mirror of
https://github.com/gocsaf/csaf.git
synced 2025-12-22 05:40:11 +01:00
Differentiate if fingerprint is empty or not given
This commit is contained in:
koplas
koplas
parent
9037574d96
commit
4e09dbf41f
4 changed files with 26 additions and 20 deletions
|
|
@ -199,7 +199,7 @@ func (w *worker) mirrorPGPKeys(pm *csaf.ProviderMetadata) error {
|
||||||
w.log.Warn("Ignoring PGP key without URL", "fingerprint", pgpKey.Fingerprint)
|
w.log.Warn("Ignoring PGP key without URL", "fingerprint", pgpKey.Fingerprint)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
if _, err := hex.DecodeString(string(pgpKey.Fingerprint)); err != nil {
|
if _, err := hex.DecodeString(string(*pgpKey.Fingerprint)); err != nil {
|
||||||
w.log.Warn("Ignoring PGP key with invalid fingerprint", "url", *pgpKey.URL)
|
w.log.Warn("Ignoring PGP key with invalid fingerprint", "url", *pgpKey.URL)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
@ -217,7 +217,7 @@ func (w *worker) mirrorPGPKeys(pm *csaf.ProviderMetadata) error {
|
||||||
*pgpKey.URL, res.Status, res.StatusCode)
|
*pgpKey.URL, res.Status, res.StatusCode)
|
||||||
}
|
}
|
||||||
|
|
||||||
fingerprint := strings.ToUpper(string(pgpKey.Fingerprint))
|
fingerprint := strings.ToUpper(string(*pgpKey.Fingerprint))
|
||||||
|
|
||||||
localFile := filepath.Join(openPGPFolder, fingerprint+".asc")
|
localFile := filepath.Join(openPGPFolder, fingerprint+".asc")
|
||||||
|
|
||||||
|
|
@ -588,12 +588,12 @@ func (w *worker) mirrorFiles(tlpLabel csaf.TLPLabel, files []csaf.AdvisoryFile)
|
||||||
if err := os.MkdirAll(yearDir, 0755); err != nil {
|
if err := os.MkdirAll(yearDir, 0755); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
//log.Printf("created %s\n", yearDir)
|
// log.Printf("created %s\n", yearDir)
|
||||||
yearDirs[year] = yearDir
|
yearDirs[year] = yearDir
|
||||||
}
|
}
|
||||||
|
|
||||||
fname := filepath.Join(yearDir, filename)
|
fname := filepath.Join(yearDir, filename)
|
||||||
//log.Printf("write: %s\n", fname)
|
// log.Printf("write: %s\n", fname)
|
||||||
data := content.Bytes()
|
data := content.Bytes()
|
||||||
if err := writeFileHashes(
|
if err := writeFileHashes(
|
||||||
fname, filename,
|
fname, filename,
|
||||||
|
|
|
||||||
|
|
@ -83,10 +83,8 @@ type reporter interface {
|
||||||
report(*processor, *Domain)
|
report(*processor, *Domain)
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
// errContinue indicates that the current check should continue.
|
||||||
// errContinue indicates that the current check should continue.
|
var errContinue = errors.New("continue")
|
||||||
errContinue = errors.New("continue")
|
|
||||||
)
|
|
||||||
|
|
||||||
type whereType byte
|
type whereType byte
|
||||||
|
|
||||||
|
|
@ -970,8 +968,7 @@ func (p *processor) checkChanges(base string, mask whereType) error {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
path := r[pathColumn]
|
path := r[pathColumn]
|
||||||
times, files =
|
times, files = append(times, t),
|
||||||
append(times, t),
|
|
||||||
append(files, csaf.PlainAdvisoryFile(path))
|
append(files, csaf.PlainAdvisoryFile(path))
|
||||||
}
|
}
|
||||||
return times, files, nil
|
return times, files, nil
|
||||||
|
|
@ -1227,7 +1224,6 @@ func (p *processor) checkWhitePermissions(string) error {
|
||||||
// According to the result, the respective error messages added to
|
// According to the result, the respective error messages added to
|
||||||
// badProviderMetadata.
|
// badProviderMetadata.
|
||||||
func (p *processor) checkProviderMetadata(domain string) bool {
|
func (p *processor) checkProviderMetadata(domain string) bool {
|
||||||
|
|
||||||
p.badProviderMetadata.use()
|
p.badProviderMetadata.use()
|
||||||
|
|
||||||
client := p.httpClient()
|
client := p.httpClient()
|
||||||
|
|
@ -1518,13 +1514,17 @@ func (p *processor) checkPGPKeys(_ string) error {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
if key.Fingerprint == "" {
|
if key.Fingerprint == nil {
|
||||||
p.badPGPs.warn("No fingerprint for public OpenPGP key found.")
|
p.badPGPs.warn("No fingerprint for public OpenPGP key found.")
