diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6b74934..739f45c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,7 +7,7 @@ on: jobs: releases-matrix: name: Release Go binaries - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 steps: - name: Checkout uses: actions/checkout@v3 diff --git a/Makefile b/Makefile index 80ce57c..4fe3d97 100644 --- a/Makefile +++ b/Makefile @@ -59,7 +59,7 @@ testsemver: # Set -ldflags parameter to pass the semversion. -LDFLAGS = -ldflags "-X github.com/csaf-poc/csaf_distribution/v2/util.SemVersion=$(SEMVER)" +LDFLAGS = -ldflags "-X github.com/csaf-poc/csaf_distribution/v3/util.SemVersion=$(SEMVER)" # Build binaries and place them under bin-$(GOOS)-$(GOARCH) # Using 'Target-specific Variable Values' to specify the build target system diff --git a/README.md b/README.md index a03cd3a..1dd0233 100644 --- a/README.md +++ b/README.md @@ -2,27 +2,31 @@ An implementation of a [CSAF 2.0](https://docs.oasis-open.org/csaf/csaf/v2.0/csd02/csaf-v2.0-csd02.html) trusted provider, checker, aggregator and downloader. Includes an uploader command line tool for the trusted provider. -## [csaf_provider](docs/csaf_provider.md) +## Tools for users +### [csaf_downloader](docs/csaf_downloader.md) +is a tool for downloading advisories from a provider. +Can be used for automated forwarding of CSAF documents. + +### [csaf_validator](docs/csaf_validator.md) +is a tool to validate local advisories files against the JSON Schema and an optional remote validator. + +## Tools for advisory providers + +### [csaf_provider](docs/csaf_provider.md) is an implementation of the role CSAF Trusted Provider, also offering a simple HTTPS based management service. -## [csaf_uploader](docs/csaf_uploader.md) -is a command line tool that uploads CSAF documents to the `csaf_provider`. +### [csaf_uploader](docs/csaf_uploader.md) +is a command line tool to upload CSAF documents to the `csaf_provider`. -## [csaf_aggregator](docs/csaf_aggregator.md) -is an implementation of the role CSAF Aggregator. +### [csaf_checker](docs/csaf_checker.md) +is a tool for testing a CSAF Trusted Provider according to [Section 7 of the CSAF standard](https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html#7-distributing-csaf-documents). -## [csaf_checker](docs/csaf_checker.md) -is a tool for testing a CSAF Trusted Provider according to [Section 7 of the CSAF standard](https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html#7-distributing-csaf-documents). Does check requirements without considering the indicated `role` yet. - -## [csaf_downloader](docs/csaf_downloader.md) -is a tool for downloading advisories from a provider. - -## [csaf_validator](docs/csaf_validator.md) -is a tool to validate local advisories files against the JSON Schema and an optional remote validator. +### [csaf_aggregator](docs/csaf_aggregator.md) +is a CSAF Aggregator, to list or mirror providers. ## Setup -Note that binaries for the server side are only available and tested +Binaries for the server side are only available and tested for GNU/Linux-Systems, e.g. Ubuntu LTS. They are likely to run on similar systems when build from sources. @@ -69,7 +73,7 @@ will update the machine generated code. ## License -- csaf_distribution is licensed as Free Software under MIT License. +- `csaf_distribution` is licensed as Free Software under MIT License. - See the specific source files for details, the license itself can be found in the directory `LICENSES/`. diff --git a/cmd/csaf_aggregator/client.go b/cmd/csaf_aggregator/client.go index 2da57c5..deb108a 100644 --- a/cmd/csaf_aggregator/client.go +++ b/cmd/csaf_aggregator/client.go @@ -13,7 +13,7 @@ import ( "io" "net/http" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/util" ) var errNotFound = errors.New("not found") diff --git a/cmd/csaf_aggregator/config.go b/cmd/csaf_aggregator/config.go index 8962a05..34cfb81 100644 --- a/cmd/csaf_aggregator/config.go +++ b/cmd/csaf_aggregator/config.go @@ -19,12 +19,12 @@ import ( "time" "github.com/ProtonMail/gopenpgp/v2/crypto" - "github.com/csaf-poc/csaf_distribution/v2/csaf" - "github.com/csaf-poc/csaf_distribution/v2/internal/certs" - "github.com/csaf-poc/csaf_distribution/v2/internal/filter" - "github.com/csaf-poc/csaf_distribution/v2/internal/models" - "github.com/csaf-poc/csaf_distribution/v2/internal/options" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/csaf" + "github.com/csaf-poc/csaf_distribution/v3/internal/certs" + "github.com/csaf-poc/csaf_distribution/v3/internal/filter" + "github.com/csaf-poc/csaf_distribution/v3/internal/models" + "github.com/csaf-poc/csaf_distribution/v3/internal/options" + "github.com/csaf-poc/csaf_distribution/v3/util" "golang.org/x/time/rate" ) diff --git a/cmd/csaf_aggregator/full.go b/cmd/csaf_aggregator/full.go index 68baf0f..600c650 100644 --- a/cmd/csaf_aggregator/full.go +++ b/cmd/csaf_aggregator/full.go @@ -18,8 +18,8 @@ import ( "sync" "time" - "github.com/csaf-poc/csaf_distribution/v2/csaf" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/csaf" + "github.com/csaf-poc/csaf_distribution/v3/util" ) type fullJob struct { diff --git a/cmd/csaf_aggregator/indices.go b/cmd/csaf_aggregator/indices.go index f59d21b..69954bd 100644 --- a/cmd/csaf_aggregator/indices.go +++ b/cmd/csaf_aggregator/indices.go @@ -20,8 +20,8 @@ import ( "strings" "time" - "github.com/csaf-poc/csaf_distribution/v2/csaf" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/csaf" + "github.com/csaf-poc/csaf_distribution/v3/util" ) const ( diff --git a/cmd/csaf_aggregator/interim.go b/cmd/csaf_aggregator/interim.go index affbb9a..bdd5ebc 100644 --- a/cmd/csaf_aggregator/interim.go +++ b/cmd/csaf_aggregator/interim.go @@ -25,8 +25,8 @@ import ( "sync" "time" - "github.com/csaf-poc/csaf_distribution/v2/csaf" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/csaf" + "github.com/csaf-poc/csaf_distribution/v3/util" ) type interimJob struct { diff --git a/cmd/csaf_aggregator/lazytransaction.go b/cmd/csaf_aggregator/lazytransaction.go index 05ff663..a2b1e94 100644 --- a/cmd/csaf_aggregator/lazytransaction.go +++ b/cmd/csaf_aggregator/lazytransaction.go @@ -13,7 +13,7 @@ import ( "os" "path/filepath" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/util" ) type lazyTransaction struct { diff --git a/cmd/csaf_aggregator/lister.go b/cmd/csaf_aggregator/lister.go index ba64905..a3bfd29 100644 --- a/cmd/csaf_aggregator/lister.go +++ b/cmd/csaf_aggregator/lister.go @@ -11,8 +11,8 @@ package main import ( "fmt" - "github.com/csaf-poc/csaf_distribution/v2/csaf" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/csaf" + "github.com/csaf-poc/csaf_distribution/v3/util" ) // mirrorAllowed checks if mirroring is allowed. diff --git a/cmd/csaf_aggregator/main.go b/cmd/csaf_aggregator/main.go index aca2a8a..74a9670 100644 --- a/cmd/csaf_aggregator/main.go +++ b/cmd/csaf_aggregator/main.go @@ -14,7 +14,7 @@ import ( "os" "path/filepath" - "github.com/csaf-poc/csaf_distribution/v2/internal/options" + "github.com/csaf-poc/csaf_distribution/v3/internal/options" "github.com/gofrs/flock" ) diff --git a/cmd/csaf_aggregator/mirror.go b/cmd/csaf_aggregator/mirror.go index 13b0d1b..3acb48e 100644 --- a/cmd/csaf_aggregator/mirror.go +++ b/cmd/csaf_aggregator/mirror.go @@ -30,8 +30,8 @@ import ( "github.com/ProtonMail/gopenpgp/v2/constants" "github.com/ProtonMail/gopenpgp/v2/crypto" - "github.com/csaf-poc/csaf_distribution/v2/csaf" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/csaf" + "github.com/csaf-poc/csaf_distribution/v3/util" ) // mirrorAllowed checks if mirroring is allowed. diff --git a/cmd/csaf_aggregator/processor.go b/cmd/csaf_aggregator/processor.go index e3da35b..ccd5062 100644 --- a/cmd/csaf_aggregator/processor.go +++ b/cmd/csaf_aggregator/processor.go @@ -15,8 +15,9 @@ import ( "path/filepath" "github.com/ProtonMail/gopenpgp/v2/crypto" - "github.com/csaf-poc/csaf_distribution/v2/csaf" - "github.com/csaf-poc/csaf_distribution/v2/util" + + "github.com/csaf-poc/csaf_distribution/v3/csaf" + "github.com/csaf-poc/csaf_distribution/v3/util" ) type processor struct { diff --git a/cmd/csaf_checker/config.go b/cmd/csaf_checker/config.go index e62a9f5..4e86a0c 100644 --- a/cmd/csaf_checker/config.go +++ b/cmd/csaf_checker/config.go @@ -13,10 +13,10 @@ import ( "fmt" "net/http" - "github.com/csaf-poc/csaf_distribution/v2/internal/certs" - "github.com/csaf-poc/csaf_distribution/v2/internal/filter" - "github.com/csaf-poc/csaf_distribution/v2/internal/models" - "github.com/csaf-poc/csaf_distribution/v2/internal/options" + "github.com/csaf-poc/csaf_distribution/v3/internal/certs" + "github.com/csaf-poc/csaf_distribution/v3/internal/filter" + "github.com/csaf-poc/csaf_distribution/v3/internal/models" + "github.com/csaf-poc/csaf_distribution/v3/internal/options" ) type outputFormat string diff --git a/cmd/csaf_checker/links.go b/cmd/csaf_checker/links.go index 3f51829..5784489 100644 --- a/cmd/csaf_checker/links.go +++ b/cmd/csaf_checker/links.go @@ -14,7 +14,8 @@ import ( "net/url" "github.com/PuerkitoBio/goquery" - "github.com/csaf-poc/csaf_distribution/v2/util" + + "github.com/csaf-poc/csaf_distribution/v3/util" ) type ( diff --git a/cmd/csaf_checker/links_test.go b/cmd/csaf_checker/links_test.go index 96e7e62..3229511 100644 --- a/cmd/csaf_checker/links_test.go +++ b/cmd/csaf_checker/links_test.go @@ -1,3 +1,11 @@ +// This file is Free