From 457d519990425ca1f77526c17a2210e4ea02b98d Mon Sep 17 00:00:00 2001
From: "Kunz, Immanuel" <immanuel.kunz@aisec.fraunhofer.de>
Date: Tue, 23 Apr 2024 19:09:22 +0200
Subject: [PATCH] minor updates to Enumerate method, integrate enumerate in cmd
 downloader

---
 cmd/csaf_downloader/downloader.go | 43 ++++++++++++++++++++-----------
 cmd/csaf_downloader/main.go       |  5 ++++
 csaf/providermetaloader.go        | 15 +++++++----
 3 files changed, 43 insertions(+), 20 deletions(-)

diff --git a/cmd/csaf_downloader/downloader.go b/cmd/csaf_downloader/downloader.go
index 86939d8..d8a966f 100644
--- a/cmd/csaf_downloader/downloader.go
+++ b/cmd/csaf_downloader/downloader.go
@@ -165,22 +165,22 @@ func httpLog(who string) func(string, string) {
 	}
 }
 
-func (d *downloader) enumerate(ctx context.Context, domain string) error {
+func (d *downloader) enumerate(domain string) error {
 	client := d.httpClient()
 
 	loader := csaf.NewProviderMetadataLoader(client)
 
 	lpmd := loader.Enumerate(domain)
 
-	if d.cfg.verbose() {
-		for i := range lpmd.Messages {
-			slog.Debug("Loading provider-metadata.json",
-				"domain", domain,
-				"message", lpmd.Messages[i].Message)
-		}
-	}
-
 	for _, pmd := range lpmd {
+		if d.cfg.verbose() {
+			for i := range pmd.Messages {
+				slog.Debug("Enumerating provider-metadata.json",
+					"domain", domain,
+					"message", pmd.Messages[i].Message)
+			}
+		}
+
 		if !pmd.Valid() {
 			return fmt.Errorf("invalid provider-metadata.json found for '%s'", domain)
 		}
@@ -189,13 +189,15 @@ func (d *downloader) enumerate(ctx context.Context, domain string) error {
 			return fmt.Errorf("invalid URL found '%s': %v", pmd.URL, err)
 		}
 
-		// TODO print
-		fmt.Println(pmd.URL)
-		fmt.Println(pmd.Document)
-		fmt.Println(pmd.Messages)
-		fmt.Println(pmd.Hash)
+		// print the results
+		fmt.Println("Found provider-metadata file under URL", pmd.URL)
+		doc, err := json.MarshalIndent(pmd.Document, "", "  ")
+		if err != nil {
+			slog.Error("Couldn't marshal PMD document json")
+		}
+		fmt.Println(string(doc))
 	}
-
+	return nil
 }
 
 func (d *downloader) download(ctx context.Context, domain string) error {
@@ -775,3 +777,14 @@ func (d *downloader) run(ctx context.Context, domains []string) error {
 	}
 	return nil
 }
+
+// runEnumerate performs the enumeration of PMDs for all the given domains.
+func (d *downloader) runEnumerate(domains []string) error {
+	defer d.stats.log()
+	for _, domain := range domains {
+		if err := d.enumerate(domain); err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/cmd/csaf_downloader/main.go b/cmd/csaf_downloader/main.go
index daff163..e54b2e1 100644
--- a/cmd/csaf_downloader/main.go
+++ b/cmd/csaf_downloader/main.go
@@ -41,6 +41,11 @@ func run(cfg *config, domains []string) error {
 		d.forwarder = f
 	}
 
+	// First, enumerate existing PMDs, then load
+	err = d.runEnumerate(domains)
+	if err != nil {
+		return err
+	}
 	return d.run(ctx, domains)
 }
 
diff --git a/csaf/providermetaloader.go b/csaf/providermetaloader.go
index 2b2e85f..9549e3d 100644
--- a/csaf/providermetaloader.go
+++ b/csaf/providermetaloader.go
@@ -45,7 +45,7 @@ const (
 	// WellknownSecurityMismatch indicates that the PMDs found under wellknown and
 	// in the security do not match.
 	WellknownSecurityMismatch
-	// IgnoreProviderMetadata indicates that a extra PMD was ignored.
+	// IgnoreProviderMetadata indicates that an extra PMD was ignored.
 	IgnoreProviderMetadata
 )
 
@@ -113,7 +113,10 @@ func (pmdl *ProviderMetadataLoader) Enumerate(domain string) []*LoadedProviderMe
 	// Our array of PMDs to be found
 	var resPMDs []*LoadedProviderMetadata
 
-	// TODO check direct path?
+	// Check direct path
+	if strings.HasPrefix(domain, "https://") {
+		return []*LoadedProviderMetadata{pmdl.loadFromURL(domain)}
+	}
 
 	// First try the well-known path.
 	wellknownURL := "https://" + domain + "/.well-known/csaf/provider-metadata.json"
@@ -122,11 +125,13 @@ func (pmdl *ProviderMetadataLoader) Enumerate(domain string) []*LoadedProviderMe
 
 	// Validate the candidate and add to the result array
 	if wellknownResult.Valid() {
+		fmt.Println("Found well known result")
 		resPMDs = append(resPMDs, wellknownResult)
 	}
 
 	// Next load the PMDs from security.txt
 	secResults := pmdl.loadFromSecurity(domain)
+	fmt.Println("Found security.txt results", len(secResults))
 
 	for _, result := range secResults {
 		if result.Valid() {
@@ -134,7 +139,7 @@ func (pmdl *ProviderMetadataLoader) Enumerate(domain string) []*LoadedProviderMe
 		}
 	}
 
-	// According to the spec, only if no PMDs have been found, should the DNS URL be used
+	// According to the spec, only if no PMDs have been found, the should DNS URL be used
 	if len(resPMDs) > 0 {
 		return resPMDs
 	} else {
@@ -144,8 +149,8 @@ func (pmdl *ProviderMetadataLoader) Enumerate(domain string) []*LoadedProviderMe
 
 }
 
-// Load loads a provider metadata for a given path.
-// If the domain starts with `https://` it only attemps to load
+// Load loads one valid provider metadata for a given path.
+// If the domain starts with `https://` it only attempts to load
 // the data from that URL.
 func (pmdl *ProviderMetadataLoader) Load(domain string) *LoadedProviderMetadata {