diff --git a/cmd/csaf_checker/processor_test.go b/cmd/csaf_checker/processor_test.go index b8b1b1f..73574bd 100644 --- a/cmd/csaf_checker/processor_test.go +++ b/cmd/csaf_checker/processor_test.go @@ -9,55 +9,150 @@ package main import ( + "fmt" "net/http/httptest" + "reflect" "testing" "github.com/gocsaf/csaf/v3/internal/testutil" "github.com/gocsaf/csaf/v3/util" ) +func getBaseRequirements(url string) []Requirement { + return []Requirement{ + { + Num: 1, + Description: "Valid CSAF documents", + Messages: []Message{{Type: 1, Text: "No remote validator configured"}, {Type: 0, Text: "All advisories validated fine against the schema."}}, + }, { + Num: 2, + Description: "Filename", + Messages: []Message{{Type: 0, Text: "All found filenames are conforming."}}}, + { + Num: 3, + Description: "TLS", + Messages: []Message{{Type: 0, Text: "All tested URLs were HTTPS."}}}, + { + Num: 4, + Description: "TLP:WHITE", + Messages: []Message{{Type: 0, Text: "All advisories labeled TLP:WHITE were freely accessible."}}}, + { + Num: 5, + Description: "TLP:AMBER and TLP:RED", + Messages: []Message{ + {Type: 0, Text: "No advisories labeled TLP:AMBER or TLP:RED tested for accessibility."}}}, + { + Num: 6, + Description: "Redirects", + Messages: []Message{{Type: 0, Text: "No redirections found."}}}, + { + Num: 7, + Description: "provider-metadata.json", + Messages: []Message{{Type: 0, Text: "Found good provider metadata."}}}, + { + Num: 8, + Description: "security.txt", + Messages: []Message{{Type: 0, Text: "Performed no test of security.txt since the direct url of the provider-metadata.json was used."}}}, + { + Num: 9, + Description: "/.well-known/csaf/provider-metadata.json", + Messages: []Message{{Type: 0, Text: "Performed no test on whether the provider-metadata.json is available under the .well-known path since the direct url of the provider-metadata.json was used."}}}, + { + Num: 10, + Description: "DNS path", + Messages: []Message{{Type: 0, Text: "Performed no test on the contents of https://csaf.data.security.DOMAIN since the direct url of the provider-metadata.json was used."}}}, + { + Num: 11, + Description: "One folder per year", + Messages: []Message{{Type: 2, Text: fmt.Sprintf("No year folder found in %s/white/avendor-advisory-0004.json", url)}}}, + { + Num: 12, + Description: "index.txt", + Messages: []Message{{Type: 0, Text: fmt.Sprintf("Found %s/white/index.txt", url)}}}, + { + Num: 13, + Description: "changes.csv", + Messages: []Message{{Type: 0, Text: fmt.Sprintf("Found %s/white/changes.csv", url)}}}, + { + Num: 14, + Description: "Directory listings", + Messages: []Message{{Type: 0, Text: "All directory listings are valid."}}}, + { + Num: 15, + Description: "ROLIE feed", + Messages: []Message{{Type: 2, Text: "ROLIE feed based distribution was not used."}}}, + { + Num: 16, + Description: "ROLIE service document", + Messages: []Message{{Type: 1, Text: "No ROLIE service document found."}}}, + { + Num: 17, + Description: "ROLIE category document", + Messages: []Message{{Type: 1, Text: "No ROLIE category document found."}}}, + { + Num: 18, + Description: "Integrity", + Messages: []Message{{Type: 0, Text: "All checksums match."}}}, + { + Num: 19, + Description: "Signatures", + Messages: []Message{{Type: 0, Text: "All signatures verified."}}}, + { + Num: 20, + Description: "Public OpenPGP Key", + Messages: []Message{{Type: 0, Text: "1 public OpenPGP key(s) loaded."