Software under the MIT License +// without warranty, see README.md and LICENSES/MIT.txt for details. +// +// SPDX-License-Identifier: MIT +// +// SPDX-FileCopyrightText: 2022 German Federal Office for Information Security (BSI) +// Software-Engineering: 2022 Intevation GmbH + package main import ( diff --git a/cmd/csaf_checker/main.go b/cmd/csaf_checker/main.go index b360e6c..73a5cce 100644 --- a/cmd/csaf_checker/main.go +++ b/cmd/csaf_checker/main.go @@ -12,7 +12,7 @@ package main import ( "log" - "github.com/csaf-poc/csaf_distribution/v2/internal/options" + "github.com/csaf-poc/csaf_distribution/v3/internal/options" ) // run uses a processor to check all the given domains or direct urls diff --git a/cmd/csaf_checker/processor.go b/cmd/csaf_checker/processor.go index eef6f3d..8eb6404 100644 --- a/cmd/csaf_checker/processor.go +++ b/cmd/csaf_checker/processor.go @@ -32,8 +32,9 @@ import ( "github.com/ProtonMail/gopenpgp/v2/crypto" "golang.org/x/time/rate" - "github.com/csaf-poc/csaf_distribution/v2/csaf" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/csaf" + "github.com/csaf-poc/csaf_distribution/v3/internal/models" + "github.com/csaf-poc/csaf_distribution/v3/util" ) // topicMessages stores the collected topicMessages for a specific topic. @@ -666,12 +667,9 @@ func (p *processor) integrity( var folderYear *int if m := yearFromURL.FindStringSubmatch(u); m != nil { year, _ := strconv.Atoi(m[1]) - // Check if we are in checking time interval. - if accept := p.cfg.Range; accept != nil && !accept.Contains( - time.Date( - year, 12, 31, // Assume last day of year. - 23, 59, 59, 0, // 23:59:59 - time.UTC)) { + // Check if the year is in the accepted time interval. + if accept := p.cfg.Range; accept != nil && + !accept.Intersects(models.Year(year)) { continue } folderYear = &year @@ -1115,6 +1113,8 @@ func (p *processor) checkMissing(string) error { for _, f := range files { v := p.alreadyChecked[f] var where []string + // mistake contains which requirements are broken + var mistake whereType for mask := rolieMask; mask <= listingMask; mask <<= 1 { if maxMask&mask == mask { var in string @@ -1122,11 +1122,26 @@ func (p *processor) checkMissing(string) error { in = "in" } else { in = "not in" + // Which file is missing entries? + mistake |= mask } where = append(where, in+" "+mask.String()) } } - p.badIntegrities.error("%s %s", f, strings.Join(where, ", ")) + // List error in all appropriate categories + if mistake&(rolieMask|indexMask|changesMask|listingMask) == 0 { + continue + } + joined := strings.Join(where, ", ") + report := func(mask whereType, msgs *topicMessages) { + if mistake&mask != 0 { + msgs.error("%s %s", f, joined) + } + } + report(rolieMask, &p.badROLIEFeed) + report(indexMask, &p.badIndices) + report(changesMask, &p.badChanges) + report(listingMask, &p.badDirListings) } return nil } diff --git a/cmd/csaf_checker/report.go b/cmd/csaf_checker/report.go index d8c46fc..2b53bb2 100644 --- a/cmd/csaf_checker/report.go +++ b/cmd/csaf_checker/report.go @@ -18,8 +18,8 @@ import ( "os" "time" - "github.com/csaf-poc/csaf_distribution/v2/csaf" - "github.com/csaf-poc/csaf_distribution/v2/internal/models" + "github.com/csaf-poc/csaf_distribution/v3/csaf" + "github.com/csaf-poc/csaf_distribution/v3/internal/models" ) // MessageType is the kind of the message. diff --git a/cmd/csaf_checker/reporters.go b/cmd/csaf_checker/reporters.go index d1640f0..51731e1 100644 --- a/cmd/csaf_checker/reporters.go +++ b/cmd/csaf_checker/reporters.go @@ -13,7 +13,7 @@ import ( "sort" "strings" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/util" ) type ( diff --git a/cmd/csaf_checker/roliecheck.go b/cmd/csaf_checker/roliecheck.go index 6f6a961..94b1c2f 100644 --- a/cmd/csaf_checker/roliecheck.go +++ b/cmd/csaf_checker/roliecheck.go @@ -15,8 +15,8 @@ import ( "sort" "strings" - "github.com/csaf-poc/csaf_distribution/v2/csaf" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/csaf" + "github.com/csaf-poc/csaf_distribution/v3/util" ) // identifier consist of document/tracking/id and document/publisher/namespace, diff --git a/cmd/csaf_checker/rules.go b/cmd/csaf_checker/rules.go index 02d4c99..6981b6b 100644 --- a/cmd/csaf_checker/rules.go +++ b/cmd/csaf_checker/rules.go @@ -12,7 +12,7 @@ import ( "fmt" "sort" - "github.com/csaf-poc/csaf_distribution/v2/csaf" + "github.com/csaf-poc/csaf_distribution/v3/csaf" ) type ruleCondition int diff --git a/cmd/csaf_downloader/config.go b/cmd/csaf_downloader/config.go index 8c304b8..17c8545 100644 --- a/cmd/csaf_downloader/config.go +++ b/cmd/csaf_downloader/config.go @@ -12,16 +12,17 @@ import ( "crypto/tls" "fmt" "io" + "log" "log/slog" "net/http" "os" "path/filepath" "time" - "github.com/csaf-poc/csaf_distribution/v2/internal/certs" - "github.com/csaf-poc/csaf_distribution/v2/internal/filter" - "github.com/csaf-poc/csaf_distribution/v2/internal/models" - "github.com/csaf-poc/csaf_distribution/v2/internal/options" + "github.com/csaf-poc/csaf_distribution/v3/internal/certs" + "github.com/csaf-poc/csaf_distribution/v3/internal/filter" + "github.com/csaf-poc/csaf_distribution/v3/internal/models" + "github.com/csaf-poc/csaf_distribution/v3/internal/options" ) const ( @@ -30,7 +31,7 @@ const ( defaultForwardQueue = 5 defaultValidationMode = validationStrict defaultLogFile = "downloader.log" - defaultLogLevel = logLevelInfo + defaultLogLevel = slog.LevelInfo ) type validationMode string @@ -40,15 +41,6 @@ const ( validationUnsafe = validationMode("unsafe") ) -type logLevel string - -const ( - logLevelDebug = logLevel("debug") - logLevelInfo = logLevel("info") - logLevelWarn = logLevel("warn") - logLevelError = logLevel("error") -) - type config struct { Directory string `short:"d" long:"directory" description:"DIRectory to store the downloaded files in" value-name:"DIR" toml:"directory"` Insecure bool `long:"insecure" description:"Do not check TLS certificates from provider" toml:"insecure"` @@ -57,7 +49,6 @@ type config struct { ClientKey *string `long:"client-key" description:"TLS client private key file (PEM encoded data)" value-name:"KEY-FILE" toml:"client_key"` ClientPassphrase *string `long:"client-passphrase" description:"Optional passphrase for the client cert (limited, experimental, see doc)" value-name:"PASSPHRASE" toml:"client_passphrase"` Version bool `long:"version" description:"Display version of the binary" toml:"-"` - Verbose bool `long:"verbose" short:"v" description:"Verbose output" toml:"verbose"` NoStore bool `long:"nostore" short:"n" description:"Do not store files" toml:"no_store"` Rate *float64 `long:"rate" short:"r" description:"The average upper limit of https operations per second (defaults to unlimited)" toml:"rate"` Worker int `long:"worker" short:"w" description:"NUMber of concurrent downloads" value-name:"NUM" toml:"worker"` @@ -78,9 +69,9 @@ type config struct { ForwardQueue int `long:"forwardqueue" description:"Maximal queue LENGTH before forwarder" value-name:"LENGTH" toml:"forward_queue"` ForwardInsecure bool `long:"forwardinsecure" description:"Do not check TLS certificates from forward endpoint" toml:"forward_insecure"` - LogFile string `long:"logfile" description:"FILE to log downloading to" value-name:"FILE" toml:"log_file"` + LogFile *string `long:"logfile" description:"FILE to log downloading to" value-name:"FILE" toml:"log_file"` //lint:ignore SA5008 We are using choice or than once: debug, info, warn, error - LogLevel logLevel `long:"loglevel" description:"LEVEL of logging details" value-name:"LEVEL" choice:"debug" choice:"info" choice:"warn" choice:"error" toml:"log_level"` + LogLevel *options.LogLevel `long:"loglevel" description:"LEVEL of logging details" value-name:"LEVEL" choice:"debug" choice:"info" choice:"warn" choice:"error" toml:"log_level"` Config string `short:"c" long:"config" description:"Path to config TOML file" value-name:"TOML-FILE" toml:"-"` @@ -97,6 +88,10 @@ var configPaths = []string{ // parseArgsConfig parses the command line and if need a config file. func parseArgsConfig() ([]string, *config, error) { + var ( + logFile = defaultLogFile + logLevel = &options.LogLevel{Level: defaultLogLevel} + ) p := options.Parser[config]{ DefaultConfigLocations: configPaths, ConfigLocation: func(cfg *config) string { return cfg.Config }, @@ -107,8 +102,8 @@ func parseArgsConfig() ([]string, *config, error) { cfg.RemoteValidatorPresets = []string{defaultPreset} cfg.ValidationMode = defaultValidationMode cfg.ForwardQueue = defaultForwardQueue - cfg.LogFile = defaultLogFile - cfg.LogLevel = defaultLogLevel + cfg.LogFile = &logFile + cfg.LogLevel = logLevel }, // Re-establish default values if not set. EnsureDefaults: func(cfg *config) { @@ -123,30 +118,35 @@ func parseArgsConfig() ([]string, *config, error) { default: cfg.ValidationMode = validationStrict } + if cfg.LogFile == nil { + cfg.LogFile = &logFile + } + if cfg.LogLevel == nil { + cfg.LogLevel = logLevel + } }, } return p.Parse() } -// UnmarshalText implements [encoding/text.TextUnmarshaler]. +// UnmarshalText implements [encoding.TextUnmarshaler]. func (vm *validationMode) UnmarshalText(text []byte) error { switch m := validationMode(text); m { case validationStrict, validationUnsafe: *vm = m default: - return fmt.Errorf(`invalid value %q (expected "strict" or "unsafe"`, m) + return fmt.Errorf(`invalid value %q (expected "strict" or "unsafe)"`, m) } return