SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 18:15:42 +01:00
Code Issues Releases Activity Actions

Improve https get diagnostics, add verbose option

Browse source 
* Implement a logging client and activate it using verbose parameter or option
   in checker and aggregator.

Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
This commit is contained in:
Bernhard E. Reiter 2022-06-02 15:07:55 +02:00 committed by GitHub
parent e4011ea4cc
commit a849ac0d5f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 70 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

18
cmd/csaf_aggregator/config.go
View file

@ -43,6 +43,7 @@ type provider struct {
} }
type config struct { type config struct {
Verbose bool `toml:"verbose"`
// Workers is the number of concurrently executed workers for downloading. // Workers is the number of concurrently executed workers for downloading.
Workers int `toml:"workers"` Workers int `toml:"workers"`
Folder string `toml:"folder"` Folder string `toml:"folder"`
@ -108,16 +109,25 @@ func (c *config) cryptoKey() (*crypto.Key, error) {
func (c *config) httpClient(p *provider) util.Client { func (c *config) httpClient(p *provider) util.Client {
client := http.Client{} hClient := http.Client{}
if p.Insecure != nil && *p.Insecure || c.Insecure != nil && *c.Insecure { if p.Insecure != nil && *p.Insecure || c.Insecure != nil && *c.Insecure {
client.Transport = &http.Transport{ hClient.Transport = &http.Transport{
TLSClientConfig: &tls.Config{ TLSClientConfig: &tls.Config{
InsecureSkipVerify: true, InsecureSkipVerify: true,
}, },
} }
} }
var client util.Client
if c.Verbose {
client = &util.LoggingClient{Client: &hClient}
} else {
client = &hClient
}
if p.Rate == nil && c.Rate == nil { if p.Rate == nil && c.Rate == nil {
return &client return client
} }
var r float64 var r float64
@ -128,7 +138,7 @@ func (c *config) httpClient(p *provider) util.Client {
r = *p.Rate r = *p.Rate
} }
return &util.LimitingClient{ return &util.LimitingClient{
Client: &client, Client: client,
Limiter: rate.NewLimiter(rate.Limit(r), 1), Limiter: rate.NewLimiter(rate.Limit(r), 1),
} }
} }

1
cmd/csaf_checker/main.go
View file

@ -32,6 +32,7 @@ type options struct {
ClientCert *string `long:"client-cert" description:"TLS client certificate file (PEM encoded data)" value-name:"CERT-FILE"` ClientCert *string `long:"client-cert" description:"TLS client certificate file (PEM encoded data)" value-name:"CERT-FILE"`
ClientKey *string `long:"client-key" description:"TLS client private key file (PEM encoded data)" value-name:"KEY-FILE"` ClientKey *string `long:"client-key" description:"TLS client private key file (PEM encoded data)" value-name:"KEY-FILE"`
Version bool `long:"version" description:"Display version of the binary"` Version bool `long:"version" description:"Display version of the binary"`
Verbose bool `long:"verbose" short:"v" description:"Verbose output"`
Rate *float64 `long:"rate" short:"r" description:"The average upper limit of https operations per second"` Rate *float64 `long:"rate" short:"r" description:"The average upper limit of https operations per second"`
} }

20
cmd/csaf_checker/processor.go
View file

@ -270,9 +270,9 @@ func (p *processor) httpClient() util.Client {
return p.client return p.client
} }
client := http.Client{} hClient := http.Client{}
client.CheckRedirect = p.checkRedirect hClient.CheckRedirect = p.checkRedirect
var tlsConfig tls.Config var tlsConfig tls.Config
if p.opts.Insecure { if p.opts.Insecure {
@ -287,17 +287,25 @@ func (p *processor) httpClient() util.Client {
tlsConfig.Certificates = []tls.Certificate{cert} tlsConfig.Certificates = []tls.Certificate{cert}
} }
client.Transport = &http.Transport{ hClient.Transport = &http.Transport{
TLSClientConfig: &tlsConfig, TLSClientConfig: &tlsConfig,
} }
var client util.Client
if p.opts.Verbose {
client = &util.LoggingClient{Client: &hClient}
} else {
client = &hClient
}
if p.opts.Rate == nil { if p.opts.Rate == nil {
p.client = &client p.client = client
return &client return client
} }
p.client = &util.LimitingClient{ p.client = &util.LimitingClient{
Client: &client, Client: client,
Limiter: rate.NewLimiter(rate.Limit(*p.opts.Rate), 1), Limiter: rate.NewLimiter(rate.Limit(*p.opts.Rate), 1),
} }

