SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 18:15:42 +01:00
Code Issues Releases Activity Actions

Implemented redirection check

Browse source
This commit is contained in:
Sascha L. Teichmann 2021-12-13 00:59:42 +01:00
parent 3b4163a299
commit b3b2004417
2 changed files with 88 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

84
cmd/csaf_checker/checks.go
View file

@ -8,13 +8,18 @@
package main package main
type processor struct { import (
opts *options "crypto/tls"
domain string "errors"
} "fmt"
"net/http"
"sort"
"strings"
)
func newProcessor(opts *options) *processor { type processor struct {
return &processor{opts: opts} opts *options
redirects map[string]string
} }
type check interface { type check interface {
@ -22,6 +27,19 @@ type check interface {
report(*processor, *Domain) report(*processor, *Domain)
} }
func newProcessor(opts *options) *processor {
return &processor{
opts: opts,
redirects: map[string]string{},
}
}
func (p *processor) clean() {
for k := range p.redirects {
delete(p.redirects, k)
}
}
func (p *processor) run(checks []check, domains []string) (*Report, error) { func (p *processor) run(checks []check, domains []string) (*Report, error) {
var report Report var report Report
@ -37,14 +55,49 @@ func (p *processor) run(checks []check, domains []string) (*Report, error) {
ch.report(p, domain) ch.report(p, domain)
} }
report.Domains = append(report.Domains, domain) report.Domains = append(report.Domains, domain)
p.clean()
} }
return &report, nil return &report, nil
} }
func (p *processor) checkRedirect(r *http.Request, via []*http.Request) error {
var path strings.Builder
for i, v := range via {
if i > 0 {
path.WriteString(", ")
}
path.WriteString(v.URL.String())
}
p.redirects[r.URL.String()] = path.String()
if len(via) > 10 {
return errors.New("Too many redirections")
}
return nil
}
func (p *processor) httpClient() *http.Client {
client := http.Client{
CheckRedirect: p.checkRedirect,
}
if p.opts.Insecure {
client.Transport = &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
}
}
return &client
}
type baseCheck struct { type baseCheck struct {
num int num int
description string description string
messages []string
} }
type tlsCheck struct { type tlsCheck struct {
@ -100,7 +153,11 @@ type publicPGPKeyCheck struct {
} }
func (bc *baseCheck) report(_ *processor, domain *Domain) { func (bc *baseCheck) report(_ *processor, domain *Domain) {
req := &Requirement{Num: bc.num, Description: bc.description} req := &Requirement{
Num: bc.num,
Description: bc.description,
Messages: bc.messages,
}
domain.Requirements = append(domain.Requirements, req) domain.Requirements = append(domain.Requirements, req)
} }
@ -115,13 +172,22 @@ func (tc *tlsCheck) report(p *processor, domain *Domain) {
} }
func (rc *redirectsCheck) run(*processor, string) error { func (rc *redirectsCheck) run(*processor, string) error {
// TODO: Implement me!
return nil return nil
} }
func (rc *redirectsCheck) report(p *processor, domain *Domain) { func (rc *redirectsCheck) report(p *processor, domain *Domain) {
keys := make([]string, len(p.redirects))
var i int
for k := range p.redirects {
keys[i] = k
i++
}
sort.Strings(keys)
for i, k := range keys {
keys[i] = fmt.Sprintf("Redirect %s: %s", k, p.redirects[k])
}
rc.baseCheck.messages = keys
rc.baseCheck.report(p, domain) rc.baseCheck.report(p, domain)
// TODO: Implement me!
} }
func (pmdc *providerMetadataCheck) run(*processor, string) error { func (pmdc *providerMetadataCheck) run(*processor, string) error {

26
cmd/csaf_checker/main.go
View file

@ -100,19 +100,19 @@ func writeReport(report *Report, opts *options) error {
func buildChecks() []check { func buildChecks() []check {
return []check{ return []check{
&tlsCheck{baseCheck{3, "TLS"}}, &tlsCheck{baseCheck{num: 3, description: "TLS"}},
&redirectsCheck{baseCheck{6, "Redirects"}}, &redirectsCheck{baseCheck{num: 6, description: "Redirects"}},
&providerMetadataCheck{baseCheck{7, "provider-metadata.json"}}, &providerMetadataCheck{baseCheck{num: 7, description: "provider-metadata.json"}},
&securityCheck{baseCheck{8, "security.txt"}}, &securityCheck{baseCheck{num: 8, description: "security.txt"}},
&wellknownMetadataCheck{baseCheck{9, "/.well-known/csaf/provider-metadata.json"}}, &wellknownMetadataCheck{baseCheck{num: 9, description: "/.well-known/csaf/provider-metadata.json"}},
&dnsPathCheck{baseCheck{10, "DNS path"}}, &dnsPathCheck{baseCheck{num: 10, description: "DNS path"}},
&oneFolderPerYearCheck{baseCheck{11, "One folder per year"}}, &oneFolderPerYearCheck{baseCheck{num: 11, description: "One folder per year"}},
&indexCheck{baseCheck{12, "index.txt"}}, &indexCheck{baseCheck{num: 12, description: "index.txt"}},
&changesCheck{baseCheck{13, "changes.csv"}}, &changesCheck{baseCheck{num: 13, description: "changes.csv"}},
&directoryListingsCheck{baseCheck{14, "Directory listings"}}, &directoryListingsCheck{baseCheck{num: 14, description: "Directory listings"}},
&integrityCheck{baseCheck{18, "Integrity"}}, &integrityCheck{baseCheck{num: 18, description: "Integrity"}},
&signaturesCheck{baseCheck{19, "Signatures"}}, &signaturesCheck{baseCheck{num: 19, description: "Signatures"}},
&publicPGPKeyCheck{baseCheck{20, "Public PGP Key"}}, &publicPGPKeyCheck{baseCheck{num: 20, description: "Public PGP Key"}},
} }
} }