SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

minor updates to Enumerate method, integrate enumerate in cmd downloader

Browse source
This commit is contained in:
Kunz, Immanuel 2024-04-23 19:09:22 +02:00
parent d64aa20cee
commit 457d519990
3 changed files with 43 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

35
cmd/csaf_downloader/downloader.go
View file

@ -165,22 +165,22 @@ func httpLog(who string) func(string, string) {
} }
} }
func (d *downloader) enumerate(ctx context.Context, domain string) error { func (d *downloader) enumerate(domain string) error {
client := d.httpClient() client := d.httpClient()
loader := csaf.NewProviderMetadataLoader(client) loader := csaf.NewProviderMetadataLoader(client)
lpmd := loader.Enumerate(domain) lpmd := loader.Enumerate(domain)
for _, pmd := range lpmd {
if d.cfg.verbose() { if d.cfg.verbose() {
for i := range lpmd.Messages { for i := range pmd.Messages {
slog.Debug("Loading provider-metadata.json", slog.Debug("Enumerating provider-metadata.json",
"domain", domain, "domain", domain,
"message", lpmd.Messages[i].Message) "message", pmd.Messages[i].Message)
} }
} }
for _, pmd := range lpmd {
if !pmd.Valid() { if !pmd.Valid() {
return fmt.Errorf("invalid provider-metadata.json found for '%s'", domain) return fmt.Errorf("invalid provider-metadata.json found for '%s'", domain)
} }
@ -189,13 +189,15 @@ func (d *downloader) enumerate(ctx context.Context, domain string) error {
return fmt.Errorf("invalid URL found '%s': %v", pmd.URL, err) return fmt.Errorf("invalid URL found '%s': %v", pmd.URL, err)
} }
// TODO print // print the results
fmt.Println(pmd.URL) fmt.Println("Found provider-metadata file under URL", pmd.URL)
fmt.Println(pmd.Document) doc, err := json.MarshalIndent(pmd.Document, "", " ")
fmt.Println(pmd.Messages) if err != nil {
fmt.Println(pmd.Hash) slog.Error("Couldn't marshal PMD document json")
} }
fmt.Println(string(doc))
}
return nil
} }
func (d *downloader) download(ctx context.Context, domain string) error { func (d *downloader) download(ctx context.Context, domain string) error {
@ -775,3 +777,14 @@ func (d *downloader) run(ctx context.Context, domains []string) error {
} }
return nil return nil
} }
// runEnumerate performs the enumeration of PMDs for all the given domains.
func (d *downloader) runEnumerate(domains []string) error {
defer d.stats.log()
for _, domain := range domains {
if err := d.enumerate(domain); err != nil {
return err
}
}
return nil
}

5
cmd/csaf_downloader/main.go
View file

@ -41,6 +41,11 @@ func run(cfg *config, domains []string) error {
d.forwarder = f d.forwarder = f
} }
// First, enumerate existing PMDs, then load
err = d.runEnumerate(domains)
if err != nil {
return err
}
return d.run(ctx, domains) return d.run(ctx, domains)
} }

15
csaf/providermetaloader.go
View file

@ -45,7 +45,7 @@ const (
// WellknownSecurityMismatch indicates that the PMDs found under wellknown and // WellknownSecurityMismatch indicates that the PMDs found under wellknown and
// in the security do not match. // in the security do not match.
WellknownSecurityMismatch WellknownSecurityMismatch
// IgnoreProviderMetadata indicates that a extra PMD was ignored. // IgnoreProviderMetadata indicates that an extra PMD was ignored.
IgnoreProviderMetadata IgnoreProviderMetadata
) )
@ -113,7 +113,10 @@ func (pmdl *ProviderMetadataLoader) Enumerate(domain string) []*LoadedProviderMe
// Our array of PMDs to be found // Our array of PMDs to be found
var resPMDs []*LoadedProviderMetadata var resPMDs []*LoadedProviderMetadata
// TODO check direct path? // Check direct path
if strings.HasPrefix(domain, "https://") {
return []*LoadedProviderMetadata{pmdl.loadFromURL(domain)}
}
// First try the well-known path. // First try the well-known path.
wellknownURL := "https://" + domain + "/.well-known/csaf/provider-metadata.json" wellknownURL := "https://" + domain + "/.well-known/csaf/provider-metadata.json"
@ -122,11 +125,13 @@ func (pmdl *ProviderMetadataLoader) Enumerate(domain string) []*LoadedProviderMe
// Validate the candidate and add to the result array // Validate the candidate and add to the result array
if wellknownResult.Valid() { if wellknownResult.Valid() {
fmt.Println("Found well known result")
resPMDs = append(resPMDs, wellknownResult) resPMDs = append(resPMDs, wellknownResult)
} }
// Next load the PMDs from security.txt // Next load the PMDs from security.txt
secResults := pmdl.loadFromSecurity(domain) secResults := pmdl.loadFromSecurity(domain)
fmt.Println("Found security.txt results", len(secResults))
for _, result := range secResults { for _, result := range secResults {
if result.Valid() { if result.Valid() {
@ -134,7 +139,7 @@ func (pmdl *ProviderMetadataLoader) Enumerate(domain string) []*LoadedProviderMe
} }
} }
// According to the spec, only if no PMDs have been found, should the DNS URL be used // According to the spec, only if no PMDs have been found, the should DNS URL be used
if len(resPMDs) > 0 { if len(resPMDs) > 0 {
return resPMDs return resPMDs
} else { } else {
@ -144,8 +149,8 @@ func (pmdl *ProviderMetadataLoader) Enumerate(domain string) []*LoadedProviderMe
} }
// Load loads a provider metadata for a given path. // Load loads one valid provider metadata for a given path.
// If the domain starts with `https://` it only attemps to load // If the domain starts with `https://` it only attempts to load
// the data from that URL. // the data from that URL.
func (pmdl *ProviderMetadataLoader) Load(domain string) *LoadedProviderMetadata { func (pmdl *ProviderMetadataLoader) Load(domain string) *LoadedProviderMetadata {