SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Simplified requirement 15 (#369)

Browse source 
* Add badROLIEfeed as Topic Message

* Use badROLIEfeed to guarantee existant TLP labels White, Green or unlabeled. (Test not implemented)

* syntax

* Formatting

* Add Tlp check, completion struct

* Add mismatch to completion, add function checkCompletion to fill mismatch and also give an error if invalid tlp levels have been used

* formatting

* Add function to remove incomplete csaf feeds from list of complete csaf feeds for a given tlp level

* Add checkSummary function that checks whether a given feed would qualify as summary feed between all currently checked feeds

* Add completed check of tlp levels

* Add checks for correct hashes and signatures in ROLIE feed

* formatting

* Add rolieFeedReporter functionality

* fix typo

* Add todo, add return values to functions

* Switch error, ... return value so error returns last

* Fix typo

* Remove hash/sig checks that don't work, improve ROLIE message

* Add handling for advisories without tlp level

* Formatting

* Clean up rolie checks.

* Started with simplifying rolie checking

* Every ROLIE with data should have a summary.

* Clean up ROLIE feed label checker.

* if no TLP level can be extracted, return Unlabeled, not WHITE

* Add handling of advisories whose tlp exists, but has no label

* Also check TLP Red for completeness

* Only remove advisory from remain when it has exactly the right tlp color.

* Fix import in new rolie feed checker.

* Update comment to reflect current functionality

* Accept advisory of lesser tlp color in feed as completing.

* Collect advisory labels from advisories.

* Clarify that if no summary feed was found, it may exist but be either not listed or not accessible.

* Do not clone advisory lookup before.

* Move rolie check code to respective file.

---------

Co-authored-by: JanHoefelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
This commit is contained in:
Sascha L. Teichmann 2023-06-08 18:16:56 +02:00 committed by GitHub
parent 3ff7e16569
commit 55540a32e0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 434 additions and 159 deletions
Download patch file Download diff file Expand all files Collapse all files

13
cmd/csaf_checker/reporters.go
View file

@ -364,8 +364,17 @@ func (r *directoryListingsReporter) report(p *processor, domain *Domain) {
// given TLP level and whether any of the TLP levels
// TLP:WHITE, TLP:GREEN or unlabeled exists and sets the "message" field value
// of the "Requirement" struct as a result of that.
func (r *rolieFeedReporter) report(_ *processor, _ *Domain) {
// TODO
func (r *rolieFeedReporter) report(p *processor, domain *Domain) {
req := r.requirement(domain)
if !p.badROLIEfeed.used() {
req.message(InfoType, "No checks on the validity of ROLIE feeds performed.")
return
}
if len(p.badROLIEfeed) == 0 {
req.message(InfoType, "All checked ROLIE feeds validated fine.")
return
}
req.Messages = p.badROLIEfeed
}
// report tests whether a ROLIE service document is used and if so,