SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Ignore advisories in checker.

Browse source
This commit is contained in:
Sascha L. Teichmann 2023-08-01 21:38:55 +02:00
parent 5a4e5607cb
commit 98bf2990ae
3 changed files with 54 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

24
cmd/csaf_checker/config.go
View file

@ -15,6 +15,7 @@ import (
"net/http" "net/http"
"time" "time"
"github.com/csaf-poc/csaf_distribution/v2/internal/filter"
"github.com/csaf-poc/csaf_distribution/v2/internal/models" "github.com/csaf-poc/csaf_distribution/v2/internal/models"
"github.com/csaf-poc/csaf_distribution/v2/internal/options" "github.com/csaf-poc/csaf_distribution/v2/internal/options"
) )
@ -38,6 +39,7 @@ type config struct {
Rate *float64 `long:"rate" short:"r" description:"The average upper limit of https operations per second (defaults to unlimited)" toml:"rate"` Rate *float64 `long:"rate" short:"r" description:"The average upper limit of https operations per second (defaults to unlimited)" toml:"rate"`
Years *uint `long:"years" short:"y" description:"Number of years to look back from now" value-name:"YEARS" toml:"years"` Years *uint `long:"years" short:"y" description:"Number of years to look back from now" value-name:"YEARS" toml:"years"`
Range *models.TimeRange `long:"timerange" short:"t" description:"RANGE of time from which advisories to download" value-name:"RANGE" toml:"timerange"` Range *models.TimeRange `long:"timerange" short:"t" description:"RANGE of time from which advisories to download" value-name:"RANGE" toml:"timerange"`
IgnorePattern []string `long:"ignorepattern" short:"i" description:"Dont download files if there URLs match any of the given PATTERNs" value-name:"PATTERN" toml:"ignorepattern"`
ExtraHeader http.Header `long:"header" short:"H" description:"One or more extra HTTP header fields" toml:"header"` ExtraHeader http.Header `long:"header" short:"H" description:"One or more extra HTTP header fields" toml:"header"`
RemoteValidator string `long:"validator" description:"URL to validate documents remotely" value-name:"URL" toml:"validator"` RemoteValidator string `long:"validator" description:"URL to validate documents remotely" value-name:"URL" toml:"validator"`
@ -48,6 +50,7 @@ type config struct {
clientCerts []tls.Certificate clientCerts []tls.Certificate
ageAccept func(time.Time) bool ageAccept func(time.Time) bool
ignorePattern filter.PatternMatcher
} }
// configPaths are the potential file locations of the config file. // configPaths are the potential file locations of the config file.
@ -104,8 +107,19 @@ func (cfg *config) protectedAccess() bool {
return len(cfg.clientCerts) > 0 || len(cfg.ExtraHeader) > 0 return len(cfg.clientCerts) > 0 || len(cfg.ExtraHeader) > 0
} }
// ignoreFile returns true if the given URL should not be downloaded.
func (cfg *config) ignoreURL(u string) bool {
return cfg.ignorePattern.Matches(u)
}
// prepare prepares internal state of a loaded configuration. // prepare prepares internal state of a loaded configuration.
func (cfg *config) prepare() error { func (cfg *config) prepare() error {
// Pre-compile the regexes used to check if we need to ignore advisories.
if err := cfg.compileIgnorePatterns(); err != nil {
return err
}
// Load client certs. // Load client certs.
if err := cfg.prepareCertificates(); err != nil { if err := cfg.prepareCertificates(); err != nil {
return err return err
@ -114,6 +128,16 @@ func (cfg *config) prepare() error {
return cfg.prepareTimeRangeFilter() return cfg.prepareTimeRangeFilter()
} }
// compileIgnorePatterns compiles the configure patterns to be ignored.
func (cfg *config) compileIgnorePatterns() error {
pm, err := filter.NewPatternMatcher(cfg.IgnorePattern)
if err != nil {
return err
}
cfg.ignorePattern = pm
return nil
}
// prepareCertificates loads the client side certificates used by the HTTP client. // prepareCertificates loads the client side certificates used by the HTTP client.
func (cfg *config) prepareCertificates() error { func (cfg *config) prepareCertificates() error {

9
cmd/csaf_checker/processor.go
View file

@ -642,6 +642,15 @@ func (p *processor) integrity(
fp = makeAbs(fp) fp = makeAbs(fp)
u := b.ResolveReference(fp).String() u := b.ResolveReference(fp).String()
// Should this URL be ignored?
if p.cfg.ignoreURL(u) {
if p.cfg.Verbose {
log.Printf("Ignoring %q\n", u)
}
continue
}
if p.markChecked(u, mask) { if p.markChecked(u, mask) {
continue continue
} }

9
docs/csaf_checker.md
View file

@ -17,6 +17,7 @@ Application Options:
-r, --rate= The average upper limit of https operations per second (defaults to unlimited) -r, --rate= The average upper limit of https operations per second (defaults to unlimited)
-y, --years=YEARS Number of years to look back from now -y, --years=YEARS Number of years to look back from now
-t, --timerange=RANGE RANGE of time from which advisories to download -t, --timerange=RANGE RANGE of time from which advisories to download
-i, --ignorepattern=PATTERN Dont download files if there URLs match any of the given PATTERNs
-H, --header= One or more extra HTTP header fields -H, --header= One or more extra HTTP header fields
--validator=URL URL to validate documents remotely --validator=URL URL to validate documents remotely
--validatorcache=FILE FILE to cache remote validations --validatorcache=FILE FILE to cache remote validations
@ -98,6 +99,14 @@ It is only allowed to specify one off them.
All interval boundaries are inclusive. All interval boundaries are inclusive.
You can ignore certain advisories while checking by specifying a list
of regular expressions to match their URLs by using the `ignorepattern` option.
E.g. `-i='.*white.*' -i='*.red.*'` will ignore files which URLs contain the sub strings **white** or **red**.
In the config file this has to be noted as:
```
ignorepattern = [".*white.*", ".*red.*"]
```
### Remarks ### Remarks
The `role` given in the `provider-metadata.json` is not The `role` given in the `provider-metadata.json` is not