}}}, + } +} + func TestShaMarking(t *testing.T) { tests := []struct { name string directoryProvider bool enableSha256 bool enableSha512 bool + expected func(string) []Requirement }{ { name: "deliver sha256 and sha512", directoryProvider: false, enableSha256: true, enableSha512: true, + expected: getBaseRequirements, }, { name: "only deliver sha256", directoryProvider: false, enableSha256: true, enableSha512: false, + expected: getBaseRequirements, }, { name: "only deliver sha512", directoryProvider: false, enableSha256: false, enableSha512: true, + expected: getBaseRequirements, }, { name: "only deliver sha256 and sha512, directory provider", directoryProvider: true, enableSha256: true, enableSha512: true, + expected: getBaseRequirements, }, { name: "only deliver sha256, directory provider", directoryProvider: true, enableSha256: true, enableSha512: false, + expected: getBaseRequirements, }, { name: "only deliver sha512, directory provider", directoryProvider: true, enableSha256: false, enableSha512: true, + expected: getBaseRequirements, }, } @@ -92,11 +187,18 @@ func TestShaMarking(t *testing.T) { } p.client = client - // TODO check result of processor - _, err = p.run([]string{serverURL + "/provider-metadata.json"}) + report, err := p.run([]string{serverURL + "/provider-metadata.json"}) if err != nil { t.Errorf("SHA marking %v: Expected no error, got: %v", test.name, err) } + expected := test.expected(serverURL) + for i, got := range report.Domains[0].Requirements { + want := expected[i] + if !reflect.DeepEqual(*got, want) { + t.Errorf("SHA marking %v: Expected %v, got %v", test.name, want, *got) + } + } + p.close() }) } diff --git a/testdata/simple-rolie-provider/service.json b/testdata/simple-rolie-provider/service.json index 500d882..a398a40 100644 --- a/testdata/simple-rolie-provider/service.json +++ b/testdata/simple-rolie-provider/service.json @@ -6,7 +6,7 @@ "collection": [ { "title": "CSAF feed (TLP:WHITE)", - "href": "/white/white-feed.json", + "href": "{{.URL}}/white/white-feed.json", "categories": { "category": [ { diff --git a/testdata/simple-rolie-provider/white/white-feed.json b/testdata/simple-rolie-provider/white/white-feed.json index 1bc17bc..923a492 100644 --- a/testdata/simple-rolie-provider/white/white-feed.json +++ b/testdata/simple-rolie-provider/white/white-feed.json @@ -5,11 +5,11 @@ "link": [ { "rel": "self", - "href": "/white/csaf-feed-tlp-white.json" + "href": "{{.URL}}/white/csaf-feed-tlp-white.json" }, { "rel": "service", - "href": "/service.json" + "href": "{{.URL}}/service.json" } ], "category": [ @@ -26,30 +26,30 @@ "link": [ { "rel": "self", - "href": "/white/avendor-advisory-0004.json" + "href": "{{.URL}}/white/avendor-advisory-0004.json" }, {{if .EnableSha256}} { "rel": "hash", - "href": "/white/avendor-advisory-0004.json.sha256" + "href": "{{.URL}}/white/avendor-advisory-0004.json.sha256" }, {{end}} {{if .EnableSha512}} { "rel": "hash", - "href": "/white/avendor-advisory-0004.json.sha512" + "href": "{{.URL}}/white/avendor-advisory-0004.json.sha512" }, {{end}} { "rel": "signature", - "href": "/white/avendor-advisory-0004.json.asc" + "href": "{{.URL}}/white/avendor-advisory-0004.json.asc" } ], "published": "2020-01-01T00:00:00Z", "updated": "2020-01-01T00:00:00Z", "content": { "type": "application/json", - "src": "/avendor-advisory-0004.json" + "src": "{{.URL}}/avendor-advisory-0004.json" }, "format": { "schema": "https://docs.oasis-open.org/csaf/csaf/v2.0/csaf_json_schema.json",