nil } -// UnmarshalText implements [encoding/text.TextUnmarshaler]. -func (ll *logLevel) UnmarshalText(text []byte) error { - switch l := logLevel(text); l { - case logLevelDebug, logLevelInfo, logLevelWarn, logLevelError: - *ll = l - default: - return fmt.Errorf(`invalid value %q (expected "debug", "info", "warn", "error")`, l) +// UnmarshalFlag implements [flags.UnmarshalFlag]. +func (vm *validationMode) UnmarshalFlag(value string) error { + var v validationMode + if err := v.UnmarshalText([]byte(value)); err != nil { + return err } + *vm = v return nil } @@ -155,20 +155,9 @@ func (cfg *config) ignoreURL(u string) bool { return cfg.ignorePattern.Matches(u) } -// slogLevel converts logLevel to [slog.Level]. -func (ll logLevel) slogLevel() slog.Level { - switch ll { - case logLevelDebug: - return slog.LevelDebug - case logLevelInfo: - return slog.LevelInfo - case logLevelWarn: - return slog.LevelWarn - case logLevelError: - return slog.LevelError - default: - return slog.LevelInfo - } +// verbose is considered a log level equal or less debug. +func (cfg *config) verbose() bool { + return cfg.LogLevel.Level <= slog.LevelDebug } // prepareDirectory ensures that the working directory @@ -209,26 +198,28 @@ func dropSubSeconds(_ []string, a slog.Attr) slog.Attr { // prepareLogging sets up the structured logging. func (cfg *config) prepareLogging() error { var w io.Writer - if cfg.LogFile == "" { + if cfg.LogFile == nil || *cfg.LogFile == "" { + log.Println("using STDERR for logging") w = os.Stderr } else { var fname string // We put the log inside the download folder // if it is not absolute. - if filepath.IsAbs(cfg.LogFile) { - fname = cfg.LogFile + if filepath.IsAbs(*cfg.LogFile) { + fname = *cfg.LogFile } else { - fname = filepath.Join(cfg.Directory, cfg.LogFile) + fname = filepath.Join(cfg.Directory, *cfg.LogFile) } f, err := os.OpenFile(fname, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0644) if err != nil { return err } + log.Printf("using %q for logging\n", *cfg.LogFile) w = f } ho := slog.HandlerOptions{ //AddSource: true, - Level: cfg.LogLevel.slogLevel(), + Level: cfg.LogLevel.Level, ReplaceAttr: dropSubSeconds, } handler := slog.NewJSONHandler(w, &ho) diff --git a/cmd/csaf_downloader/downloader.go b/cmd/csaf_downloader/downloader.go index ace7653..31c6286 100644 --- a/cmd/csaf_downloader/downloader.go +++ b/cmd/csaf_downloader/downloader.go @@ -33,8 +33,8 @@ import ( "github.com/ProtonMail/gopenpgp/v2/crypto" "golang.org/x/time/rate" - "github.com/csaf-poc/csaf_distribution/v2/csaf" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/csaf" + "github.com/csaf-poc/csaf_distribution/v3/util" ) type downloader struct { @@ -92,10 +92,26 @@ func (d *downloader) addStats(o *stats) { d.stats.add(o) } +// logRedirect logs redirects of the http client. +func logRedirect(req *http.Request, via []*http.Request) error { + vs := make([]string, len(via)) + for i, v := range via { + vs[i] = v.URL.String() + } + slog.Debug("Redirecting", + "to", req.URL.String(), + "via", strings.Join(vs, " -> ")) + return nil +} + func (d *downloader) httpClient() util.Client { hClient := http.Client{} + if d.cfg.verbose() { + hClient.CheckRedirect = logRedirect + } + var tlsConfig tls.Config if d.cfg.Insecure { tlsConfig.InsecureSkipVerify = true @@ -120,8 +136,11 @@ func (d *downloader) httpClient() util.Client { } // Add optional URL logging. - if d.cfg.Verbose { - client = &util.LoggingClient{Client: client} + if d.cfg.verbose() { + client = &util.LoggingClient{ + Client: client, + Log: httpLog("downloader"), + } } // Add optional rate limiting. @@ -135,6 +154,16 @@ func (d *downloader) httpClient() util.Client { return client } +// httpLog does structured logging in a [util.LoggingClient]. +func httpLog(who string) func(string, string) { + return func(method, url string) { + slog.Debug("http", + "who", who, + "method", method, + "url", url) + } +} + func (d *downloader) download(ctx context.Context, domain string) error { client := d.httpClient() @@ -142,9 +171,9 @@ func (d *downloader) download(ctx context.Context, domain string) error { lpmd := loader.Load(domain) - if d.cfg.Verbose { + if d.cfg.verbose() { for i := range lpmd.Messages { - slog.Info("Loading provider-metadata.json", + slog.Debug("Loading provider-metadata.json", "domain", domain, "message", lpmd.Messages[i].Message) } @@ -331,7 +360,7 @@ func (d *downloader) logValidationIssues(url string, errors []string, err error) return } if len(errors) > 0 { - if d.cfg.Verbose { + if d.cfg.verbose() { slog.Error("CSAF file has validation errors", "url", url, "error", strings.Join(errors, ", ")) @@ -388,9 +417,7 @@ nextAdvisory: } if d.cfg.ignoreURL(file.URL()) { - if d.cfg.Verbose { - slog.Warn("Ignoring URL", "url", file.URL()) - } + slog.Debug("Ignoring URL", "url", file.URL()) continue } @@ -438,22 +465,18 @@ nextAdvisory: // Only hash when we have a remote counter part we can compare it with. if remoteSHA256, s256Data, err = loadHash(client, file.SHA256URL()); err != nil { - if d.cfg.Verbose { - slog.Warn("Cannot fetch SHA256", - "url", file.SHA256URL(), - "error", err) - } + slog.Warn("Cannot fetch SHA256", + "url", file.SHA256URL(), + "error", err) } else { s256 = sha256.New() writers = append(writers, s256) } if remoteSHA512, s512Data, err = loadHash(client, file.SHA512URL()); err != nil { - if d.cfg.Verbose { - slog.Warn("Cannot fetch SHA512", - "url", file.SHA512URL(), - "error", err) - } + slog.Warn("Cannot fetch SHA512", + "url", file.SHA512URL(), + "error", err) } else { s512 = sha512.New() writers = append(writers, s512) @@ -506,11 +529,9 @@ nextAdvisory: var sign *crypto.PGPSignature sign, signData, err = loadSignature(client, file.SignURL()) if err != nil { - if d.cfg.Verbose { - slog.Warn("Downloading signature failed", - "url", file.SignURL(), - "error", err) - } + slog.Warn("Downloading signature failed", + "url", file.SignURL(), + "error", err) } if sign != nil { if err := d.checkSignature(data.Bytes(), sign); err != nil { diff --git a/cmd/csaf_downloader/forwarder.go b/cmd/csaf_downloader/forwarder.go index da7ef7e..8ceb0e5 100644 --- a/cmd/csaf_downloader/forwarder.go +++ b/cmd/csaf_downloader/forwarder.go @@ -19,8 +19,8 @@ import ( "path/filepath" "strings" - "github.com/csaf-poc/csaf_distribution/v2/internal/misc" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/internal/misc" + "github.com/csaf-poc/csaf_distribution/v3/util" ) // failedForwardDir is the name of the special sub folder @@ -116,8 +116,11 @@ func (f *forwarder) httpClient() util.Client { } // Add optional URL logging. - if f.cfg.Verbose { - client = &util.LoggingClient{Client: client} + if f.cfg.verbose() { + client = &util.LoggingClient{ + Client: client, + Log: httpLog("forwarder"), + } } f.client = client @@ -184,16 +187,10 @@ func (f *forwarder) buildRequest( // storeFailedAdvisory stores an advisory in a special folder // in case the forwarding failed. func (f *forwarder) storeFailedAdvisory(filename, doc, sha256, sha512 string) error { - dir := filepath.Join(f.cfg.Directory, failedForwardDir) // Create special folder if it does not exist. - if _, err := os.Stat(dir); err != nil { - if os.IsNotExist(err) { - if err := os.MkdirAll(dir, 0755); err != nil { - return err - } - } else { - return err - } + dir := filepath.Join(f.cfg.Directory, failedForwardDir) + if err := os.MkdirAll(dir, 0755); err != nil { + return err } // Store parts which are not empty. for _, x := range []struct { @@ -223,6 +220,19 @@ func (f *forwarder) storeFailed(filename, doc, sha256, sha512 string) { } } +// limitedString reads max bytes from reader and returns it as a string. +// Longer strings are indicated by "..." as a suffix. +func limitedString(r io.Reader, max int) (string, error) { + var msg strings.Builder + if _, err := io.Copy(&msg, io.LimitReader(r, int64(max))); err != nil { + return "", err + } + if msg.Len() >= max { + msg.WriteString("...") + } + return msg.String(), nil +} + // forward sends a given document with filename, status and // checksums to the forwarder. This is async to the degree // till the configured queue size is filled. @@ -249,16 +259,15 @@ func (f *forwarder) forward( } if res.StatusCode != http.StatusCreated { defer res.Body.Close() - var msg strings.Builder - io.Copy(&msg, io.LimitReader(res.Body, 512)) - var dots string - if msg.Len() >= 512 { - dots = "..." + if msg, err := limitedString(res.Body, 512); err != nil { + slog.Error("reading forward result failed", + "error", err) + } else { + slog.Error("forwarding failed", + "filename", filename, + "body", msg, + "status_code", res.StatusCode) } - slog.Error("forwarding failed", - "filename", filename, - "body", msg.String()+dots, - "status_code", res.StatusCode) f.storeFailed(filename, doc, sha256, sha512) } else { f.succeeded++ diff --git a/cmd/csaf_downloader/forwarder_test.go b/cmd/csaf_downloader/forwarder_test.go new file mode 100644 index 0000000..c7f8634 --- /dev/null +++ b/cmd/csaf_downloader/forwarder_test.go @@ -0,0 +1,429 @@ +// This file is Free Software under the MIT License +// without warranty, see README.md and LICENSES/MIT.txt for details. +// +// SPDX-License-Identifier: MIT +// +// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) +// Software-Engineering: 2023 Intevation GmbH + +package main + +import ( + "bufio" + "bytes" + "encoding/json" + "errors" + "io" + "log/slog" + "mime" + "mime/multipart" + "net/http" + "os" + "path/filepath" + "strings" + "testing" + + "github.com/csaf-poc/csaf_distribution/v3/internal/options" + "github.com/csaf-poc/csaf_distribution/v3/util" +) + +func TestValidationStatusUpdate(t *testing.T) { + sv := validValidationStatus + sv.update(invalidValidationStatus) + sv.update(validValidationStatus) + if sv != invalidValidationStatus { + t.Fatalf("got %q expected %q", sv, invalidValidationStatus) + } + sv = notValidatedValidationStatus + sv.update(validValidationStatus) + sv.update(notValidatedValidationStatus) + if sv != notValidatedValidationStatus { + t.Fatalf("got %q expected %q", sv, notValidatedValidationStatus) + } +} + +func TestForwarderLogStats(t *testing.T) { + orig := slog.Default() + defer slog.SetDefault(orig) + + var buf bytes.Buffer + h := slog.NewJSONHandler(&buf, &slog.HandlerOptions{ + Level: slog.LevelInfo, + }) + lg := slog.New(h) + slog.SetDefault(lg) + + cfg := &config{} + fw := newForwarder(cfg) + fw.failed = 11 + fw.succeeded = 13 + + done := make(chan struct{}) + go func() { + defer close(done) + fw.run() + }() + fw.log() + fw.close() + <-done + + type fwStats struct { + Msg string `json:"msg"` + Succeeded int `json:"succeeded"` + Failed int `json:"failed"` + } + sc := bufio.NewScanner(bytes.NewReader(buf.Bytes())) + found := false + for sc.Scan() { + var fws fwStats + if err := json.Unmarshal(sc.Bytes(), &fws); err != nil { + t.Fatalf("JSON parsing log failed: %v", err) + } + if fws.Msg == "Forward statistics" && + fws.Failed == 11 && + fws.Succeeded == 13 { + found = true + break + } + } + if err := sc.Err(); err != nil { + t.Fatalf("scanning log failed: %v", err) + } + if !found { + t.Fatal("Cannot find forward statistics in log") + } +} + +func TestForwarderHTTPClient(t *testing.T) { + cfg := &config{ + ForwardInsecure: true, + ForwardHeader: http.Header{ + "User-Agent": []string{"curl/7.55.1"}, + }, + LogLevel: &options.LogLevel{Level: slog.LevelDebug}, + } + fw := newForwarder(cfg) + if c1, c2 := fw.httpClient(), fw.httpClient(); c1 != c2 { + t.Fatal("expected to return same client twice") + } +} + +func TestForwarderReplaceExtension(t *testing.T) { + for _, x := range [][2]string{ + {"foo", "foo.ext"}, + {"foo.bar", "foo.ext"}, + {".bar", ".ext"}, + {"", ".ext"}, + } { + if got := replaceExt(x[0], ".ext"); got != x[1] { + t.Fatalf("got %q expected %q", got, x[1]) + } + } +} + +func TestForwarderBuildRequest(t *testing.T) { + + // Good case ... + cfg := &config{ + ForwardURL: "https://example.com", + } + fw := newForwarder(cfg) + + req, err := fw.buildRequest( + "test.json", "{}", + invalidValidationStatus, + "256", + "512") + + if err != nil { + t.Fatalf("buildRequest failed: %v", err) + } + mediaType, params, err := mime.ParseMediaType(req.Header.Get("Content-Type")) + if err != nil { + t.Fatalf("no Content-Type found") + } + if !strings.HasPrefix(mediaType, "multipart/") { + t.Fatalf("media type is not multipart") + } + mr := multipart.NewReader(req.Body, params["boundary"]) + + var foundAdvisory, foundValidationStatus, found256, found512 bool + + for { + p, err := mr.NextPart() + if err == io.EOF { + break + } + if err != nil { + t.Fatalf("parsing multipart failed: %v", err) + } + data, err := io.ReadAll(p) + if err != nil { + t.Fatal(err) + } + cd := p.Header["Content-Disposition"] + if len(cd) == 0 { + continue + } + + switch contains := func(name string) bool { + return strings.Contains(cd[0], `name="`+name+`"`) + }; { + case contains("advisory"): + if a := string(data); a != "{}" { + t.Fatalf("advisory: got %q expected %q", a, "{}") + } + foundAdvisory = true + case contains("validation_status"): + if vs := validationStatus(data); vs != invalidValidationStatus { + t.Fatalf("validation_status: got %q expected %q", + vs, invalidValidationStatus) + } + foundValidationStatus = true + case contains("hash-256"): + if h := string(data); h != "256" { + t.Fatalf("hash-256: got %q expected %q", h, "256") + } + found256 = true + case contains("hash-512"): + if h := string(data); h != "512" { + t.Fatalf("hash-512: got %q expected %q", h, "512") + } + found512 = true + } + } + + switch { + case !foundAdvisory: + t.Fatal("advisory not found") + case !foundValidationStatus: + t.Fatal("validation_status not found") + case !found256: + t.Fatal("hash-256 not found") + case !found512: + t.Fatal("hash-512 not found") + } + + // Bad case ... + cfg.ForwardURL = "%" + + if _, err := fw.buildRequest( + "test.json", "{}", + invalidValidationStatus, + "256", + "512", + ); err == nil { + t.Fatal("bad forward URL should result in an error") + } +} + +type badReader struct{ error } + +func (br *badReader) Read([]byte) (int, error) { return 0, br.error } + +func TestLimitedString(t *testing.T) { + for _, x := range [][2]string{ + {"xx", "xx"}, + {"xxx", "xxx..."}, + {"xxxx", "xxx..."}, + } { + got, err := limitedString(strings.NewReader(x[0]), 3) + if err != nil { + t.Fatal(err) + } + if got != x[1] { + t.Fatalf("got %q expected %q", got, x[1]) + } + } + + if _, err := limitedString(&badReader{error: os.ErrInvalid}, 3); err == nil { + t.Fatal("expected to fail with an error") + } +} + +func TestStoreFailedAdvisory(t *testing.T) { + dir, err := os.MkdirTemp("", "storeFailedAdvisory") + if err != nil { + t.Fatal(err) + } + defer os.RemoveAll(dir) + + cfg := &config{Directory: dir} + fw := newForwarder(cfg) + + badDir := filepath.Join(dir, failedForwardDir) + if err := os.WriteFile(badDir, []byte("test"), 0664); err != nil { + t.Fatal(err) + } + + if err := fw.storeFailedAdvisory("advisory.json", "{}", "256", "512"); err == nil { + t.Fatal("if the destination exists as a file an error should occur") + } + + if err := os.Remove(badDir); err != nil { + t.Fatal(err) + } + + if err := fw.storeFailedAdvisory("advisory.json", "{}", "256", "512"); err != nil { + t.Fatal(err) + } + + sha256Path := filepath.Join(dir, failedForwardDir, "advisory.json.sha256") + + // Write protect advisory. + if err := os.Chmod(sha256Path, 0); err != nil { + t.Fatal(err) + } + + if err := fw.storeFailedAdvisory("advisory.json", "{}", "256", "512"); err == nil { + t.Fatal("expected to fail with an error") + } + + if err := os.Chmod(sha256Path, 0644); err != nil { + t.Fatal(err) + } +} + +func TestStoredFailed(t *testing.T) { + dir, err := os.MkdirTemp("", "storeFailed") + if err != nil { + t.Fatal(err) + } + defer os.RemoveAll(dir) + + orig := slog.Default() + defer slog.SetDefault(orig) + + var buf bytes.Buffer + h := slog.NewJSONHandler(&buf, &slog.HandlerOptions{ + Level: slog.LevelError, + }) + lg := slog.New(h) + slog.SetDefault(lg) + + cfg := &config{Directory: dir} + fw := newForwarder(cfg) + + // An empty filename should lead to an error. + fw.storeFailed("", "{}", "256", "512") + + if fw.failed != 1 { + t.Fatalf("got %d expected 1", fw.failed) + } + + type entry struct { + Msg string `json:"msg"` + Level string `json:"level"` + } + + sc := bufio.NewScanner(bytes.NewReader(buf.Bytes())) + found := false + for sc.Scan() { + var e entry + if err := json.Unmarshal(sc.Bytes(), &e); err != nil { + t.Fatalf("JSON parsing log failed: %v", err) + } + if e.Msg == "Storing advisory failed forwarding failed" && e.Level == "ERROR" { + found = true + break + } + } + if err := sc.Err(); err != nil { + t.Fatalf("scanning log failed: %v", err) + } + if !found { + t.Fatal("Cannot error logging statistics in log") + } +} + +type fakeClient struct { + util.Client + state int +} + +func (fc *fakeClient) Do(*http.Request) (*http.Response, error) { + // The different states simulates different responses from the remote API. + switch fc.state { + case 0: + fc.state = 1 + return &http.Response{ + Status: http.StatusText(http.StatusCreated), + StatusCode: http.StatusCreated, + }, nil + case 1: + fc.state = 2 + return nil, errors.New("does not work") + case 2: + fc.state = 3 + return &http.Response{ + Status: http.StatusText(http.StatusBadRequest), + StatusCode: http.StatusBadRequest, + Body: io.NopCloser(&badReader{error: os.ErrInvalid}), + }, nil + default: + return &http.Response{ + Status: http.StatusText(http.StatusBadRequest), + StatusCode: http.StatusBadRequest, + Body: io.NopCloser(strings.NewReader("This was bad!")), + }, nil + } +} + +func TestForwarderForward(t *testing.T) { + dir, err := os.MkdirTemp("", "forward") + if err != nil { + t.Fatal(err) + } + defer os.RemoveAll(dir) + + orig := slog.Default() + defer slog.SetDefault(orig) + + // We dont care in details here as we captured them + // in the other test cases. + h := slog.NewJSONHandler(io.Discard, nil) + lg := slog.New(h) + slog.SetDefault(lg) + + cfg := &config{ + ForwardURL: "http://example.com", + Directory: dir, + } + fw := newForwarder(cfg) + + // Use the fact that http client is cached. + fw.client = &fakeClient{} + + done := make(chan struct{}) + + go func() { + defer close(done) + fw.run() + }() + + // Iterate through states of http client. + for i := 0; i <= 3; i++ { + fw.forward( + "test.json", "{}", + invalidValidationStatus, + "256", + "512") + } + + // Make buildRequest fail. + wait := make(chan struct{}) + fw.cmds <- func(f *forwarder) { + f.cfg.ForwardURL = "%" + close(wait) + } + <-wait + fw.forward( + "test.json", "{}", + invalidValidationStatus, + "256", + "512") + + fw.close() + + <-done +} diff --git a/cmd/csaf_downloader/main.go b/cmd/csaf_downloader/main.go index