Add time range to checker.

2025-12-22 11:55:40 +01:00 · 2023-07-26 13:34:15 +02:00 · 2023-07-26 13:34:15 +02:00 · 5e5074fbf1
commit 5e5074fbf1
parent 125028773f
3 changed files with 85 additions and 28 deletions
--- a/cmd/csaf_checker/config.go
+++ b/cmd/csaf_checker/config.go
@ -13,7 +13,9 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
+	"time"

+	"github.com/csaf-poc/csaf_distribution/v2/internal/models"
 	"github.com/csaf-poc/csaf_distribution/v2/internal/options"
 )

@ -27,15 +29,16 @@ const (
 type config struct {
 	Output string `short:"o" long:"output" description:"File name of the generated report" value-name:"REPORT-FILE" toml:"output"`
 	//lint:ignore SA5008 We are using choice twice: json, html.
-	Format      outputFormat `short:"f" long:"format" choice:"json" choice:"html" description:"Format of report" toml:"format"`
-	Insecure    bool         `long:"insecure" description:"Do not check TLS certificates from provider" toml:"insecure"`
-	ClientCert  *string      `long:"client-cert" description:"TLS client certificate file (PEM encoded data)" value-name:"CERT-FILE" toml:"client_cert"`
-	ClientKey   *string      `long:"client-key" description:"TLS client private key file (PEM encoded data)" value-name:"KEY-FILE" toml:"client_key"`
-	Version     bool         `long:"version" description:"Display version of the binary" toml:"-"`
-	Verbose     bool         `long:"verbose" short:"v" description:"Verbose output" toml:"verbose"`
-	Rate        *float64     `long:"rate" short:"r" description:"The average upper limit of https operations per second (defaults to unlimited)" toml:"rate"`
-	Years       *uint        `long:"years" short:"y" description:"Number of years to look back from now" value-name:"YEARS" toml:"years"`
-	ExtraHeader http.Header  `long:"header" short:"H" description:"One or more extra HTTP header fields" toml:"header"`
+	Format      outputFormat      `short:"f" long:"format" choice:"json" choice:"html" description:"Format of report" toml:"format"`
+	Insecure    bool              `long:"insecure" description:"Do not check TLS certificates from provider" toml:"insecure"`
+	ClientCert  *string           `long:"client-cert" description:"TLS client certificate file (PEM encoded data)" value-name:"CERT-FILE" toml:"client_cert"`
+	ClientKey   *string           `long:"client-key" description:"TLS client private key file (PEM encoded data)" value-name:"KEY-FILE" toml:"client_key"`
+	Version     bool              `long:"version" description:"Display version of the binary" toml:"-"`
+	Verbose     bool              `long:"verbose" short:"v" description:"Verbose output" toml:"verbose"`
+	Rate        *float64          `long:"rate" short:"r" description:"The average upper limit of https operations per second (defaults to unlimited)" toml:"rate"`
+	Years       *uint             `long:"years" short:"y" description:"Number of years to look back from now" value-name:"YEARS" toml:"years"`
+	Range       *models.TimeRange `long:"timerange" short:"t" description:"RANGE of time from which advisories to download" value-name:"RANGE" toml:"timerange"`
+	ExtraHeader http.Header       `long:"header" short:"H" description:"One or more extra HTTP header fields" toml:"header"`

 	RemoteValidator        string   `long:"validator" description:"URL to validate documents remotely" value-name:"URL" toml:"validator"`
 	RemoteValidatorCache   string   `long:"validatorcache" description:"FILE to cache remote validations" value-name:"FILE" toml:"validator_cache"`
@ -44,6 +47,7 @@ type config struct {
 	Config string `short:"c" long:"config" description:"Path to config TOML file" value-name:"TOML-FILE" toml:"-"`

 	clientCerts []tls.Certificate
+	ageAccept   func(time.Time) bool
 }

 // configPaths are the potential file locations of the config file.
@ -102,6 +106,16 @@ func (cfg *config) protectedAccess() bool {
 // prepare prepares internal state of a loaded configuration.
 func (cfg *config) prepare() error {
 	// Load client certs.
+	if err := cfg.prepareCertificates(); err != nil {
+		return err
+	}
+
+	return cfg.prepareTimeRangeFilter()
+}
+
+// prepareCertificates loads the client side certificates used by the HTTP client.
+func (cfg *config) prepareCertificates() error {
+
 	switch hasCert, hasKey := cfg.ClientCert != nil, cfg.ClientKey != nil; {

 	case hasCert && !hasKey || !hasCert && hasKey:
@ -116,3 +130,27 @@ func (cfg *config) prepare() error {
 	}
 	return nil
 }
+
+// acceptYears returns a filter that accepts advisories from the last years.
+func acceptYears(years uint) func(time.Time) bool {
+	good := time.Now().AddDate(-int(years), 0, 0)
+	return func(t time.Time) bool {
+		return !t.Before(good)
+	}
+}
+
+// prepareTimeRangeFilter sets up the filter in which time range
+// advisory should be considered for checking.
+func (cfg *config) prepareTimeRangeFilter() error {
+	switch {
+	case cfg.Years != nil && cfg.Range != nil:
+		return errors.New(`"timerange" and "years" are both configured: only one allowed`)
+
+	case cfg.Years != nil:
+		cfg.ageAccept = acceptYears(*cfg.Years)
+
+	case cfg.Range != nil:
+		cfg.ageAccept = cfg.Range.Contains
+	}
+	return nil
+}