mirror of
https://github.com/gocsaf/csaf.git
synced 2025-12-22 11:55:40 +01:00
Add new requirement sections 1 and 2 to report
This commit is contained in:
Sascha L. Teichmann
parent
cbd9dead37
commit
8425644886
4 changed files with 49 additions and 5 deletions
|
|
@ -144,6 +144,8 @@ func writeReport(report *Report, opts *options) error {
|
||||||
// It returns an array of the reporter interface type.
|
// It returns an array of the reporter interface type.
|
||||||
func buildReporters() []reporter {
|
func buildReporters() []reporter {
|
||||||
return []reporter{
|
return []reporter{
|
||||||
|
&validReporter{baseReporter{num: 1, description: "Valid CSAF documents"}},
|
||||||
|
&filenameReporter{baseReporter{num: 2, description: "Filename"}},
|
||||||
&tlsReporter{baseReporter{num: 3, description: "TLS"}},
|
&tlsReporter{baseReporter{num: 3, description: "TLS"}},
|
||||||
&redirectsReporter{baseReporter{num: 6, description: "Redirects"}},
|
&redirectsReporter{baseReporter{num: 6, description: "Redirects"}},
|
||||||
&providerMetadataReport{baseReporter{num: 7, description: "provider-metadata.json"}},
|
&providerMetadataReport{baseReporter{num: 7, description: "provider-metadata.json"}},
|
||||||
|
|
|
||||||
|
|
@ -53,6 +53,8 @@ type processor struct {
|
||||||
pmd any
|
pmd any
|
||||||
keys []*crypto.KeyRing
|
keys []*crypto.KeyRing
|
||||||
|
|
||||||
|
invalidAdvisories topicMessages
|
||||||
|
badFilenames topicMessages
|
||||||
badIntegrities topicMessages
|
badIntegrities topicMessages
|
||||||
badPGPs topicMessages
|
badPGPs topicMessages
|
||||||
badSignatures topicMessages
|
badSignatures topicMessages
|
||||||
|
|
@ -203,6 +205,8 @@ func (p *processor) clean() {
|
||||||
p.pmd = nil
|
p.pmd = nil
|
||||||
p.keys = nil
|
p.keys = nil
|
||||||
|
|
||||||
|
p.invalidAdvisories.reset()
|
||||||
|
p.badFilenames.reset()
|
||||||
p.badIntegrities.reset()
|
p.badIntegrities.reset()
|
||||||
p.badPGPs.reset()
|
p.badPGPs.reset()
|
||||||
p.badSignatures.reset()
|
p.badSignatures.reset()
|
||||||
|
|
@ -441,6 +445,12 @@ func (p *processor) integrity(
|
||||||
}
|
}
|
||||||
p.checkTLS(u)
|
p.checkTLS(u)
|
||||||
|
|
||||||
|
// Check if the filename is confirming.
|
||||||
|
p.badFilenames.use()
|
||||||
|
if !util.ConfirmingFileName(filepath.Base(u)) {
|
||||||
|
p.badFilenames.error("%s has not a confirming filename.", u)
|
||||||
|
}
|
||||||
|
|
||||||
var folderYear *int
|
var folderYear *int
|
||||||
|
|
||||||
if m := yearFromURL.FindStringSubmatch(u); m != nil {
|
if m := yearFromURL.FindStringSubmatch(u); m != nil {
|
||||||
|
|
@ -490,22 +500,24 @@ func (p *processor) integrity(
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
p.invalidAdvisories.use()
|
||||||
|
|
||||||
// Validate against JSON schema.
|
// Validate against JSON schema.
|
||||||
errors, err := csaf.ValidateCSAF(doc)
|
errors, err := csaf.ValidateCSAF(doc)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
lg(ErrorType, "Failed to validate %s: %v", u, err)
|
p.invalidAdvisories.error("Failed to validate %s: %v", u, err)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
if len(errors) > 0 {
|
if len(errors) > 0 {
|
||||||
lg(ErrorType, "CSAF file %s has %d validation errors.", u, len(errors))
|
p.invalidAdvisories.error("CSAF file %s has %d validation errors.", u, len(errors))
|
||||||
}
|
}
|
||||||
|
|
||||||
// Validate against remote validator.
|
// Validate against remote validator.
|
||||||
if p.validator != nil {
|
if p.validator != nil {
|
||||||
if ok, err := p.validator.Validate(doc); err != nil {
|
if ok, err := p.validator.Validate(doc); err != nil {
|
||||||
lg(ErrorType, "Calling remote validator on %s failed: %v", u, err)
|
p.invalidAdvisories.error("Calling remote validator on %s failed: %v", u, err)
|
||||||
} else if !ok {
|
} else if !ok {
|
||||||
lg(ErrorType, "Remote validation of %s failed.", u)
|
p.invalidAdvisories.error("Remote validation of %s failed.", u)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -73,6 +73,11 @@ func (r *Requirement) HasErrors() bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Append appends messages to requirement.
|
||||||
|
func (r *Requirement) Append(msgs []Message) {
|
||||||
|
r.Messages = append(r.Messages, msgs...)
|
||||||
|
}
|
||||||
|
|
||||||
// HasErrors tells if this domain has errors.
|
// HasErrors tells if this domain has errors.
|
||||||
func (d *Domain) HasErrors() bool {
|
func (d *Domain) HasErrors() bool {
|
||||||
for _, r := range d.Requirements {
|
for _, r := range d.Requirements {
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,8 @@ type (
|
||||||
num int
|
num int
|
||||||
description string
|
description string
|
||||||
}
|
}
|
||||||
|
validReporter struct{ baseReporter }
|
||||||
|
filenameReporter struct{ baseReporter }
|
||||||
tlsReporter struct{ baseReporter }
|
tlsReporter struct{ baseReporter }
|
||||||
redirectsReporter struct{ baseReporter }
|
redirectsReporter struct{ baseReporter }
|
||||||
providerMetadataReport struct{ baseReporter }
|
providerMetadataReport struct{ baseReporter }
|
||||||
|
|
@ -43,6 +45,29 @@ func (bc *baseReporter) requirement(domain *Domain) *Requirement {
|
||||||
return req
|
return req
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// report reports if there where any invalid filenames,
|
||||||
|
func (r *validReporter) report(p *processor, domain *Domain) {
|
||||||
|
req := r.requirement(domain)
|
||||||
|
if p.validator == nil {
|
||||||
|
req.message(InfoType, "No remote validator configured")
|
||||||
|
}
|
||||||
|
if !p.invalidAdvisories.used() {
|
||||||
|
req.message(InfoType, "No validations performed")
|
||||||
|
} else {
|
||||||
|
req.Append(p.invalidAdvisories)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// report reposrts if there where any bad filename.
|
||||||
|
func (r *filenameReporter) report(p *processor, domain *Domain) {
|
||||||
|
req := r.requirement(domain)
|
||||||
|
if !p.badFilenames.used() {
|
||||||
|
req.message(InfoType, "No filenames checked for conformance")
|
||||||
|
} else {
|
||||||
|
req.Append(p.badFilenames)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// report tests if the URLs are HTTPS and sets the "message" field value
|
// report tests if the URLs are HTTPS and sets the "message" field value
|
||||||
// of the "Requirement" struct as a result of that.
|
// of the "Requirement" struct as a result of that.
|
||||||
// A list of non HTTPS URLs is included in the value of the "message" field.
|
// A list of non HTTPS URLs is included in the value of the "message" field.
|
||||||
|
|
@ -142,7 +167,7 @@ func (r *securityReporter) report(p *processor, domain *Domain) {
|
||||||
req.Messages = p.badSecurity
|
req.Messages = p.badSecurity
|
||||||
}
|
}
|
||||||
|
|
||||||
//report tests the availability of the "provider-metadata.json" under /.well-known/csaf/ directoy.
|
// report tests the availability of the "provider-metadata.json" under /.well-known/csaf/ directoy.
|
||||||
func (r *wellknownMetadataReporter) report(p *processor, domain *Domain) {
|
func (r *wellknownMetadataReporter) report(p *processor, domain *Domain) {
|
||||||
req := r.requirement(domain)
|
req := r.requirement(domain)
|
||||||
if !p.badWellknownMetadata.used() {
|
if !p.badWellknownMetadata.used() {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue