From 4e09dbf41f9e60e60ebbf2dcffc30ca38e8dc64f Mon Sep 17 00:00:00 2001 From: koplas <54645365+koplas@users.noreply.github.com> Date: Tue, 20 Aug 2024 16:19:34 +0200 Subject: [PATCH] Differentiate if fingerprint is empty or not given --- cmd/csaf_aggregator/mirror.go | 8 ++++---- cmd/csaf_checker/processor.go | 20 ++++++++++---------- cmd/csaf_downloader/downloader.go | 9 +++++++-- csaf/models.go | 9 +++++---- 4 files changed, 26 insertions(+), 20 deletions(-) diff --git a/cmd/csaf_aggregator/mirror.go b/cmd/csaf_aggregator/mirror.go index 6bf72a3..47a1b86 100644 --- a/cmd/csaf_aggregator/mirror.go +++ b/cmd/csaf_aggregator/mirror.go @@ -199,7 +199,7 @@ func (w *worker) mirrorPGPKeys(pm *csaf.ProviderMetadata) error { w.log.Warn("Ignoring PGP key without URL", "fingerprint", pgpKey.Fingerprint) continue } - if _, err := hex.DecodeString(string(pgpKey.Fingerprint)); err != nil { + if _, err := hex.DecodeString(string(*pgpKey.Fingerprint)); err != nil { w.log.Warn("Ignoring PGP key with invalid fingerprint", "url", *pgpKey.URL) continue } @@ -217,7 +217,7 @@ func (w *worker) mirrorPGPKeys(pm *csaf.ProviderMetadata) error { *pgpKey.URL, res.Status, res.StatusCode) } - fingerprint := strings.ToUpper(string(pgpKey.Fingerprint)) + fingerprint := strings.ToUpper(string(*pgpKey.Fingerprint)) localFile := filepath.Join(openPGPFolder, fingerprint+".asc") @@ -588,12 +588,12 @@ func (w *worker) mirrorFiles(tlpLabel csaf.TLPLabel, files []csaf.AdvisoryFile) if err := os.MkdirAll(yearDir, 0755); err != nil { return err } - //log.Printf("created %s\n", yearDir) + // log.Printf("created %s\n", yearDir) yearDirs[year] = yearDir } fname := filepath.Join(yearDir, filename) - //log.Printf("write: %s\n", fname) + // log.Printf("write: %s\n", fname) data := content.Bytes() if err := writeFileHashes( fname, filename, diff --git a/cmd/csaf_checker/processor.go b/cmd/csaf_checker/processor.go index b5f949e..7cbe2ad 100644 --- a/cmd/csaf_checker/processor.go +++ b/cmd/csaf_checker/processor.go @@ -83,10 +83,8 @@ type reporter interface { report(*processor, *Domain) } -var ( - // errContinue indicates that the current check should continue. - errContinue = errors.New("continue") -) +// errContinue indicates that the current check should continue. +var errContinue = errors.New("continue") type whereType byte @@ -970,8 +968,7 @@ func (p *processor) checkChanges(base string, mask whereType) error { continue } path := r[pathColumn] - times, files = - append(times, t), + times, files = append(times, t), append(files, csaf.PlainAdvisoryFile(path)) } return times, files, nil @@ -1227,7 +1224,6 @@ func (p *processor) checkWhitePermissions(string) error { // According to the result, the respective error messages added to // badProviderMetadata. func (p *processor) checkProviderMetadata(domain string) bool { - p.badProviderMetadata.use() client := p.httpClient() @@ -1518,13 +1514,17 @@ func (p *processor) checkPGPKeys(_ string) error { continue } - if key.Fingerprint == "" { + if key.Fingerprint == nil { p.badPGPs.warn("No fingerprint for public OpenPGP key found.") continue } - if !strings.EqualFold(ckey.GetFingerprint(), string(key.Fingerprint)) { - p.badPGPs.error("Given Fingerprint (%q) of public OpenPGP key %q does not match remotely loaded (%q).", string(key.Fingerprint), u, ckey.GetFingerprint()) + if *key.Fingerprint == "" { + p.badPGPs.warn("Empty fingerprint for public OpenPGP key found.") + } + + if !strings.EqualFold(ckey.GetFingerprint(), string(*key.Fingerprint)) { + p.badPGPs.error("Given Fingerprint (%q) of public OpenPGP key %q does not match remotely loaded (%q).", string(*key.Fingerprint), u, ckey.GetFingerprint()) continue } if p.keys == nil { diff --git a/cmd/csaf_downloader/downloader.go b/cmd/csaf_downloader/downloader.go index a5eeb71..d3b702e 100644 --- a/cmd/csaf_downloader/downloader.go +++ b/cmd/csaf_downloader/downloader.go @@ -366,12 +366,17 @@ func (d *downloader) loadOpenPGPKeys( continue } - if key.Fingerprint == "" { + if key.Fingerprint == nil { slog.Warn("No fingerprint for public OpenPGP key found.") continue } - if !strings.EqualFold(ckey.GetFingerprint(), string(key.Fingerprint)) { + if *key.Fingerprint == "" { + slog.Warn("Empty fingerprint for public OpenPGP key found.") + continue + } + + if !strings.EqualFold(ckey.GetFingerprint(), string(*key.Fingerprint)) { slog.Warn( "Fingerprint of public OpenPGP key does not match remotely loaded", "url", u, "fingerprint", key.Fingerprint, "remote-fingerprint", ckey.GetFingerprint()) diff --git a/csaf/models.go b/csaf/models.go index c7e507d..c9a7dc7 100644 --- a/csaf/models.go +++ b/csaf/models.go @@ -81,8 +81,8 @@ var fingerprintPattern = patternUnmarshal(`^[0-9a-fA-F]{40,}$`) // PGPKey is location and the fingerprint of the key // used to sign the CSAF documents. type PGPKey struct { - Fingerprint Fingerprint `json:"fingerprint,omitempty"` - URL *string `json:"url"` // required + Fingerprint *Fingerprint `json:"fingerprint,omitempty"` + URL *string `json:"url"` // required } // Category is the category of the CSAF feed. @@ -616,13 +616,14 @@ func (pmd *ProviderMetadata) SetLastUpdated(t time.Time) { // If there is no such key it is append to the list of keys. func (pmd *ProviderMetadata) SetPGP(fingerprint, url string) { for i := range pmd.PGPKeys { - if strings.EqualFold(string(pmd.PGPKeys[i].Fingerprint), fingerprint) { + if strings.EqualFold(string(*pmd.PGPKeys[i].Fingerprint), fingerprint) { pmd.PGPKeys[i].URL = &url return } } + f := Fingerprint(fingerprint) pmd.PGPKeys = append(pmd.PGPKeys, PGPKey{ - Fingerprint: Fingerprint(fingerprint), + Fingerprint: &f, URL: &url, }) }