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
if !strings.EqualFold(ckey.GetFingerprint(), string(key.Fingerprint)) {
|
if *key.Fingerprint == "" {
|
||||||
p.badPGPs.error("Given Fingerprint (%q) of public OpenPGP key %q does not match remotely loaded (%q).", string(key.Fingerprint), u, ckey.GetFingerprint())
|
p.badPGPs.warn("Empty fingerprint for public OpenPGP key found.")
|
||||||
|
}
|
||||||
|
|
||||||
|
if !strings.EqualFold(ckey.GetFingerprint(), string(*key.Fingerprint)) {
|
||||||
|
p.badPGPs.error("Given Fingerprint (%q) of public OpenPGP key %q does not match remotely loaded (%q).", string(*key.Fingerprint), u, ckey.GetFingerprint())
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
if p.keys == nil {
|
if p.keys == nil {
|
||||||
|
|
|
||||||
|
|
@ -366,12 +366,17 @@ func (d *downloader) loadOpenPGPKeys(
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
if key.Fingerprint == "" {
|
if key.Fingerprint == nil {
|
||||||
slog.Warn("No fingerprint for public OpenPGP key found.")
|
slog.Warn("No fingerprint for public OpenPGP key found.")
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
if !strings.EqualFold(ckey.GetFingerprint(), string(key.Fingerprint)) {
|
if *key.Fingerprint == "" {
|
||||||
|
slog.Warn("Empty fingerprint for public OpenPGP key found.")
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
if !strings.EqualFold(ckey.GetFingerprint(), string(*key.Fingerprint)) {
|
||||||
slog.Warn(
|
slog.Warn(
|
||||||
"Fingerprint of public OpenPGP key does not match remotely loaded",
|
"Fingerprint of public OpenPGP key does not match remotely loaded",
|
||||||
"url", u, "fingerprint", key.Fingerprint, "remote-fingerprint", ckey.GetFingerprint())
|
"url", u, "fingerprint", key.Fingerprint, "remote-fingerprint", ckey.GetFingerprint())
|
||||||
|
|
|
||||||
|
|
@ -81,8 +81,8 @@ var fingerprintPattern = patternUnmarshal(`^[0-9a-fA-F]{40,}$`)
|
||||||
// PGPKey is location and the fingerprint of the key
|
// PGPKey is location and the fingerprint of the key
|
||||||
// used to sign the CSAF documents.
|
// used to sign the CSAF documents.
|
||||||
type PGPKey struct {
|
type PGPKey struct {
|
||||||
Fingerprint Fingerprint `json:"fingerprint,omitempty"`
|
Fingerprint *Fingerprint `json:"fingerprint,omitempty"`
|
||||||
URL *string `json:"url"` // required
|
URL *string `json:"url"` // required
|
||||||
}
|
}
|
||||||
|
|
||||||
// Category is the category of the CSAF feed.
|
// Category is the category of the CSAF feed.
|
||||||
|
|
@ -616,13 +616,14 @@ func (pmd *ProviderMetadata) SetLastUpdated(t time.Time) {
|
||||||
// If there is no such key it is append to the list of keys.
|
// If there is no such key it is append to the list of keys.
|
||||||
func (pmd *ProviderMetadata) SetPGP(fingerprint, url string) {
|
func (pmd *ProviderMetadata) SetPGP(fingerprint, url string) {
|
||||||
for i := range pmd.PGPKeys {
|
for i := range pmd.PGPKeys {
|
||||||
if strings.EqualFold(string(pmd.PGPKeys[i].Fingerprint), fingerprint) {
|
if strings.EqualFold(string(*pmd.PGPKeys[i].Fingerprint), fingerprint) {
|
||||||
pmd.PGPKeys[i].URL = &url
|
pmd.PGPKeys[i].URL = &url
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
f := Fingerprint(fingerprint)
|
||||||
pmd.PGPKeys = append(pmd.PGPKeys, PGPKey{
|
pmd.PGPKeys = append(pmd.PGPKeys, PGPKey{
|
||||||
Fingerprint: Fingerprint(fingerprint),
|
Fingerprint: &f,
|
||||||
URL: &url,
|
URL: &url,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue