SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Moved direct loading of pmd from downloader to library. (#233)

Browse source 
* Moved direct loading of pmd from downloader to library,
  so aggregator and checker gain the ability.
* Disabled some checks if we were given a direct PMD URL.
This commit is contained in:
Sascha L. Teichmann 2022-07-18 17:59:38 +02:00 committed by GitHub
parent 9cba4eec30
commit 8b57851486
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 61 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

33
cmd/csaf_checker/processor.go
View file

@ -215,20 +215,43 @@ func (p *processor) run(reporters []reporter, domains []string) (*Report, error)
return &report, nil return &report, nil
} }
func (p *processor) checkDomain(domain string) error { // domainChecks compiles a list of checks which should be performed
// for a given domain.
func (p *processor) domainChecks(domain string) []func(*processor, string) error {
// TODO: Implement me! // If we have a direct domain url we dont need to
for _, check := range []func(*processor, string) error{ // perform certain checks.
direct := strings.HasPrefix(domain, "https://")
checks := []func(*processor, string) error{
(*processor).checkProviderMetadata, (*processor).checkProviderMetadata,
(*processor).checkPGPKeys, (*processor).checkPGPKeys,
(*processor).checkSecurity, }
if !direct {
checks = append(checks, (*processor).checkSecurity)
}
checks = append(checks,
(*processor).checkCSAFs, (*processor).checkCSAFs,
(*processor).checkMissing, (*processor).checkMissing,
(*processor).checkInvalid, (*processor).checkInvalid,
(*processor).checkListing, (*processor).checkListing,
)
if !direct {
checks = append(checks,
(*processor).checkWellknownMetadataReporter, (*processor).checkWellknownMetadataReporter,
(*processor).checkDNSPathReporter, (*processor).checkDNSPathReporter,
} { )
}
return checks
}
func (p *processor) checkDomain(domain string) error {
for _, check := range p.domainChecks(domain) {
if err := check(p, domain); err != nil && err != errContinue { if err := check(p, domain); err != nil && err != errContinue {
if err == errStop { if err == errStop {
return nil return nil

46
cmd/csaf_downloader/downloader.go
View file

@ -85,57 +85,13 @@ func (d *downloader) httpClient() util.Client {
return d.client return d.client
} }
func (d *downloader) loadProviderMetadataDirectly(path string) *csaf.LoadedProviderMetadata {
client := d.httpClient()
resp, err := client.Get(path)
if err != nil {
log.Printf("Error fetching '%s': %v\n", path, err)
return nil
}
if resp.StatusCode != http.StatusOK {
log.Printf(
"Error fetching '%s': %s (%d)\n", path, resp.Status, resp.StatusCode)
return nil
}
defer resp.Body.Close()
var doc interface{}
if err := json.NewDecoder(resp.Body).Decode(&doc); err != nil {
log.Printf("Decoding '%s' as JSON failed: %v\n", path, err)
return nil
}
errors, err := csaf.ValidateProviderMetadata(doc)
if err != nil {
log.Printf("Schema validation of '%s' failed: %v\n", path, err)
return nil
}
if len(errors) > 0 {
log.Printf(
"Schema validation of '%s' leads to %d issues.\n", path, len(errors))
return nil
}
return &csaf.LoadedProviderMetadata{
Document: doc,
URL: path,
}
}
func (d *downloader) download(domain string) error { func (d *downloader) download(domain string) error {
var lpmd *csaf.LoadedProviderMetadata lpmd := csaf.LoadProviderMetadataForDomain(
if strings.HasPrefix(domain, "https://") {
lpmd = d.loadProviderMetadataDirectly(domain)
} else {
lpmd = csaf.LoadProviderMetadataForDomain(
d.httpClient(), domain, func(format string, args ...interface{}) { d.httpClient(), domain, func(format string, args ...interface{}) {
log.Printf( log.Printf(
"Looking for provider-metadata.json of '"+domain+"': "+format+"\n", args...) "Looking for provider-metadata.json of '"+domain+"': "+format+"\n", args...)
}) })
}
if lpmd == nil { if lpmd == nil {
return fmt.Errorf("no provider-metadata.json found for '%s'", domain) return fmt.Errorf("no provider-metadata.json found for '%s'", domain)

36
csaf/util.go
View file

@ -117,8 +117,10 @@ func LoadProviderMetadatasFromSecurity(client util.Client, path string) []*Loade
} }
// LoadProviderMetadataForDomain loads a provider metadata for a given domain. // LoadProviderMetadataForDomain loads a provider metadata for a given domain.
// Returns nil if no provider metadata was found. // Returns nil if no provider metadata (PMD) was found.
// The logging can be use to track the errors happening while loading. // If the domain starts with `https://` it only attemps to load
// the data from that URL.
// The logging can be used to track the errors happening while loading.
func LoadProviderMetadataForDomain( func LoadProviderMetadataForDomain(
client util.Client, client util.Client,
domain string, domain string,
@ -131,22 +133,33 @@ func LoadProviderMetadataForDomain(
} }
} }
lg := func(result *LoadedProviderMetadata, url string) {
if result == nil {
logging("%s not found.", url)
} else {
for _, msg := range result.Messages {
logging(msg)
}
}
}
// check direct path
if strings.HasPrefix(domain, "https://") {
result := LoadProviderMetadataFromURL(client, domain)
lg(result, domain)
return result
}
// Valid provider metadata under well-known. // Valid provider metadata under well-known.
var wellknownGood *LoadedProviderMetadata var wellknownGood *LoadedProviderMetadata
// First try well-know path // First try well-know path
wellknownURL := "https://" + domain + "/.well-known/csaf/provider-metadata.json" wellknownURL := "https://" + domain + "/.well-known/csaf/provider-metadata.json"
wellknownResult := LoadProviderMetadataFromURL(client, wellknownURL) wellknownResult := LoadProviderMetadataFromURL(client, wellknownURL)
lg(wellknownResult, wellknownURL)
if wellknownResult == nil {
logging("%s not found.", wellknownURL)
} else if len(wellknownResult.Messages) > 0 {
// There are issues
for _, msg := range wellknownResult.Messages {
logging(msg)
}
} else {
// We have a candidate. // We have a candidate.
if wellknownResult != nil {
wellknownGood = wellknownResult wellknownGood = wellknownResult
} }
@ -207,8 +220,7 @@ func LoadProviderMetadataForDomain(
return wellknownGood return wellknownGood
} }
// Last resort fall back to DNS. // Last resort: fall back to DNS.
dnsURL := "https://csaf.data.security." + domain dnsURL := "https://csaf.data.security." + domain
dnsResult := LoadProviderMetadataFromURL(client, dnsURL) dnsResult := LoadProviderMetadataFromURL(client, dnsURL)

2
docs/examples/aggregator.toml
View file

@ -28,7 +28,7 @@ insecure = true
[[providers]] [[providers]]
name = "local-dev-provider2" name = "local-dev-provider2"
domain = "localhost" domain = "https://localhost:8443/.well-known/csaf/provider-metadata.json"
# rate = 1.2 # rate = 1.2
# insecure = true # insecure = true
write_indices = true write_indices = true