SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 05:40:11 +01:00
Code Issues Releases Activity Actions

WIP: Add requirement tests

Browse source
This commit is contained in:
koplas 2024-12-04 17:52:00 +01:00
parent a51964be3f
commit 5b6af7a4ad
3 changed files with 112 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

106
cmd/csaf_checker/processor_test.go
View file

@ -9,55 +9,150 @@
package main package main
import ( import (
"fmt"
"net/http/httptest" "net/http/httptest"
"reflect"
"testing" "testing"
"github.com/gocsaf/csaf/v3/internal/testutil" "github.com/gocsaf/csaf/v3/internal/testutil"
"github.com/gocsaf/csaf/v3/util" "github.com/gocsaf/csaf/v3/util"
) )
func getBaseRequirements(url string) []Requirement {
return []Requirement{
{
Num: 1,
Description: "Valid CSAF documents",
Messages: []Message{{Type: 1, Text: "No remote validator configured"}, {Type: 0, Text: "All advisories validated fine against the schema."}},
}, {
Num: 2,
Description: "Filename",
Messages: []Message{{Type: 0, Text: "All found filenames are conforming."}}},
{
Num: 3,
Description: "TLS",
Messages: []Message{{Type: 0, Text: "All tested URLs were HTTPS."}}},
{
Num: 4,
Description: "TLP:WHITE",
Messages: []Message{{Type: 0, Text: "All advisories labeled TLP:WHITE were freely accessible."}}},
{
Num: 5,
Description: "TLP:AMBER and TLP:RED",
Messages: []Message{
{Type: 0, Text: "No advisories labeled TLP:AMBER or TLP:RED tested for accessibility."}}},
{
Num: 6,
Description: "Redirects",
Messages: []Message{{Type: 0, Text: "No redirections found."}}},
{
Num: 7,
Description: "provider-metadata.json",
Messages: []Message{{Type: 0, Text: "Found good provider metadata."}}},
{
Num: 8,
Description: "security.txt",
Messages: []Message{{Type: 0, Text: "Performed no test of security.txt since the direct url of the provider-metadata.json was used."}}},
{
Num: 9,
Description: "/.well-known/csaf/provider-metadata.json",
Messages: []Message{{Type: 0, Text: "Performed no test on whether the provider-metadata.json is available under the .well-known path since the direct url of the provider-metadata.json was used."}}},
{
Num: 10,
Description: "DNS path",
Messages: []Message{{Type: 0, Text: "Performed no test on the contents of https://csaf.data.security.DOMAIN since the direct url of the provider-metadata.json was used."}}},
{
Num: 11,
Description: "One folder per year",
Messages: []Message{{Type: 2, Text: fmt.Sprintf("No year folder found in %s/white/avendor-advisory-0004.json", url)}}},
{
Num: 12,
Description: "index.txt",
Messages: []Message{{Type: 0, Text: fmt.Sprintf("Found %s/white/index.txt", url)}}},
{
Num: 13,
Description: "changes.csv",
Messages: []Message{{Type: 0, Text: fmt.Sprintf("Found %s/white/changes.csv", url)}}},
{
Num: 14,
Description: "Directory listings",
Messages: []Message{{Type: 0, Text: "All directory listings are valid."}}},
{
Num: 15,
Description: "ROLIE feed",
Messages: []Message{{Type: 2, Text: "ROLIE feed based distribution was not used."}}},
{
Num: 16,
Description: "ROLIE service document",
Messages: []Message{{Type: 1, Text: "No ROLIE service document found."}}},
{
Num: 17,
Description: "ROLIE category document",
Messages: []Message{{Type: 1, Text: "No ROLIE category document found."}}},
{
Num: 18,
Description: "Integrity",
Messages: []Message{{Type: 0, Text: "All checksums match."}}},
{
Num: 19,
Description: "Signatures",
Messages: []Message{{Type: 0, Text: "All signatures verified."}}},
{
Num: 20,
Description: "Public OpenPGP Key",
Messages: []Message{{Type: 0, Text: "1 public OpenPGP key(s) loaded."}}},
}
}
func TestShaMarking(t *testing.T) { func TestShaMarking(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
directoryProvider bool directoryProvider bool
enableSha256 bool enableSha256 bool
enableSha512 bool enableSha512 bool
expected func(string) []Requirement
}{ }{
{ {
name: "deliver sha256 and sha512", name: "deliver sha256 and sha512",
directoryProvider: false, directoryProvider: false,
enableSha256: true, enableSha256: true,
enableSha512: true, enableSha512: true,
expected: getBaseRequirements,
}, },
{ {
name: "only deliver sha256", name: "only deliver sha256",
directoryProvider: false, directoryProvider: false,
enableSha256: true, enableSha256: true,
enableSha512: false, enableSha512: false,
expected: getBaseRequirements,
}, },
{ {
name: "only deliver sha512", name: "only deliver sha512",
directoryProvider: false, directoryProvider: false,
enableSha256: false, enableSha256: false,
enableSha512: true, enableSha512: true,
expected: getBaseRequirements,
}, },
{ {
name: "only deliver sha256 and sha512, directory provider", name: "only deliver sha256 and sha512, directory provider",
directoryProvider: true, directoryProvider: true,
enableSha256: true, enableSha256: true,
enableSha512: true, enableSha512: true,
expected: getBaseRequirements,
}, },
{ {
name: "only deliver sha256, directory provider", name: "only deliver sha256, directory provider",
directoryProvider: true, directoryProvider: true,
enableSha256: true, enableSha256: true,
enableSha512: false, enableSha512: false,
expected: getBaseRequirements,
}, },
{ {
name: "only deliver sha512, directory provider", name: "only deliver sha512, directory provider",
directoryProvider: true, directoryProvider: true,
enableSha256: false, enableSha256: false,
enableSha512: true, enableSha512: true,
expected: getBaseRequirements,
}, },
} }
@ -92,11 +187,18 @@ func TestShaMarking(t *testing.T) {
} }
p.client = client p.client = client
// TODO check result of processor report, err := p.run([]string{serverURL + "/provider-metadata.json"})
_, err = p.run([]string{serverURL + "/provider-metadata.json"})
if err != nil { if err != nil {
t.Errorf("SHA marking %v: Expected no error, got: %v", test.name, err) t.Errorf("SHA marking %v: Expected no error, got: %v", test.name, err)
} }
expected := test.expected(serverURL)
for i, got := range report.Domains[0].Requirements {
want := expected[i]
if !reflect.DeepEqual(*got, want) {
t.Errorf("SHA marking %v: Expected %v, got %v", test.name, want, *got)
}
}
p.close() p.close()
}) })
} }

2
testdata/simple-rolie-provider/service.json vendored
View file

@ -6,7 +6,7 @@
"collection": [ "collection": [
{ {
"title": "CSAF feed (TLP:WHITE)", "title": "CSAF feed (TLP:WHITE)",
"href": "/white/white-feed.json", "href": "{{.URL}}/white/white-feed.json",
"categories": { "categories": {
"category": [ "category": [
{ {

14
testdata/simple-rolie-provider/white/white-feed.json vendored
View file

@ -5,11 +5,11 @@
"link": [ "link": [
{ {
"rel": "self", "rel": "self",
"href": "/white/csaf-feed-tlp-white.json" "href": "{{.URL}}/white/csaf-feed-tlp-white.json"
}, },
{ {
"rel": "service", "rel": "service",
"href": "/service.json" "href": "{{.URL}}/service.json"
} }
], ],
"category": [ "category": [
@ -26,30 +26,30 @@
"link": [ "link": [
{ {
"rel": "self", "rel": "self",
"href": "/white/avendor-advisory-0004.json" "href": "{{.URL}}/white/avendor-advisory-0004.json"
}, },
{{if .EnableSha256}} {{if .EnableSha256}}
{ {
"rel": "hash", "rel": "hash",
"href": "/white/avendor-advisory-0004.json.sha256" "href": "{{.URL}}/white/avendor-advisory-0004.json.sha256"
}, },
{{end}} {{end}}
{{if .EnableSha512}} {{if .EnableSha512}}
{ {
"rel": "hash", "rel": "hash",
"href": "/white/avendor-advisory-0004.json.sha512" "href": "{{.URL}}/white/avendor-advisory-0004.json.sha512"
}, },
{{end}} {{end}}
{ {
"rel": "signature", "rel": "signature",
"href": "/white/avendor-advisory-0004.json.asc" "href": "{{.URL}}/white/avendor-advisory-0004.json.asc"
} }
], ],
"published": "2020-01-01T00:00:00Z", "published": "2020-01-01T00:00:00Z",
"updated": "2020-01-01T00:00:00Z", "updated": "2020-01-01T00:00:00Z",
"content": { "content": {
"type": "application/json", "type": "application/json",
"src": "/avendor-advisory-0004.json" "src": "{{.URL}}/avendor-advisory-0004.json"
}, },
"format": { "format": {
"schema": "https://docs.oasis-open.org/csaf/csaf/v2.0/csaf_json_schema.json", "schema": "https://docs.oasis-open.org/csaf/csaf/v2.0/csaf_json_schema.json",