SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 18:15:42 +01:00
Code Issues Releases Activity Actions

Merge pull request #234 from csaf-poc/quick-ckeck

Browse source 
Quick ckeck
This commit is contained in:
Fadi Abbud 2022-07-19 10:07:08 +02:00 committed by GitHub
commit 798e11ad18
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 47 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

1
cmd/csaf_checker/main.go
View file

@ -34,6 +34,7 @@ type options struct {
Version bool `long:"version" description:"Display version of the binary"` Version bool `long:"version" description:"Display version of the binary"`
Verbose bool `long:"verbose" short:"v" description:"Verbose output"` Verbose bool `long:"verbose" short:"v" description:"Verbose output"`
Rate *float64 `long:"rate" short:"r" description:"The average upper limit of https operations per second"` Rate *float64 `long:"rate" short:"r" description:"The average upper limit of https operations per second"`
Years *uint `long:"years" short:"y" description:"Number of years to look back from now" value-name:"YEARS"`
} }
func errCheck(err error) { func errCheck(err error) {

43
cmd/csaf_checker/processor.go
View file

@ -42,6 +42,7 @@ type topicMessages []Message
type processor struct { type processor struct {
opts *options opts *options
client util.Client client util.Client
ageAccept func(time.Time) bool
redirects map[string][]string redirects map[string][]string
noneTLS map[string]struct{} noneTLS map[string]struct{}
@ -159,6 +160,17 @@ func newProcessor(opts *options) *processor {
opts: opts, opts: opts,
alreadyChecked: map[string]whereType{}, alreadyChecked: map[string]whereType{},
expr: util.NewPathEval(), expr: util.NewPathEval(),
ageAccept: ageAccept(opts),
}
}
func ageAccept(opts *options) func(time.Time) bool {
if opts.Years == nil {
return nil
}
good := time.Now().AddDate(-int(*opts.Years), 0, 0)
return func(t time.Time) bool {
return !t.Before(good)
} }
} }
@ -377,6 +389,22 @@ func (p *processor) integrity(
continue continue
} }
p.checkTLS(u) p.checkTLS(u)
var folderYear *int
if m := yearFromURL.FindStringSubmatch(u); m != nil {
year, _ := strconv.Atoi(m[1])
// Check if we are in checking time interval.
if p.ageAccept != nil && !p.ageAccept(
time.Date(
year, 12, 31, // Assume last day og year.
23, 59, 59, 0, // 23:59:59
time.UTC)) {
continue
}
folderYear = &year
}
res, err := client.Get(u) res, err := client.Get(u)
if err != nil { if err != nil {
lg(ErrorType, "Fetching %s failed: %v.", u, err) lg(ErrorType, "Fetching %s failed: %v.", u, err)
@ -425,9 +453,9 @@ func (p *processor) integrity(
} else if d, err := time.Parse(time.RFC3339, text); err != nil { } else if d, err := time.Parse(time.RFC3339, text); err != nil {
p.badFolders.error( p.badFolders.error(
"Parsing 'initial_release_date' as RFC3339 failed in %s: %v", u, err) "Parsing 'initial_release_date' as RFC3339 failed in %s: %v", u, err)
} else if m := yearFromURL.FindStringSubmatch(u); m == nil { } else if folderYear == nil {
p.badFolders.error("No year folder found in %s", u) p.badFolders.error("No year folder found in %s", u)
} else if year, _ := strconv.Atoi(m[1]); d.UTC().Year() != year { } else if d.UTC().Year() != *folderYear {
p.badFolders.error("%s should be in folder %d", u, d.UTC().Year()) p.badFolders.error("%s should be in folder %d", u, d.UTC().Year())
} }
@ -589,6 +617,13 @@ func (p *processor) processROLIEFeed(feed string) error {
rfeed.Entries(func(entry *csaf.Entry) { rfeed.Entries(func(entry *csaf.Entry) {
// Filter if we have date checking.
if p.ageAccept != nil {
if pub := time.Time(entry.Published); !pub.IsZero() && !p.ageAccept(pub) {
return
}
}
var url, sha256, sha512, sign string var url, sha256, sha512, sign string
for i := range entry.Link { for i := range entry.Link {
@ -760,6 +795,10 @@ func (p *processor) checkChanges(base string, mask whereType) error {
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
// Apply date range filtering.
if p.ageAccept != nil && !p.ageAccept(t) {
continue
}
times, files = times, files =
append(times, t), append(times, t),
append(files, csaf.PlainAdvisoryFile(r[pathColumn])) append(files, csaf.PlainAdvisoryFile(r[pathColumn]))

6
docs/csaf_checker.md
View file

@ -3,7 +3,7 @@
### Usage ### Usage
``` ```
csaf_checker [OPTIONS] csaf_checker [OPTIONS]
Application Options: Application Options:
-o, --output=REPORT-FILE File name of the generated report -o, --output=REPORT-FILE File name of the generated report
@ -13,8 +13,8 @@ Application Options:
--client-key=KEY-FILE TLS client private key file (PEM encoded data) --client-key=KEY-FILE TLS client private key file (PEM encoded data)
--version Display version of the binary --version Display version of the binary
-v, --verbose Verbose output -v, --verbose Verbose output
-r, --rate= The average upper limit of https operations -r, --rate= The average upper limit of https operations per second
per second -y, --years=YEARS Number of years to look back from now
Help Options: Help Options:
-h, --help Show this help message -h, --help Show this help message