mirror of
https://github.com/gocsaf/csaf.git
synced 2025-12-22 18:15:42 +01:00
Do not report success on checks which were not performed.
Second part of the Fix of issue #24.
This commit is contained in:
Sascha L. Teichmann
parent
09de416a4a
commit
9adab13948
2 changed files with 73 additions and 11 deletions
|
|
@ -107,8 +107,6 @@ func (wt whereType) String() string {
|
|||
func newProcessor(opts *options) *processor {
|
||||
return &processor{
|
||||
opts: opts,
|
||||
redirects: map[string]string{},
|
||||
noneTLS: map[string]struct{}{},
|
||||
alreadyChecked: map[string]whereType{},
|
||||
builder: gval.Full(jsonpath.Language()),
|
||||
exprs: map[string]gval.Evaluable{},
|
||||
|
|
@ -116,12 +114,8 @@ func newProcessor(opts *options) *processor {
|
|||
}
|
||||
|
||||
func (p *processor) clean() {
|
||||
for k := range p.redirects {
|
||||
delete(p.redirects, k)
|
||||
}
|
||||
for k := range p.noneTLS {
|
||||
delete(p.noneTLS, k)
|
||||
}
|
||||
p.redirects = nil
|
||||
p.noneTLS = nil
|
||||
for k := range p.alreadyChecked {
|
||||
delete(p.alreadyChecked, k)
|
||||
}
|
||||
|
|
@ -137,16 +131,14 @@ func (p *processor) clean() {
|
|||
p.badIndices = nil
|
||||
p.badChanges = nil
|
||||
}
|
||||
|
||||
func (p *processor) run(reporters []reporter, domains []string) (*Report, error) {
|
||||
|
||||
var report Report
|
||||
|
||||
domainsLoop:
|
||||
for _, d := range domains {
|
||||
if err := p.checkDomain(d); err != nil {
|
||||
if err == errContinue || err == errStop {
|
||||
continue domainsLoop
|
||||
continue
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -198,6 +190,9 @@ func (p *processor) jsonPath(expr string, doc interface{}) (interface{}, error)
|
|||
}
|
||||
|
||||
func (p *processor) checkTLS(u string) {
|
||||
if p.noneTLS == nil {
|
||||
p.noneTLS = map[string]struct{}{}
|
||||
}
|
||||
if x, err := url.Parse(u); err == nil && x.Scheme != "https" {
|
||||
p.noneTLS[u] = struct{}{}
|
||||
}
|
||||
|
|
@ -220,6 +215,9 @@ func (p *processor) checkRedirect(r *http.Request, via []*http.Request) error {
|
|||
}
|
||||
url := r.URL.String()
|
||||
p.checkTLS(url)
|
||||
if p.redirects == nil {
|
||||
p.redirects = map[string]string{}
|
||||
}
|
||||
p.redirects[url] = path.String()
|
||||
|
||||
if len(via) > 10 {
|
||||
|
|
@ -249,6 +247,16 @@ func (p *processor) httpClient() *http.Client {
|
|||
return p.client
|
||||
}
|
||||
|
||||
func use(s *[]string) {
|
||||
if *s == nil {
|
||||
*s = []string{}
|
||||
}
|
||||
}
|
||||
|
||||
func used(s []string) bool {
|
||||
return s != nil
|
||||
}
|
||||
|
||||
func (p *processor) badIntegrity(format string, args ...interface{}) {
|
||||
p.badIntegrities = append(p.badIntegrities, fmt.Sprintf(format, args...))
|
||||
}
|
||||
|
|
@ -345,6 +353,8 @@ func (p *processor) integrity(
|
|||
}
|
||||
|
||||
// Check if file is in the right folder.
|
||||
use(&p.badFolders)
|
||||
|
||||
if date, err := p.jsonPath(
|
||||
`$.document.tracking.initial_release_date`, doc); err != nil {
|
||||
p.badFolder(
|
||||
|
|
@ -361,6 +371,8 @@ func (p *processor) integrity(
|
|||
}
|
||||
|
||||
// Check hashes
|
||||
use(&p.badIntegrities)
|
||||
|
||||
for _, x := range []struct {
|
||||
ext string
|
||||
hash []byte
|
||||
|
|
@ -401,6 +413,8 @@ func (p *processor) integrity(
|
|||
sigFile := u + ".asc"
|
||||
p.checkTLS(sigFile)
|
||||
|
||||
use(&p.badSignatures)
|
||||
|
||||
if res, err = client.Get(sigFile); err != nil {
|
||||
p.badSignature("Fetching %s failed: %v.", sigFile, err)
|
||||
continue
|
||||
|
|
@ -498,6 +512,9 @@ func (p *processor) checkIndex(base string, mask whereType) error {
|
|||
client := p.httpClient()
|
||||
index := base + "/index.txt"
|
||||
p.checkTLS(index)
|
||||
|
||||
use(&p.badIndices)
|
||||
|
||||
res, err := client.Get(index)
|
||||
if err != nil {
|
||||
p.badIndex("Fetching %s failed: %v", index, err)
|
||||
|
|
@ -534,6 +551,9 @@ func (p *processor) checkChanges(base string, mask whereType) error {
|
|||
changes := base + "/changes.csv"
|
||||
p.checkTLS(changes)
|
||||
res, err := client.Get(changes)
|
||||
|
||||
use(&p.badChanges)
|
||||
|
||||
if err != nil {
|
||||
p.badChange("Fetching %s failed: %v", changes, err)
|
||||
return errContinue
|
||||
|
|
@ -687,6 +707,8 @@ func (p *processor) checkProviderMetadata(domain string) error {
|
|||
|
||||
url := "https://" + domain + "/.well-known/csaf/provider-metadata.json"
|
||||
|
||||
use(&p.badProviderMetadatas)
|
||||
|
||||
res, err := client.Get(url)
|
||||
if err != nil {
|
||||
p.badProviderMetadata("Fetching %s: %v.", url, err)
|
||||
|
|
@ -730,6 +752,8 @@ func (p *processor) checkSecurity(domain string) error {
|
|||
|
||||
client := p.httpClient()
|
||||
|
||||
use(&p.badSecurities)
|
||||
|
||||
path := "https://" + domain + "/.well-known/security.txt"
|
||||
res, err := client.Get(path)
|
||||
if err != nil {
|
||||
|
|
@ -804,6 +828,8 @@ func (p *processor) checkSecurity(domain string) error {
|
|||
|
||||
func (p *processor) checkPGPKeys(domain string) error {
|
||||
|
||||
use(&p.badPGPs)
|
||||
|
||||
src, err := p.jsonPath("$.pgp_keys", p.pmd)
|
||||
if err != nil {
|
||||
p.badPGP("No PGP keys found: %v.", err)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue