WIP: Add requirement tests

2025-12-21 23:20:10 +01:00 · 2024-12-04 17:52:00 +01:00 · 2024-12-04 17:52:00 +01:00 · 5b6af7a4ad
commit 5b6af7a4ad
parent a51964be3f
3 changed files with 112 additions and 10 deletions
--- a/cmd/csaf_checker/processor_test.go
+++ b/cmd/csaf_checker/processor_test.go
@ -9,55 +9,150 @@
 package main

 import (
+	"fmt"
 	"net/http/httptest"
+	"reflect"
 	"testing"

 	"github.com/gocsaf/csaf/v3/internal/testutil"
 	"github.com/gocsaf/csaf/v3/util"
 )

+func getBaseRequirements(url string) []Requirement {
+	return []Requirement{
+		{
+			Num:         1,
+			Description: "Valid CSAF documents",
+			Messages:    []Message{{Type: 1, Text: "No remote validator configured"}, {Type: 0, Text: "All advisories validated fine against the schema."}},
+		}, {
+			Num:         2,
+			Description: "Filename",
+			Messages:    []Message{{Type: 0, Text: "All found filenames are conforming."}}},
+		{
+			Num:         3,
+			Description: "TLS",
+			Messages:    []Message{{Type: 0, Text: "All tested URLs were HTTPS."}}},
+		{
+			Num:         4,
+			Description: "TLP:WHITE",
+			Messages:    []Message{{Type: 0, Text: "All advisories labeled TLP:WHITE were freely accessible."}}},
+		{
+			Num:         5,
+			Description: "TLP:AMBER and TLP:RED",
+			Messages: []Message{
+				{Type: 0, Text: "No advisories labeled TLP:AMBER or TLP:RED tested for accessibility."}}},
+		{
+			Num:         6,
+			Description: "Redirects",
+			Messages:    []Message{{Type: 0, Text: "No redirections found."}}},
+		{
+			Num:         7,
+			Description: "provider-metadata.json",
+			Messages:    []Message{{Type: 0, Text: "Found good provider metadata."}}},
+		{
+			Num:         8,
+			Description: "security.txt",
+			Messages:    []Message{{Type: 0, Text: "Performed no test of security.txt since the direct url of the provider-metadata.json was used."}}},
+		{
+			Num:         9,
+			Description: "/.well-known/csaf/provider-metadata.json",
+			Messages:    []Message{{Type: 0, Text: "Performed no test on whether the provider-metadata.json is available under the .well-known path since the direct url of the provider-metadata.json was used."}}},
+		{
+			Num:         10,
+			Description: "DNS path",
+			Messages:    []Message{{Type: 0, Text: "Performed no test on the contents of https://csaf.data.security.DOMAIN since the direct url of the provider-metadata.json was used."}}},
+		{
+			Num:         11,
+			Description: "One folder per year",
+			Messages:    []Message{{Type: 2, Text: fmt.Sprintf("No year folder found in %s/white/avendor-advisory-0004.json", url)}}},
+		{
+			Num:         12,
+			Description: "index.txt",
+			Messages:    []Message{{Type: 0, Text: fmt.Sprintf("Found %s/white/index.txt", url)}}},
+		{
+			Num:         13,
+			Description: "changes.csv",
+			Messages:    []Message{{Type: 0, Text: fmt.Sprintf("Found %s/white/changes.csv", url)}}},
+		{
+			Num:         14,
+			Description: "Directory listings",
+			Messages:    []Message{{Type: 0, Text: "All directory listings are valid."}}},
+		{
+			Num:         15,
+			Description: "ROLIE feed",
+			Messages:    []Message{{Type: 2, Text: "ROLIE feed based distribution was not used."}}},
+		{
+			Num:         16,
+			Description: "ROLIE service document",
+			Messages:    []Message{{Type: 1, Text: "No ROLIE service document found."}}},
+		{
+			Num:         17,
+			Description: "ROLIE category document",
+			Messages:    []Message{{Type: 1, Text: "No ROLIE category document found."}}},
+		{
+			Num:         18,
+			Description: "Integrity",
+			Messages:    []Message{{Type: 0, Text: "All checksums match."}}},
+		{
+			Num:         19,
+			Description: "Signatures",
+			Messages:    []Message{{Type: 0, Text: "All signatures verified."}}},
+		{
+			Num:         20,
+			Description: "Public OpenPGP Key",
+			Messages:    []Message{{Type: 0, Text: "1 public OpenPGP key(s) loaded."}}},
+	}
+}
+
 func TestShaMarking(t *testing.T) {
 	tests := []struct {
 		name              string
 		directoryProvider bool
 		enableSha256      bool
 		enableSha512      bool
+		expected          func(string) []Requirement
 	}{
 		{
 			name:              "deliver sha256 and sha512",
 			directoryProvider: false,
 			enableSha256:      true,
 			enableSha512:      true,
+			expected:          getBaseRequirements,
 		},
 		{
 			name:              "only deliver sha256",
 			directoryProvider: false,
 			enableSha256:      true,
 			enableSha512:      false,
+			expected:          getBaseRequirements,
 		},
 		{
 			name:              "only deliver sha512",
 			directoryProvider: false,
 			enableSha256:      false,
 			enableSha512:      true,
+			expected:          getBaseRequirements,
 		},
 		{
 			name:              "only deliver sha256 and sha512, directory provider",
 			directoryProvider: true,
 			enableSha256:      true,
 			enableSha512:      true,
+			expected:          getBaseRequirements,
 		},
 		{
 			name:              "only deliver sha256, directory provider",
 			directoryProvider: true,
 			enableSha256:      true,
 			enableSha512:      false,
+			expected:          getBaseRequirements,
 		},
 		{
 			name:              "only deliver sha512, directory provider",
 			directoryProvider: true,
 			enableSha256:      false,
 			enableSha512:      true,
+			expected:          getBaseRequirements,
 		},
 	}

@ -92,11 +187,18 @@ func TestShaMarking(t *testing.T) {
 			}
 			p.client = client

-			// TODO check result of processor
-			_, err = p.run([]string{serverURL + "/provider-metadata.json"})
+			report, err := p.run([]string{serverURL + "/provider-metadata.json"})
 			if err != nil {
 				t.Errorf("SHA marking %v: Expected no error, got: %v", test.name, err)
 			}
+			expected := test.expected(serverURL)
+			for i, got := range report.Domains[0].Requirements {
+				want := expected[i]
+				if !reflect.DeepEqual(*got, want) {
+					t.Errorf("SHA marking %v: Expected %v, got %v", test.name, want, *got)
+				}
+			}
+
 			p.close()
 		})
 	}
--- a/testdata/simple-rolie-provider/service.json
+++ b/testdata/simple-rolie-provider/service.json
@ -6,7 +6,7 @@
        "collection": [
          {
            "title": "CSAF feed (TLP:WHITE)",
-            "href": "/white/white-feed.json",
+            "href": "{{.URL}}/white/white-feed.json",
            "categories": {
              "category": [
                {
--- a/testdata/simple-rolie-provider/white/white-feed.json
+++ b/testdata/simple-rolie-provider/white/white-feed.json
@ -5,11 +5,11 @@
    "link": [
      {
        "rel": "self",
-        "href": "/white/csaf-feed-tlp-white.json"
+        "href": "{{.URL}}/white/csaf-feed-tlp-white.json"
      },
      {
        "rel": "service",
-        "href": "/service.json"
+        "href": "{{.URL}}/service.json"
      }
    ],
    "category": [
@ -26,30 +26,30 @@
        "link": [
          {
            "rel": "self",
-            "href": "/white/avendor-advisory-0004.json"
+            "href": "{{.URL}}/white/avendor-advisory-0004.json"
          },
          {{if .EnableSha256}}
          {
            "rel": "hash",
-            "href": "/white/avendor-advisory-0004.json.sha256"
+            "href": "{{.URL}}/white/avendor-advisory-0004.json.sha256"
          },
          {{end}}
          {{if .EnableSha512}}
          {
            "rel": "hash",
-            "href": "/white/avendor-advisory-0004.json.sha512"
+            "href": "{{.URL}}/white/avendor-advisory-0004.json.sha512"
          },
          {{end}}
          {
            "rel": "signature",
-            "href": "/white/avendor-advisory-0004.json.asc"
+            "href": "{{.URL}}/white/avendor-advisory-0004.json.asc"
          }
        ],
        "published": "2020-01-01T00:00:00Z",
        "updated": "2020-01-01T00:00:00Z",
        "content": {
          "type": "application/json",
-          "src": "/avendor-advisory-0004.json"
+          "src": "{{.URL}}/avendor-advisory-0004.json"
        },
        "format": {
          "schema": "https://docs.oasis-open.org/csaf/csaf/v2.0/csaf_json_schema.json",