SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 18:15:42 +01:00
Code Issues Releases Activity Actions

Add check for should-be-access-protected advisories for not-authorized client.

Browse source
This commit is contained in:
JanHoefelmeyer 2023-06-23 11:03:22 +02:00
parent 55f6a48db1
commit a02d9c36a7
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
cmd/csaf_checker/processor.go
View file

@ -715,6 +715,11 @@ func (p *processor) integrity(
"Extracting 'tlp level' from %s failed: %v", u, err) "Extracting 'tlp level' from %s failed: %v", u, err)
} else { } else {
tlpe := extractTLP(tlpa) tlpe := extractTLP(tlpa)
// If the client has no authorization it shouldn't be able to access TLP:AMBER or TLP:RED advisories
if !p.opts.protectedAccess() && (tlpe == "AMBER" || tlpe == "RED") {
p.badAmberRedPermissions.use()
p.badAmberRedPermissions.error("Advisory %s of TLP level %v is not access protected.", u, tlpe)
}
// check if current feed has correct or all of their tlp levels entries. // check if current feed has correct or all of their tlp levels entries.
if p.labelChecker != nil { if p.labelChecker != nil {
p.labelChecker.check(p, tlpe, u) p.labelChecker.check(p, tlpe, u)