolieMask; mask <= changesMask; mask <<= 1 { for mask := rolieMask; mask <= changesMask; mask <<= 1 {
@ -157,6 +164,10 @@ func (p *processor) clean() {
p.badSecurity.reset() p.badSecurity.reset()
p.badIndices.reset() p.badIndices.reset()
p.badChanges.reset() p.badChanges.reset()
p.badFolders.reset()
p.badWellknownMetadata.reset()
p.badDNSPath.reset()
p.badDirListings.reset()
} }
// run calls checkDomain function for each domain in the given "domains" parameter. // run calls checkDomain function for each domain in the given "domains" parameter.
@ -483,6 +494,10 @@ func (p *processor) processROLIEFeed(feed string) error {
return err return err
} }
if err := p.checkListing(base, rolieListingMask); err != nil && err != errContinue {
return err
}
return nil return nil
} }
@ -652,6 +667,21 @@ func (p *processor) checkCSAFs(domain string) error {
return err return err
} }
if err := p.checkListing(base, listingMask); err != nil && err != errContinue {
return err
}
return nil
}
func (p *processor) checkListing(base string, mask whereType) error {
links, err := p.linksOnPageURL(base)
if err != nil {
return err
}
for _, link := range links {
p.markChecked(link, mask)
}
return nil return nil
} }
@ -673,7 +703,7 @@ func (p *processor) checkMissing(string) error {
for _, f := range files { for _, f := range files {
v := p.alreadyChecked[f] v := p.alreadyChecked[f]
var where []string var where []string
for mask := rolieMask; mask <= changesMask; mask <<= 1 { for mask := rolieMask; mask <= rolieListingMask; mask <<= 1 {
if maxMask&mask == mask { if maxMask&mask == mask {
var in string var in string
if v&mask == mask { if v&mask == mask {

13
cmd/csaf_checker/reporters.go
View file

@ -186,10 +186,17 @@ func (r *changesReporter) report(p *processor, domain *Domain) {
req.Messages = p.badChanges req.Messages = p.badChanges
} }
func (r *directoryListingsReporter) report(_ *processor, domain *Domain) { func (r *directoryListingsReporter) report(p *processor, domain *Domain) {
// TODO: Implement me!
req := r.requirement(domain) req := r.requirement(domain)
_ = req if !p.badDirListings.used() {
req.message("No directory listings checked.")
return
}
if len(p.badDirListings) == 0 {
req.message("All directory listings are valid.")
return
}
req.Messages = p.badDirListings
} }
func (r *integrityReporter) report(p *processor, domain *Domain) { func (r *integrityReporter) report(p *processor, domain *Domain) {