3
csaf/util.go
View file

@ -136,7 +136,6 @@ func LoadProviderMetadataForDomain(
// First try well-know path // First try well-know path
wellknownURL := "https://" + domain + "/.well-known/csaf/provider-metadata.json" wellknownURL := "https://" + domain + "/.well-known/csaf/provider-metadata.json"
log.Printf("Trying: %s\n", wellknownURL)
wellknownResult := LoadProviderMetadataFromURL(client, wellknownURL) wellknownResult := LoadProviderMetadataFromURL(client, wellknownURL)
if wellknownResult == nil { if wellknownResult == nil {
@ -153,7 +152,6 @@ func LoadProviderMetadataForDomain(
// Next load the PMDs from security.txt // Next load the PMDs from security.txt
secURL := "https://" + domain + "/.well-known/security.txt" secURL := "https://" + domain + "/.well-known/security.txt"
log.Printf("Trying: %s\n", secURL)
secResults := LoadProviderMetadatasFromSecurity(client, secURL) secResults := LoadProviderMetadatasFromSecurity(client, secURL)
if secResults == nil { if secResults == nil {
@ -212,7 +210,6 @@ func LoadProviderMetadataForDomain(
// Last resort fall back to DNS. // Last resort fall back to DNS.
dnsURL := "https://csaf.data.security." + domain dnsURL := "https://csaf.data.security." + domain
log.Printf("Trying: %s\n", dnsURL)
dnsResult := LoadProviderMetadataFromURL(client, dnsURL) dnsResult := LoadProviderMetadataFromURL(client, dnsURL)
if dnsResult == nil { if dnsResult == nil {

1
docs/csaf_aggregator.md
View file

@ -66,6 +66,7 @@ openpgp_url // URL where the OpenPGP public key part can be found
passphrase // passphrase of the OpenPGP key passphrase // passphrase of the OpenPGP key
lock_file // path to lockfile, to stop other instances if one is not done lock_file // path to lockfile, to stop other instances if one is not done
interim_years // limiting the years for which interim documents are searched interim_years // limiting the years for which interim documents are searched
verbose // print more diagnostic output, e.g. https request
allow_single_provider // debugging option allow_single_provider // debugging option
``` ```

5
docs/csaf_checker.md
View file

@ -12,10 +12,13 @@ Application Options:
--client-cert=CERT-FILE TLS client certificate file (PEM encoded data) --client-cert=CERT-FILE TLS client certificate file (PEM encoded data)
--client-key=KEY-FILE TLS client private key file (PEM encoded data) --client-key=KEY-FILE TLS client private key file (PEM encoded data)
--version Display version of the binary --version Display version of the binary
-v, --verbose Verbose output
-r, --rate= The average upper limit of https operations
per second
Help Options: Help Options:
-h, --help Show this help message -h, --help Show this help message
``` ```
Usage example: Usage example:
` ./csaf_checker example.com -f html -o check-results.html` ` ./csaf_checker example.com -f html --rate=5.3 -o check-results.html`

36
util/client.go
View file

@ -11,6 +11,7 @@ package util
import ( import (
"context" "context"
"io" "io"
"log"
"net/http" "net/http"
"net/url" "net/url"
@ -26,12 +27,47 @@ type Client interface {
PostForm(url string, data url.Values) (*http.Response, error) PostForm(url string, data url.Values) (*http.Response, error)
} }
// LoggingClient is a client that logs called URLs.
type LoggingClient struct {
Client
}
// LimitingClient is a Client implementing rate throttling. // LimitingClient is a Client implementing rate throttling.
type LimitingClient struct { type LimitingClient struct {
Client Client
Limiter *rate.Limiter Limiter *rate.Limiter
} }
// Do implements the respective method of the Client interface.
func (lc *LoggingClient) Do(req *http.Request) (*http.Response, error) {
log.Printf("[DO]: %s\n", req.URL.String())
return lc.Do(req)
}
// Get implements the respective method of the Client interface.
func (lc *LoggingClient) Get(url string) (*http.Response, error) {
log.Printf("[GET]: %s\n", url)
return lc.Client.Get(url)
}
// Head implements the respective method of the Client interface.
func (lc *LoggingClient) Head(url string) (*http.Response, error) {
log.Printf("[HEAD]: %s\n", url)
return lc.Head(url)
}
// Post implements the respective method of the Client interface.
func (lc *LoggingClient) Post(url, contentType string, body io.Reader) (*http.Response, error) {
log.Printf("[POST]: %s\n", url)
return lc.Post(url, contentType, body)
}
// PostForm implements the respective method of the Client interface.
func (lc *LoggingClient) PostForm(url string, data url.Values) (*http.Response, error) {
log.Printf("[POST FORM]: %s\n", url)
return lc.PostForm(url, data)
}
// Do implements the respective method of the Client interface. // Do implements the respective method of the Client interface.
func (lc *LimitingClient) Do(req *http.Request) (*http.Response, error) { func (lc *LimitingClient) Do(req *http.Request) (*http.Response, error) {
lc.Limiter.Wait(context.Background()) lc.Limiter.Wait(context.Background())