e8563f0..7c0e564 100644 --- a/cmd/csaf_downloader/main.go +++ b/cmd/csaf_downloader/main.go @@ -15,7 +15,7 @@ import ( "os" "os/signal" - "github.com/csaf-poc/csaf_distribution/v2/internal/options" + "github.com/csaf-poc/csaf_distribution/v3/internal/options" ) func run(cfg *config, domains []string) error { diff --git a/cmd/csaf_downloader/stats_test.go b/cmd/csaf_downloader/stats_test.go new file mode 100644 index 0000000..69567ab --- /dev/null +++ b/cmd/csaf_downloader/stats_test.go @@ -0,0 +1,112 @@ +// This file is Free Software under the MIT License +// without warranty, see README.md and LICENSES/MIT.txt for details. +// +// SPDX-License-Identifier: MIT +// +// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) +// Software-Engineering: 2023 Intevation GmbH + +package main + +import ( + "bytes" + "encoding/json" + "log/slog" + "testing" +) + +func TestStatsAdd(t *testing.T) { + a := stats{ + downloadFailed: 2, + filenameFailed: 3, + schemaFailed: 5, + remoteFailed: 7, + sha256Failed: 11, + sha512Failed: 13, + signatureFailed: 17, + succeeded: 19, + } + b := a + a.add(&b) + b.downloadFailed *= 2 + b.filenameFailed *= 2 + b.schemaFailed *= 2 + b.remoteFailed *= 2 + b.sha256Failed *= 2 + b.sha512Failed *= 2 + b.signatureFailed *= 2 + b.succeeded *= 2 + if a != b { + t.Fatalf("%v != %v", a, b) + } +} + +func TestStatsTotalFailed(t *testing.T) { + a := stats{ + downloadFailed: 2, + filenameFailed: 3, + schemaFailed: 5, + remoteFailed: 7, + sha256Failed: 11, + sha512Failed: 13, + signatureFailed: 17, + } + sum := a.downloadFailed + + a.filenameFailed + + a.schemaFailed + + a.remoteFailed + + a.sha256Failed + + a.sha512Failed + + a.signatureFailed + if got := a.totalFailed(); got != sum { + t.Fatalf("got %d expected %d", got, sum) + } +} + +func TestStatsLog(t *testing.T) { + var out bytes.Buffer + h := slog.NewJSONHandler(&out, &slog.HandlerOptions{Level: slog.LevelInfo}) + orig := slog.Default() + defer slog.SetDefault(orig) + slog.SetDefault(slog.New(h)) + a := stats{ + downloadFailed: 2, + filenameFailed: 3, + schemaFailed: 5, + remoteFailed: 7, + sha256Failed: 11, + sha512Failed: 13, + signatureFailed: 17, + succeeded: 19, + } + a.log() + type result struct { + Succeeded int `json:"succeeded"` + TotalFailed int `json:"total_failed"` + FilenameFailed int `json:"filename_failed"` + DownloadFailed int `json:"download_failed"` + SchemaFailed int `json:"schema_failed"` + RemoteFailed int `json:"remote_failed"` + SHA256Failed int `json:"sha256_failed"` + SHA512Failed int `json:"sha512_failed"` + SignatureFailed int `json:"signature_failed"` + } + var got result + if err := json.Unmarshal(out.Bytes(), &got); err != nil { + t.Fatal(err) + } + want := result{ + Succeeded: a.succeeded, + TotalFailed: a.totalFailed(), + FilenameFailed: a.filenameFailed, + DownloadFailed: a.downloadFailed, + SchemaFailed: a.schemaFailed, + RemoteFailed: a.remoteFailed, + SHA256Failed: a.sha256Failed, + SHA512Failed: a.sha512Failed, + SignatureFailed: a.signatureFailed, + } + if got != want { + t.Fatalf("%v != %v", got, want) + } +} diff --git a/cmd/csaf_provider/actions.go b/cmd/csaf_provider/actions.go index 9b39a5a..54d4e24 100644 --- a/cmd/csaf_provider/actions.go +++ b/cmd/csaf_provider/actions.go @@ -25,8 +25,9 @@ import ( "github.com/ProtonMail/gopenpgp/v2/armor" "github.com/ProtonMail/gopenpgp/v2/constants" "github.com/ProtonMail/gopenpgp/v2/crypto" - "github.com/csaf-poc/csaf_distribution/v2/csaf" - "github.com/csaf-poc/csaf_distribution/v2/util" + + "github.com/csaf-poc/csaf_distribution/v3/csaf" + "github.com/csaf-poc/csaf_distribution/v3/util" ) const dateFormat = time.RFC3339 diff --git a/cmd/csaf_provider/config.go b/cmd/csaf_provider/config.go index 172d044..af99cc1 100644 --- a/cmd/csaf_provider/config.go +++ b/cmd/csaf_provider/config.go @@ -16,8 +16,9 @@ import ( "github.com/BurntSushi/toml" "github.com/ProtonMail/gopenpgp/v2/crypto" - "github.com/csaf-poc/csaf_distribution/v2/csaf" "golang.org/x/crypto/bcrypt" + + "github.com/csaf-poc/csaf_distribution/v3/csaf" ) const ( diff --git a/cmd/csaf_provider/create.go b/cmd/csaf_provider/create.go index 83252ba..8e882a5 100644 --- a/cmd/csaf_provider/create.go +++ b/cmd/csaf_provider/create.go @@ -21,8 +21,9 @@ import ( "unicode" "github.com/ProtonMail/gopenpgp/v2/crypto" - "github.com/csaf-poc/csaf_distribution/v2/csaf" - "github.com/csaf-poc/csaf_distribution/v2/util" + + "github.com/csaf-poc/csaf_distribution/v3/csaf" + "github.com/csaf-poc/csaf_distribution/v3/util" ) // ensureFolders initializes the paths and call functions to create diff --git a/cmd/csaf_provider/files.go b/cmd/csaf_provider/files.go index 003ef4c..0b3c5ed 100644 --- a/cmd/csaf_provider/files.go +++ b/cmd/csaf_provider/files.go @@ -13,7 +13,7 @@ import ( "crypto/sha512" "os" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/util" ) func writeHashedFile(fname, name string, data []byte, armored string) error { diff --git a/cmd/csaf_provider/indices.go b/cmd/csaf_provider/indices.go index 53fe378..a7ecd3b 100644 --- a/cmd/csaf_provider/indices.go +++ b/cmd/csaf_provider/indices.go @@ -18,7 +18,7 @@ import ( "sort" "time" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/util" ) func updateIndex(dir, fname string) error { diff --git a/cmd/csaf_provider/main.go b/cmd/csaf_provider/main.go index ec41898..2264676 100644 --- a/cmd/csaf_provider/main.go +++ b/cmd/csaf_provider/main.go @@ -16,8 +16,9 @@ import ( "net/http/cgi" "os" - "github.com/csaf-poc/csaf_distribution/v2/util" "github.com/jessevdk/go-flags" + + "github.com/csaf-poc/csaf_distribution/v3/util" ) type options struct { diff --git a/cmd/csaf_provider/rolie.go b/cmd/csaf_provider/rolie.go index 16d871e..ea48480 100644 --- a/cmd/csaf_provider/rolie.go +++ b/cmd/csaf_provider/rolie.go @@ -15,8 +15,8 @@ import ( "strings" "time" - "github.com/csaf-poc/csaf_distribution/v2/csaf" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/csaf" + "github.com/csaf-poc/csaf_distribution/v3/util" ) // mergeCategories merges the given categories into the old ones. diff --git a/cmd/csaf_provider/transaction.go b/cmd/csaf_provider/transaction.go index 07bc4cd..6d4f69d 100644 --- a/cmd/csaf_provider/transaction.go +++ b/cmd/csaf_provider/transaction.go @@ -12,8 +12,8 @@ import ( "os" "path/filepath" - "github.com/csaf-poc/csaf_distribution/v2/csaf" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/csaf" + "github.com/csaf-poc/csaf_distribution/v3/util" ) func doTransaction( diff --git a/cmd/csaf_uploader/config.go b/cmd/csaf_uploader/config.go index 9d2ae20..5892eea 100644 --- a/cmd/csaf_uploader/config.go +++ b/cmd/csaf_uploader/config.go @@ -15,10 +15,11 @@ import ( "os" "github.com/ProtonMail/gopenpgp/v2/crypto" - "github.com/csaf-poc/csaf_distribution/v2/internal/certs" - "github.com/csaf-poc/csaf_distribution/v2/internal/options" "golang.org/x/crypto/bcrypt" "golang.org/x/term" + + "github.com/csaf-poc/csaf_distribution/v3/internal/certs" + "github.com/csaf-poc/csaf_distribution/v3/internal/options" ) const ( diff --git a/cmd/csaf_uploader/main.go b/cmd/csaf_uploader/main.go index 522af41..1546099 100644 --- a/cmd/csaf_uploader/main.go +++ b/cmd/csaf_uploader/main.go @@ -9,7 +9,7 @@ // Implements a command line tool that uploads csaf documents to csaf_provider. package main -import "github.com/csaf-poc/csaf_distribution/v2/internal/options" +import "github.com/csaf-poc/csaf_distribution/v3/internal/options" func main() { args, cfg, err := parseArgsConfig() diff --git a/cmd/csaf_uploader/processor.go b/cmd/csaf_uploader/processor.go index 9fcc994..fa2e59d 100644 --- a/cmd/csaf_uploader/processor.go +++ b/cmd/csaf_uploader/processor.go @@ -26,9 +26,9 @@ import ( "github.com/ProtonMail/gopenpgp/v2/constants" "github.com/ProtonMail/gopenpgp/v2/crypto" - "github.com/csaf-poc/csaf_distribution/v2/csaf" - "github.com/csaf-poc/csaf_distribution/v2/internal/misc" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/csaf" + "github.com/csaf-poc/csaf_distribution/v3/internal/misc" + "github.com/csaf-poc/csaf_distribution/v3/util" ) type processor struct { diff --git a/cmd/csaf_validator/main.go b/cmd/csaf_validator/main.go index 0d3f272..559562e 100644 --- a/cmd/csaf_validator/main.go +++ b/cmd/csaf_validator/main.go @@ -16,9 +16,10 @@ import ( "os" "path/filepath" - "github.com/csaf-poc/csaf_distribution/v2/csaf" - "github.com/csaf-poc/csaf_distribution/v2/util" "github.com/jessevdk/go-flags" + + "github.com/csaf-poc/csaf_distribution/v3/csaf" + "github.com/csaf-poc/csaf_distribution/v3/util" ) type options struct { diff --git a/csaf/advisories.go b/csaf/advisories.go index 26ff850..9c22ed3 100644 --- a/csaf/advisories.go +++ b/csaf/advisories.go @@ -18,7 +18,7 @@ import ( "strings" "time" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/util" ) // AdvisoryFile constructs the urls of a remote file. diff --git a/csaf/models.go b/csaf/models.go index ac797e6..cf519fa 100644 --- a/csaf/models.go +++ b/csaf/models.go @@ -17,7 +17,7 @@ import ( "strings" "time" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/util" ) // TLPLabel is the traffic light policy of the CSAF. diff --git a/csaf/providermetaloader.go b/csaf/providermetaloader.go index 2c8ec2e..4e4eb49 100644 --- a/csaf/providermetaloader.go +++ b/csaf/providermetaloader.go @@ -17,7 +17,7 @@ import ( "net/http" "strings" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/util" ) // ProviderMetadataLoader helps load provider-metadata.json from diff --git a/csaf/rolie.go b/csaf/rolie.go index 646a55f..c25e6b4 100644 --- a/csaf/rolie.go +++ b/csaf/rolie.go @@ -14,7 +14,7 @@ import ( "sort" "time" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/util" ) // ROLIEServiceWorkspaceCollectionCategoriesCategory is a category in a ROLIE service collection. diff --git a/csaf/summary.go b/csaf/summary.go index c1b98e8..9d4d563 100644 --- a/csaf/summary.go +++ b/csaf/summary.go @@ -11,7 +11,7 @@ package csaf import ( "time" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/util" ) const ( diff --git a/csaf/validation.go b/csaf/validation.go index 848b12b..ebfdeff 100644 --- a/csaf/validation.go +++ b/csaf/validation.go @@ -92,6 +92,7 @@ func loadURL(s string) (io.ReadCloser, error) { func (cs *compiledSchema) compile() { c := jsonschema.NewCompiler() + c.AssertFormat = true c.LoadURL = loadURL cs.compiled, cs.err = c.Compile(cs.url) } diff --git a/docs/csaf_downloader.md b/docs/csaf_downloader.md index 122f5b1..37bc248 100644 --- a/docs/csaf_downloader.md +++ b/docs/csaf_downloader.md @@ -14,10 +14,8 @@ Application Options: --client-key=KEY-FILE TLS client private key file (PEM encoded data) --client-passphrase=PASSPHRASE Optional passphrase for the client cert (limited, experimental, see doc) --version Display version of the binary - -v, --verbose Verbose output -n, --nostore Do not store files - -r, --rate= The average upper limit of https operations per second (defaults to - unlimited) + -r, --rate= The average upper limit of https operations per second (defaults to unlimited) -w, --worker=NUM NUMber of concurrent downloads (default: 2) -t, --timerange=RANGE RANGE of time from which advisories to download -f, --folder=FOLDER Download into a given subFOLDER @@ -65,7 +63,6 @@ insecure = false # client_key # not set by default # client_passphrase # not set by default ignoresigcheck = false -verbose = false # rate # set to unlimited worker = 2 # timerange # not set by default @@ -126,6 +123,14 @@ In the config file this has to be noted as: ignorepattern = [".*white.*", ".*red.*"] ``` +#### Forwarding +The downloader is able to forward downloaded advisories and their checksums, +OpenPGP signatures and validation results to an HTTP endpoint. +The details of the implemented API are described [here](https://github.com/mfd2007/csaf_upload_interface). +**Attention** This is a work in progress. There is +no production ready server which implements this protocol. +The server in the linked repository is currently for development and testing only. + #### beware of client cert passphrase The `client-passphrase` option implements a legacy private diff --git a/docs/scripts/testDownloader.sh b/docs/scripts/testDownloader.sh index 2fde1f2..3596399 100755 --- a/docs/scripts/testDownloader.sh +++ b/docs/scripts/testDownloader.sh @@ -18,7 +18,7 @@ echo '==== run downloader (1)' mkdir ~/downloaded1 ./bin-linux-amd64/csaf_downloader --directory ../downloaded1 \ - --rate 4.1 --verbose --insecure localhost + --rate 4.1 --insecure localhost echo echo '==== this was downloaded (1)' @@ -32,7 +32,7 @@ echo '==== run downloader (2)' mkdir ~/downloaded2 ./bin-linux-amd64/csaf_downloader --directory ../downloaded2 \ - --verbose --insecure https://localhost:9443/.well-known/csaf-aggregator/local-dev-provider2/provider-metadata.json + --insecure https://localhost:9443/.well-known/csaf-aggregator/local-dev-provider2/provider-metadata.json echo echo '==== this was downloaded (2)' diff --git a/go.mod b/go.mod index dbbbcff..1304cc9 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/csaf-poc/csaf_distribution/v2 +module github.com/csaf-poc/csaf_distribution/v3 go 1.21 @@ -6,26 +6,26 @@ require ( github.com/BurntSushi/toml v1.3.2 github.com/PaesslerAG/gval v1.2.2 github.com/PaesslerAG/jsonpath v0.1.1 - github.com/ProtonMail/gopenpgp/v2 v2.7.2 + github.com/ProtonMail/gopenpgp/v2 v2.7.3 github.com/PuerkitoBio/goquery v1.8.1 github.com/gofrs/flock v0.8.1 github.com/jessevdk/go-flags v1.5.0 github.com/mitchellh/go-homedir v1.1.0 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 go.etcd.io/bbolt v1.3.7 - golang.org/x/crypto v0.12.0 - golang.org/x/term v0.11.0 + golang.org/x/crypto v0.13.0 + golang.org/x/term v0.12.0 golang.org/x/time v0.3.0 ) require ( - github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect + github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect github.com/andybalholm/cascadia v1.3.2 // indirect github.com/cloudflare/circl v1.3.3 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/shopspring/decimal v1.3.1 // indirect - golang.org/x/net v0.14.0 // indirect - golang.org/x/sys v0.11.0 // indirect - golang.org/x/text v0.12.0 // indirect + golang.org/x/net v0.15.0 // indirect + golang.org/x/sys v0.12.0 // indirect + golang.org/x/text v0.13.0 // indirect ) diff --git a/go.sum b/go.sum index afa3441..f5220ad 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,3 @@ -github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak= -github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/PaesslerAG/gval v1.0.0/go.mod h1:y/nm5yEyTeX6av0OfKJNp9rBNj2XrGhAf5+v24IBN1I= @@ -8,29 +6,19 @@ github.com/PaesslerAG/gval v1.2.2/go.mod h1:XRFLwvmkTEdYziLdaCeCa5ImcGVrfQbeNUbV github.com/PaesslerAG/jsonpath v0.1.0/go.mod h1:4BzmtoM/PI8fPO4aQGIusjGxGir2BzcV0grWtFzq1Y8= github.com/PaesslerAG/jsonpath v0.1.1 h1:c1/AToHQMVsduPAa4Vh6xp2U0evy4t8SWp8imEsylIk= github.com/PaesslerAG/jsonpath v0.1.1/go.mod h1:lVboNxFGal/VwW6d9JzIy56bUsYAP6tH/x80vjnCseY= -github.com/ProtonMail/go-crypto v0.0.0-20230321155629-9a39f2531310/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE= -github.com/ProtonMail/go-crypto v0.0.0-20230424174541-a2e3b023bd29 h1:1QMcTLW3bmjbdwFYzodd8EnMA2+OhiZlmrLxoL3tQec= -github.com/ProtonMail/go-crypto v0.0.0-20230424174541-a2e3b023bd29/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE= -github.com/ProtonMail/go-crypto v0.0.0-20230626094100-7e9e0395ebec h1:vV3RryLxt42+ZIVOFbYJCH1jsZNTNmj2NYru5zfx+4E= -github.com/ProtonMail/go-crypto v0.0.0-20230626094100-7e9e0395ebec/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= -github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 h1:KLq8BE0KwCL+mmXnjLWEAOYO+2l2AE4YMmqG1ZpZHBs= github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= +github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE= +github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k= github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw= -github.com/ProtonMail/gopenpgp/v2 v2.7.1 h1:Awsg7MPc2gD3I7IFac2qE3Gdls0lZW8SzrFZ3k1oz0s= -github.com/ProtonMail/gopenpgp/v2 v2.7.1/go.mod h1:/BU5gfAVwqyd8EfC3Eu7zmuhwYQpKs+cGD8M//iiaxs= -github.com/ProtonMail/gopenpgp/v2 v2.7.2 h1:mIwxSUPezxNYq0RA5106VPWyKC+Ly3FvBUnBJh/7GWw= -github.com/ProtonMail/gopenpgp/v2 v2.7.2/go.mod h1:IhkNEDaxec6NyzSI0PlxapinnwPVIESk8/76da3Ct3g= +github.com/ProtonMail/gopenpgp/v2 v2.7.3 h1:AJu1OI/1UWVYZl6QcCLKGu9OTngS2r52618uGlje84I= +github.com/ProtonMail/gopenpgp/v2 v2.7.3/go.mod h1:IhkNEDaxec6NyzSI0PlxapinnwPVIESk8/76da3Ct3g= github.com/PuerkitoBio/goquery v1.8.1 h1:uQxhNlArOIdbrH1tr0UXwdVFgDcZDrZVdcpygAcwmWM= github.com/PuerkitoBio/goquery v1.8.1/go.mod h1:Q8ICL1kNUJ2sXGoAhPGUdYDJvgQgHzJsnnd3H7Ho5jQ= github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA= github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss= github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU= -github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= -github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= -github.com/cloudflare/circl v1.3.2 h1:VWp8dY3yH69fdM7lM6A1+NhhVoDu9vqK0jOgmkQHFWk= -github.com/cloudflare/circl v1.3.2/go.mod h1:+CauBF6R70Jqcyl8N2hC8pAXYbWkGIezuSbuGLtRhnw= github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -46,8 +34,6 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/santhosh-tekuri/jsonschema/v5 v5.3.0 h1:uIkTLo0AGRc8l7h5l9r+GcYi9qfVPt6lD4/bhmzfiKo= -github.com/santhosh-tekuri/jsonschema/v5 v5.3.0/go.mod h1:FKdcjfQW6rpZSnxxUvEA5H/cDPdvJ/SZJQLWWXWGrZ0= github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4= github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY= github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= @@ -55,6 +41,7 @@ github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFR github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ= go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= @@ -62,12 +49,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ= -golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE= -golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM= -golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= -golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= -golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= +golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck= +golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -78,12 +61,9 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= -golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= -golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= -golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= -golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= +golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8= +golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -92,30 +72,23 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= -golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= -golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28= -golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= -golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0= -golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= +golang.org/x/term v0.12.0 h1:/ZfYdc3zq+q02Rv9vGqTeSItdzZTSNDmfTi0mBAuidU= +golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -123,12 +96,9 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58= -golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= -golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -140,3 +110,4 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/internal/certs/certs_test.go b/internal/certs/certs_test.go new file mode 100644 index 0000000..e9a36cd --- /dev/null +++ b/internal/certs/certs_test.go @@ -0,0 +1,63 @@ +// This file is Free Software under the MIT License +// without warranty, see README.md and LICENSES/MIT.txt for details. +// +// SPDX-License-Identifier: MIT +// +// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) +// Software-Engineering: 2023 Intevation GmbH + +package certs + +import "testing" + +// TestLoadCertificates tests if LoadCertificate correctly loads +// valid certificates and throws an error at invalid certificates, +// keys or passphrases +func TestLoadCertificates(t *testing.T) { + var ( + testCert = "data/testclient.crt" + testKey = "data/testclientkey.pem" + passphrase = "qwer" + missingCert = "data/testclientcert_missing.crt" + missingTestkey = "data/testclientkey_missing.pem" + privateKey = "data/privated.pem" + privateCert = "data/cert.crt" + ) + + // Try to load cert that is not protected, expect success. + if cert, err := LoadCertificate(&testCert, &testKey, nil); cert == nil || err != nil { + t.Errorf("Failure: Couldn't load supposedly valid certificate.") + } + // Try to load no cert, expect error. + if cert, err := LoadCertificate(nil, &testKey, nil); cert != nil || err == nil { + t.Errorf("Failure: No error despite missing certificate") + } + // Try to load cert using a nonexistent key, expect error. + if cert, err := LoadCertificate(&testCert, &missingTestkey, nil); cert != nil || err == nil { + t.Errorf("Failure: No Failure while loading certificate using missing key.") + } + // Try to decrypt not encrypted cert, expect error + if cert, err := LoadCertificate(&testCert, &testKey, &passphrase); cert != nil || err == nil { + t.Errorf("Failure: Could load unprotected valid certificate with passphrase.") + } + // Try to load encrypted cert using a nonexistent key, but valid passphrase. Expect error. + if cert, err := LoadCertificate(&testCert, &missingTestkey, &passphrase); cert != nil || err == nil { + t.Errorf("Failure: No Failure while loading certificate using missing key with passphrase.") + } + // Try to load encrypted cert, expecting success. + if cert, err := LoadCertificate(&privateCert, &privateKey, &passphrase); cert == nil || err != nil { + t.Errorf("Failure: Couldn't load supposedly valid encrypted certificate.") + } + // Try to load wrong encrypted cert, expecting error. + if cert, err := LoadCertificate(&testKey, &privateKey, &passphrase); cert != nil || err == nil { + t.Errorf("Failure: No Failure while loading certificate using wrong encrypted key.") + } + // Try to load nonexistent encrypted cert, expecting error. + if cert, err := LoadCertificate(&missingCert, &privateKey, &passphrase); cert != nil || err == nil { + t.Errorf("Failure: No Failure while loading nonexistens certificate.") + } + // Try to load nonexistent encrypted cert, expecting error. + if cert, err := LoadCertificate(nil, nil, nil); cert != nil || err != nil { + t.Errorf("Failure: Expected nil return.") + } +} diff --git a/internal/certs/data/cert.crt b/internal/certs/data/cert.crt new file mode 100644 index 0000000..f80d61c --- /dev/null +++ b/internal/certs/data/cert.crt @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIGajCCBNKgAwIBAgIUGNi4GgCUssOOe3k0VuHf3R0+d54wDQYJKoZIhvcNAQEL +BQAwgY0xFDASBgNVBAMTC0NvbW1vbiBuYW1lMRMwEQYDVQQLEwppbnRldmF0aW9u +MRMwEQYDVQQKEwppbnRldmF0aW9uMRMwEQYDVQQHEwppbnRldmF0aW9uMRUwEwYD +VQQIEwxMb3dlciBTYXhvbnkxCzAJBgNVBAYTAkdFMRIwEAYKCZImiZPyLGQBGRYC +REMwHhcNMjMwOTE5MDcwMDA1WhcNMjYwNjE0MDcwMDA3WjCB8DEQMA4GA1UEAxMH +cmVxdWVzdDETMBEGA1UECxMKaW50ZXZhdGlvbjETMBEGA1UEChMKaW50ZXZhdGlv +bjETMBEGA1UEBxMKb3NuYWJydWVjazEVMBMGA1UECBMMbG93ZXIgc2F4b255MQsw +CQYDVQQGEwJHRTESMBAGCgmSJomT8ixkARkWAkRDMREwDwYKCZImiZPyLGQBGRYB +LjERMA8GCgmSJomT8ixkARkWAS4xETAPBgoJkiaJk/IsZAEZFgEuMRMwEQYKCZIm +iZPyLGQBGRYDd3d3MRcwFQYKCZImiZPyLGQBARMHbm8gaWRlYTCCAaIwDQYJKoZI +hvcNAQEBBQADggGPADCCAYoCggGBAN0vZbLXtRzd61rR8Hos0BGnqCaJXIwGARwx +JojMyxASFT+KeC4QDRkgRrK6OY4k/i7TEHuUGk/Bm754++554wmmhDqv1Q4+VhhR +1K/JAz/HVZNTAR1rPKwG82lyEpPxlRNZg/QtF9DqQSoSkL/fJLs+rq4zlKozXzRE +auZ5Be8So1dXRZfMVUMDgtk+IX8+iCeZisiWfv62ttQ0EiuiXLagd6ruEuoCSVi2 +tVswsC/Hp8AI2Ro56mmHiWthuae1H8yDWUFLSe9AQW65qC/xVUgo/nMpK2BYVFKb +70TMjl/dZM0Qn1tdiNyqCkbIhXjklZvZYhO+15TPkgDXDsqRUjpTrLZXLGrD6XIx +CRLZGY6YrUfsFTjUC6JrUrAR8zY7SLsYN5sUmFUSMpJnI+T/SD4p/0CXrKrbMOjW +Qqz6FX/WHPxvswGKHk5zHYGHrzx7OKmfVa6gzUgZSfOHj2xOOR2Un9DwNavIrmSC +WYXKZqig5qDyfzBvlXWEio/5GrDwgQIDAQABo4IBWzCCAVcwgcIGA1UdEQSBujCB +t4IrYSBkbnNOYW1lIG9mIHRoZSBzdWJqZWN0IG9mIHRoZSBjZXJ0aWZpY2F0ZYI3 +YW4gYWRkaXRpb25hbCBkbnNOYW1lIG9mIHRoZSBzdWJqZWN0IG9mIHRoZSBjZXJ0 +aWZpY2F0ZYIBLoIBLoIBLoIBLoIBLoIBLoIBLoIBLoIBLoIBLoIBLoIBLoIBLoIP +c2Vjb25kIGFkZGl0aW9ugg50aGlyZCBhZGRpdGlvboIHZG5zTmFtZTAMBgNVHRMB +Af8EAjAAMDEGA1UdJQQqMCgGCCsGAQUFBwMJBggrBgEFBQcDAgYIKwYBBQUHAwEG +CCsGAQUFBwMCMA8GA1UdDwEB/wQFAwMHsAAwHQYDVR0OBBYEFKrFhODjTKCopb+W +Qa29PsHR4HXgMB8GA1UdIwQYMBaAFCyZxCa1ZUHVy8LjikE8zumAiEgfMA0GCSqG +SIb3DQEBCwUAA4IBgQBTrAgh6d+qiLumEfmkNCmhewxKxDZp+Ni2nz9XRzNO2cQE +U0n8MdbnQInW3xJXng2sAcl1fQz0RN1hkyjDwi69mbbPgcTYmxJFvyt+zRYBe/Sq +4CGGkxEdPW94tMpQ6SrCn2mAMnvcq9A1pYBVYyPeUsaRHC5OUBFOMCevNy8JwNyY +MJ0H5HQCyCysbzA1d521pogGUs/tmbE+ym9zpV8vG0b6De1PexjVeGkTNYz6NCR2 +VZTQ+OJ5iE5pHPEC1Qif44LrR9Kdn/wu3RjTYyHeBOJFjK+DKgleNF4QVTcZQIPE +snN4H+/VSgTZQ3kgWbtpd1m5oRBJovEc2Qe+l+iDFCk8OA4z/x+fkvOeD3NUAl7D +9Pt3cP3UtWUJp4NJn2dvUljmQhB02HSqdNBhqKSg4/cf7l8Zo1ejvBUosrlgw3C3 +apDaC4/xk7woFKVYW25teH2ze+Gpz/YsLDtmL7Bri8CGVsqsN9yqO8SstwKBa3Rt +xQ2em6XnnanApT4iFX4= +-----END CERTIFICATE----- diff --git a/internal/certs/data/privated.pem b/internal/certs/data/privated.pem new file mode 100644 index 0000000..354598a --- /dev/null +++ b/internal/certs/data/privated.pem @@ -0,0 +1,42 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CBC,054A583F6C90570F + +tlGw8qlO25FaQdRLkai5L1JHWz/5fC4zd3qFISWssYH2FEnz8yfYsCoRLivVYhJB +fswOTj9h5b1RYRsWfIwCGfyNeOj8hkQrLwCW607vbhydGGJ4xc5RBF9MK0QCjSNT +r8myedNyfI4nm5enNVFDqYsqAc7cA3m1qw+QsAhPOrASDTp5svHR7g9+T6P5GDHm +B79nap02kfmodC7ytmWDBEclJ45Y19LOucN0+Nl6JgKkQEfWB/p2s2kGAGY1Of3X +/ERPOqeqZdFSdPDyX+mrzjGVhypgjBaz7XRh8OSeW8UP70rE+9aZKn9fIs2NyYMH +wwCElUmFV1Ye+/JtE4+Rcu6pG7NrX1rAC+pqPZaF8PT/kEuawiwrMuU0RP/8Y6mn +PRZZGZhXwBcfWPDN+JIj7e1NAXynwP/d4Pc4nb1O6EG3/Yip+F9NNaNbEfS4z9eV +Se7Gr/ySwxFhww9KhMtFYhkb6DVzy7StXpDqDmLhaF+qGCl86XRzZHho6EwQi+9r +c3VXbgogbjwIP8OgAKIZLuMxETZb0rvOr87sMAiqWRx+gRhryNniNr70anY8Vkpl +jcw6SJdqWuvOGaKjxWgdcHOzHdISEu/W6z8euTzMxX6/C7hBrKT8Edt71Jha26a5 +ZZNDH2XoqDphelfCbrARhw4P++KcnhPsY2da5cJ4021dfwXQGbGjcW1EAR3tCP/U +NKWc8Wm4dzuQSMqJERbWlXL8/UuvtyJR8VgNueg8EAHXCWBCS9i1i06gla9gPbdy +erhMDtUsJepFPDZVuqvm0dIjBaldl+74FHnPQ6+qFHXy6f71bGOmbonspnApqoeP +gc4zB65Nv+ws//XfdgwHhmtUkWS2ANPNQhU9o92l8XlqKicGC72dEEsR2TMS7fEW +K9/d06ZGu83FEXL43OXN79JmkpblonCWRgyVF7WPGufm+dtmR5zlIQruW2FJVwPZ +QmOioJYlSopOztyyBIuhZaNwVDQgoFtwHKRWAUseodzmHuPpvWCBjlL4hebJ7O0T +HGHGddqam3IPmyradhk0o1Qb54uk9rrzKWjcOEw850mJt3DnkHRNRgY96Gg0fA+m ++UxEOuGPvOudOMtC32vDKwAZ9eGgxAKea/kvaLFdPqwiq3B+IBetjSYGZ2kxVOAD +K8rHH6bnzrrasKHfOIBpw4MsiAG19sW1fFL61v5OXTcLOEQ/UVC8WinSj3JK894O +XjETyg8zvH+bYdlv9T2SGvAAzv1bJ3Iw9kb2VK0ZgwfwQgKpCDe6PEFLP7K2NNdF +zSw1GHOiDewsMD7VSfkmtevhzTOcQd/3uoyn/5ftcvcbqI4CGxP6kOxmul3NdfYl +insi95+IuhkSUQL02AdkI3SQhSnfmFRZSsy6JTXSN/7XOOzRFyMJcR1WlXOKFpt9 +G/bYGjVmfxtRqH4ZO7irCPiM+ZudXvPCl5VhZReBsJeEJcNuR36QTJIL3RQHyKTD +9Z12PegrgPXDgkSns1s8phTu+GygIEh67yLPbPYohYYbJUOkab7Il3JauihnuMSP +2BDDbwdvL1V7TQCmnopNb1srZj3q/1eWKmik2U1kvc78c3W03NC5wFETic2QCM9z +u/IaKAjO/kvSB8+ClSYaZDVLuBgUHf0DSG9cb5eoPqFt3t4zuWQhQjJR1YlLtQsJ +YSQFf0WqGj6sA2+AIy6Fv3oitlOPtRi/2seZ8ACSqxbwUFf3to8ZA3rJNoaYLvsT +sz++DrA8oHr4eDOiCoLeU6MLNiUvB6RGtjDwhQDh2LoJJyAdh9wB3vaAmEJ1u3o4 +cGyTCxbbkxRCWhMWW4NJbvdZORYhhhIu+TH5DaLgsZS1n+UF/amKQ0m8sj968Uo/ +w05QBNm/F3zg5dpzyW7uEfti8DaP/apDcf1dHSpk9ERkJ/QSIdgzGmrROQvh2tF/ +nvubXXMAex0tXFS6eyIZVgkT1S5eF001DsxIlp/jY6oFUYHquMcOQkyRAvUTvLO1 +pkexrPYrmx/alP71nNrBfixSTHMuPVb2jC38ElzllgxHfaaI5Q1hef4lVaErNaQ3 +m1hvE7dYkNomTt9fu/LHaxtw/P1eBlL44QcfqdqL67ROES+fB27d8vbajm1EQraw +QUoY+NM5KeQyKeRPWxDVQwAv02Lof/FSiB01yNqrzmRojtTykKB5VrnIA1DDP2vI +SoZjPZOSIJHh3qlDaKxlGOQD9Wp4OtIPLqxpBmRgGcq2AVtm57jRAF634nTGvB+N +7fvMpBay3EZy3sauM4MZk7bytJKK6huQjmER+GM/F/Wyw28L7rewK8ukPKx8Wybc +ljVLrduRPt97JH4WWejy+k5vv4LHWJLsGGU474YHGMXF2VE3kJ3JKj8Wm5gS6p/p +-----END RSA PRIVATE KEY----- diff --git a/internal/certs/data/testclient.crt b/internal/certs/data/testclient.crt new file mode 100644 index 0000000..f46f386 --- /dev/null +++ b/internal/certs/data/testclient.crt @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEkDCCAvigAwIBAgIBFDANBgkqhkiG9w0BAQsFADBKMQ8wDQYDVQQDEwZUZXN0 +ZXIxKjAoBgNVBAoTIUNTQUYgVG9vbHMgRGV2ZWxvcG1lbnQgKGludGVybmFsKTEL +MAkGA1UEBhMCREUwHhcNMjMwOTA0MDcyMjAzWhcNMjMxMDI0MDcyMjAzWjBVMRow +GAYDVQQDExFUTFMgVGVzdCBDbGllbnQgMTEqMCgGA1UEChMhQ1NBRiBUb29scyBE +ZXZlbG9wbWVudCAoaW50ZXJuYWwpMQswCQYDVQQGEwJERTCCAaIwDQYJKoZIhvcN +AQEBBQADggGPADCCAYoCggGBAN0vZbLXtRzd61rR8Hos0BGnqCaJXIwGARwxJojM +yxASFT+KeC4QDRkgRrK6OY4k/i7TEHuUGk/Bm754++554wmmhDqv1Q4+VhhR1K/J +Az/HVZNTAR1rPKwG82lyEpPxlRNZg/QtF9DqQSoSkL/fJLs+rq4zlKozXzREauZ5 +Be8So1dXRZfMVUMDgtk+IX8+iCeZisiWfv62ttQ0EiuiXLagd6ruEuoCSVi2tVsw +sC/Hp8AI2Ro56mmHiWthuae1H8yDWUFLSe9AQW65qC/xVUgo/nMpK2BYVFKb70TM +jl/dZM0Qn1tdiNyqCkbIhXjklZvZYhO+15TPkgDXDsqRUjpTrLZXLGrD6XIxCRLZ +GY6YrUfsFTjUC6JrUrAR8zY7SLsYN5sUmFUSMpJnI+T/SD4p/0CXrKrbMOjWQqz6 +FX/WHPxvswGKHk5zHYGHrzx7OKmfVa6gzUgZSfOHj2xOOR2Un9DwNavIrmSCWYXK +Zqig5qDyfzBvlXWEio/5GrDwgQIDAQABo3YwdDAMBgNVHRMBAf8EAjAAMBMGA1Ud +JQQMMAoGCCsGAQUFBwMCMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFKrFhODj +TKCopb+WQa29PsHR4HXgMB8GA1UdIwQYMBaAFI6GhktAq9L2uRChC9LcXeedKiUg +MA0GCSqGSIb3DQEBCwUAA4IBgQAbUDaIkmubooDde7BpZQx742BsPg4IN68bIg9A +3jI9codx9c8l9ROvZ/7FeRNXzhYrQUwzcKpwtQ1mB7kM85oXaTLxrtnkZAO2fFSb +8RA6QjOrnOvewWaO3moCZaPnN1wWtlnUev2tD7D2Tz/f20dE2wbDV0BGb8bU4eGI +UVgzYrMh0MHaC8LKoXUWP97jp/p+9CG4D2S1CmpzP2Nm1dS03oj4UHIUtamjivYY +vOeoKATXmj59lgYqqoAVbTH6f4mZlZGmzUhRxK6hck7xBdiXAwfta72m4WzE7HRh +nHAgO5aVWb6zltvVDJhYumB9Itv+LI7uU8fF9Uyc65SZ2BevxgikoDNxTx0oNr+4 +hExQhJfKuPFF2NI1N2tPYJT53Cek/ZJfjX3TyBneqehthtRqoAIIEaF/QlXqzJIi +G66YFC3xFlLmaQh52DJkF2+hzcPhFTVQv3yCirGLUSS9Nm7vTO2wnnW5arZazSV+ +enRZb3oiVYFVDh0Hymz9g5VraMw= +-----END CERTIFICATE----- diff --git a/internal/certs/data/testclientkey.pem b/internal/certs/data/testclientkey.pem new file mode 100644 index 0000000..ce2726e --- /dev/null +++ b/internal/certs/data/testclientkey.pem @@ -0,0 +1,182 @@ +Public Key Info: + Public Key Algorithm: RSA + Key Security Level: High (3072 bits) + +modulus: + 00:dd:2f:65:b2:d7:b5:1c:dd:eb:5a:d1:f0:7a:2c:d0 + 11:a7:a8:26:89:5c:8c:06:01:1c:31:26:88:cc:cb:10 + 12:15:3f:8a:78:2e:10:0d:19:20:46:b2:ba:39:8e:24 + fe:2e:d3:10:7b:94:1a:4f:c1:9b:be:78:fb:ee:79:e3 + 09:a6:84:3a:af:d5:0e:3e:56:18:51:d4:af:c9:03:3f + c7:55:93:53:01:1d:6b:3c:ac:06:f3:69:72:12:93:f1 + 95:13:59:83:f4:2d:17:d0:ea:41:2a:12:90:bf:df:24 + bb:3e:ae:ae:33:94:aa:33:5f:34:44:6a:e6:79:05:ef + 12:a3:57:57:45:97:cc:55:43:03:82:d9:3e:21:7f:3e + 88:27:99:8a:c8:96:7e:fe:b6:b6:d4:34:12:2b:a2:5c + b6:a0:77:aa:ee:12:ea:02:49:58:b6:b5:5b:30:b0:2f + c7:a7:c0:08:d9:1a:39:ea:69:87:89:6b:61:b9:a7:b5 + 1f:cc:83:59:41:4b:49:ef:40:41:6e:b9:a8:2f:f1:55 + 48:28:fe:73:29:2b:60:58:54:52:9b:ef:44:cc:8e:5f + dd:64:cd:10:9f:5b:5d:88:dc:aa:0a:46:c8:85:78:e4 + 95:9b:d9:62:13:be:d7:94:cf:92:00:d7:0e:ca:91:52 + 3a:53:ac:b6:57:2c:6a:c3:e9:72:31:09:12:d9:19:8e + 98:ad:47:ec:15:38:d4:0b:a2:6b:52:b0:11:f3:36:3b + 48:bb:18:37:9b:14:98:55:12:32:92:67:23:e4:ff:48 + 3e:29:ff:40:97:ac:aa:db:30:e8:d6:42:ac:fa:15:7f + d6:1c:fc:6f:b3:01:8a:1e:4e:73:1d:81:87:af:3c:7b + 38:a9:9f:55:ae:a0:cd:48:19:49:f3:87:8f:6c:4e:39 + 1d:94:9f:d0:f0:35:ab:c8:ae:64:82:59:85:ca:66:a8 + a0:e6:a0:f2:7f:30:6f:95:75:84:8a:8f:f9:1a:b0:f0 + 81: + +public exponent: + 01:00:01: + +private exponent: + 14:ff:c0:f9:ff:bc:b4:26:e5:87:53:d3:2e:e6:3e:42 + ce:d6:0a:02:94:84:be:b5:30:46:02:50:8e:90:e0:cf + b6:b0:b7:a6:bd:48:cc:d5:8b:d8:ea:72:ff:af:dd:17 + 3c:be:d1:1b:ca:6d:cd:10:a6:86:a8:d9:d2:44:44:27 + d0:65:51:65:0c:27:34:07:dc:7b:38:64:10:03:7c:f4 + a1:cd:40:de:24:3a:e0:21:bc:ef:33:1d:9f:61:e8:57 + ac:e4:9c:c0:7b:df:7c:f8:20:83:ac:0b:8e:0b:d3:62 + eb:8a:8e:03:5b:a3:e5:08:ae:df:a7:fe:85:92:e8:a5 + ae:58:46:72:d6:fc:91:43:b1:7b:a4:c0:5f:51:c3:50 + 0d:e2:67:e8:af:51:13:41:a9:8d:ef:fb:a1:a4:e2:84 + 7c:2b:a0:50:c5:fe:ed:84:a5:25:83:86:4a:d3:0f:56 + 37:38:e6:1e:26:7d:45:22:0b:ba:22:35:be:f8:8b:1b + 72:90:13:c4:1f:c5:d1:34:b5:0e:b2:ee:f7:e1:b9:5e + a2:29:8d:f9:6e:23:4b:50:8f:35:c8:a9:f3:d2:1f:dd + ce:a0:96:50:2d:2e:af:cf:b5:e1:20:e7:e9:d2:49:ed + b5:0e:5b:3e:d1:4b:f1:fa:c2:73:3a:1b:51:34:7e:75 + 30:06:d2:47:d2:a8:2a:45:be:16:fb:8f:63:84:85:b7 + bf:f7:c4:c5:3d:95:56:8c:d1:02:7f:58:ac:4d:11:7b + c5:55:f3:c8:4e:d7:d9:aa:62:b0:e3:1e:04:5c:97:d1 + ca:e2:71:aa:8b:33:b4:34:e9:04:d4:70:7c:f4:cb:57 + 19:c1:03:23:f4:bc:4d:91:8f:b2:9a:99:1c:6c:81:2d + 4d:2d:e9:a1:e3:ce:e3:c9:62:52:89:1f:47:86:61:f1 + dd:bc:46:8d:79:0a:99:9d:aa:4b:a9:0a:72:54:db:dc + ae:48:be:60:4a:73:99:d8:3c:9e:07:78:05:df:87:39 + + +prime1: + 00:e9:63:0f:d7:49:31:27:a8:36:fe:95:bd:8d:05:c1 + 35:48:2e:03:4f:a6:57:54:3a:a4:95:3f:8e:9f:28:7c + d2:df:af:54:36:9e:7c:9f:c3:b9:64:8f:c0:b0:96:3c + aa:01:f6:9a:be:83:e2:85:20:0d:33:de:88:97:af:6f + be:3f:53:5a:a3:77:02:fd:81:17:91:3b:b2:2d:ab:78 + db:d9:43:db:04:69:82:61:30:e4:96:ac:88:8b:f6:3f + 56:c4:49:fd:d5:e5:8c:9d:30:ad:cf:d9:8d:5c:87:b5 + 27:4b:09:8e:19:ed:e2:11:3f:69:b2:47:be:70:39:11 + 41:a3:db:bb:b9:0e:e4:7b:50:d0:d2:c2:89:81:36:b9 + 6b:a6:fe:94:5b:06:66:e6:ed:86:52:42:5e:a9:0e:18 + db:18:f9:14:21:3d:e0:3c:8d:79:c3:f5:d2:cc:51:65 + fb:1c:49:ed:0a:d5:33:99:34:16:f9:1d:68:4a:78:da + 5f: + +prime2: + 00:f2:9d:ae:5f:bd:b7:a3:87:a7:8d:30:46:06:8b:15 + a9:e5:a9:58:1c:2b:3a:7e:78:35:36:56:31:42:df:46 + 87:e8:57:0d:6e:99:de:cf:fb:a8:72:16:71:4b:b3:ad + ed:74:07:cb:cf:7d:2b:12:89:66:c4:0f:8a:ea:e3:37 + 17:2c:75:92:11:7a:a6:da:29:24:33:9b:69:c2:64:68 + 03:db:31:de:fe:1d:a2:4d:9d:91:9f:f0:50:b8:8f:d0 + 22:11:b9:b0:95:98:5e:65:bf:45:97:9b:35:f2:98:27 + 46:7c:b2:86:eb:7b:8b:57:f2:c3:49:47:7d:01:4a:9a + b0:e6:67:05:e5:61:7a:ab:63:c8:cb:d8:44:69:88:72 + a5:a9:60:89:60:df:e6:d9:4d:16:2b:35:7b:20:00:f3 + 3c:d1:78:f9:22:eb:48:c3:7f:78:63:e6:34:60:48:30 + 66:02:bb:38:c2:94:2e:b9:86:b2:2f:9a:4f:17:7f:e1 + 1f: + +coefficient: + 00:93:3e:7c:b9:ea:87:52:37:fa:d5:0a:36:fb:e1:d0 + fc:62:4d:00:0b:ad:a8:fb:bd:34:53:96:c2:6c:a1:6a + 49:b7:a0:24:33:16:95:79:14:ac:bb:75:8d:78:e9:10 + fa:be:44:60:58:94:4a:9c:ba:64:1d:86:27:8b:7f:51 + 4d:80:b0:ff:7a:91:c0:4d:a4:aa:d1:f1:79:7d:8f:71 + 49:12:73:d4:44:5f:0c:2e:55:a6:d9:13:b8:3b:e5:dc + e1:14:98:7e:eb:5b:60:ad:d7:4b:da:c0:d8:3f:bf:70 + 92:53:8c:31:6a:8b:61:5e:a3:7d:ff:84:2c:7d:ed:9f + 74:29:9a:e7:14:fb:c3:ab:8e:9f:60:6a:98:ab:86:0b + ea:fb:ff:20:2f:3b:a7:76:03:3a:55:bb:b2:c6:9c:b5 + 66:36:b8:1c:7f:9b:b6:62:89:ff:6a:d6:35:58:0b:f0 + 55:27:01:f0:67:8d:88:3f:74:48:3d:bf:8c:fc:05:62 + 47: + +exp1: + 00:99:16:2d:91:dd:a4:ac:8a:9e:68:27:f8:89:c4:38 + 93:a6:a0:e7:f3:1a:fd:35:76:b1:f6:64:16:3d:37:e5 + 88:bc:c8:d8:c8:6a:f4:fc:26:fa:38:88:42:b0:92:1b + 80:b8:80:f5:c7:f9:e2:5f:c8:42:60:bf:9b:81:43:c6 + 5c:58:55:68:a2:c8:b1:e1:6f:07:f2:6f:e1:d4:2b:21 + bf:b3:a7:da:c5:ee:1f:63:79:1a:b7:ea:bc:36:72:73 + e1:8a:27:ae:a4:db:49:7c:e2:2d:60:a5:27:20:86:b3 + c0:ee:6b:7a:16:6f:ff:55:a8:ee:bf:ce:67:90:5d:1e + 80:9b:e6:ca:1f:fd:30:c9:e2:9c:d7:62:5b:a7:b2:29 + b5:ff:78:06:00:1f:16:e8:6a:ed:2c:8f:f4:5f:97:ab + 9e:2b:a7:56:18:e7:e9:6a:4e:b2:8c:63:76:be:26:b6 + 6a:1c:88:31:40:65:d0:ce:b1:68:50:47:85:dd:33:a0 + a9: + +exp2: + 00:8d:b1:5f:7c:94:ed:62:39:40:b6:a9:a1:cc:02:80 + c5:77:d6:9e:19:dd:79:4d:11:61:6a:79:8e:4d:92:de + bb:53:0b:3c:52:02:d5:69:3c:7d:95:1b:dc:51:2d:00 + 00:35:0a:b4:92:5a:74:c4:5f:b0:c0:02:9f:cc:2c:a5 + 29:08:93:25:9a:c5:ba:1a:a1:7a:7e:15:5e:ff:e3:ea + 07:8e:85:a2:c9:60:7f:40:bb:2c:a8:6f:0e:85:ab:a0 + 0f:b5:b0:70:1b:fe:1f:eb:66:78:fb:60:ef:71:de:40 + d9:de:cb:d9:16:40:52:12:2c:3a:b7:5a:63:fc:54:18 + e2:05:bd:d7:68:ae:b4:98:d2:2f:1c:36:13:46:5b:25 + 31:f1:28:eb:32:c3:b1:2b:e9:e4:6f:99:cd:6d:d4:80 + 3a:5d:d0:3c:18:93:b7:2c:4e:0e:fe:b1:1c:97:ba:b1 + 61:72:68:eb:6e:60:62:a5:81:b0:21:33:0a:cc:1b:a8 + 5b: + + +Public Key PIN: + pin-sha256:iFdBnKP/7hZCLdj7qqTtdNPFjpZGka259fSYvv3X02U= +Public Key ID: + sha256:8857419ca3ffee16422dd8fbaaa4ed74d3c58e964691adb9f5f498befdd7d365 + sha1:aac584e0e34ca0a8a5bf9641adbd3ec1d1e075e0 + +-----BEGIN RSA PRIVATE KEY----- +MIIG5QIBAAKCAYEA3S9lste1HN3rWtHweizQEaeoJolcjAYBHDEmiMzLEBIVP4p4 +LhANGSBGsro5jiT+LtMQe5QaT8Gbvnj77nnjCaaEOq/VDj5WGFHUr8kDP8dVk1MB +HWs8rAbzaXISk/GVE1mD9C0X0OpBKhKQv98kuz6urjOUqjNfNERq5nkF7xKjV1dF +l8xVQwOC2T4hfz6IJ5mKyJZ+/ra21DQSK6JctqB3qu4S6gJJWLa1WzCwL8enwAjZ +GjnqaYeJa2G5p7UfzINZQUtJ70BBbrmoL/FVSCj+cykrYFhUUpvvRMyOX91kzRCf +W12I3KoKRsiFeOSVm9liE77XlM+SANcOypFSOlOstlcsasPpcjEJEtkZjpitR+wV +ONQLomtSsBHzNjtIuxg3mxSYVRIykmcj5P9IPin/QJesqtsw6NZCrPoVf9Yc/G+z +AYoeTnMdgYevPHs4qZ9VrqDNSBlJ84ePbE45HZSf0PA1q8iuZIJZhcpmqKDmoPJ/ +MG+VdYSKj/kasPCBAgMBAAECggGAFP/A+f+8tCblh1PTLuY+Qs7WCgKUhL61MEYC +UI6Q4M+2sLemvUjM1YvY6nL/r90XPL7RG8ptzRCmhqjZ0kREJ9BlUWUMJzQH3Hs4 +ZBADfPShzUDeJDrgIbzvMx2fYehXrOScwHvffPggg6wLjgvTYuuKjgNbo+UIrt+n +/oWS6KWuWEZy1vyRQ7F7pMBfUcNQDeJn6K9RE0Gpje/7oaTihHwroFDF/u2EpSWD +hkrTD1Y3OOYeJn1FIgu6IjW++IsbcpATxB/F0TS1DrLu9+G5XqIpjfluI0tQjzXI +qfPSH93OoJZQLS6vz7XhIOfp0knttQ5bPtFL8frCczobUTR+dTAG0kfSqCpFvhb7 +j2OEhbe/98TFPZVWjNECf1isTRF7xVXzyE7X2apisOMeBFyX0cricaqLM7Q06QTU +cHz0y1cZwQMj9LxNkY+ympkcbIEtTS3poePO48liUokfR4Zh8d28Ro15Cpmdqkup +CnJU29yuSL5gSnOZ2DyeB3gF34c5AoHBAOljD9dJMSeoNv6VvY0FwTVILgNPpldU +OqSVP46fKHzS369UNp58n8O5ZI/AsJY8qgH2mr6D4oUgDTPeiJevb74/U1qjdwL9 +gReRO7Itq3jb2UPbBGmCYTDklqyIi/Y/VsRJ/dXljJ0wrc/ZjVyHtSdLCY4Z7eIR +P2myR75wORFBo9u7uQ7ke1DQ0sKJgTa5a6b+lFsGZubthlJCXqkOGNsY+RQhPeA8 +jXnD9dLMUWX7HEntCtUzmTQW+R1oSnjaXwKBwQDyna5fvbejh6eNMEYGixWp5alY +HCs6fng1NlYxQt9Gh+hXDW6Z3s/7qHIWcUuzre10B8vPfSsSiWbED4rq4zcXLHWS +EXqm2ikkM5tpwmRoA9sx3v4dok2dkZ/wULiP0CIRubCVmF5lv0WXmzXymCdGfLKG +63uLV/LDSUd9AUqasOZnBeVheqtjyMvYRGmIcqWpYIlg3+bZTRYrNXsgAPM80Xj5 +IutIw394Y+Y0YEgwZgK7OMKULrmGsi+aTxd/4R8CgcEAmRYtkd2krIqeaCf4icQ4 +k6ag5/Ma/TV2sfZkFj035Yi8yNjIavT8Jvo4iEKwkhuAuID1x/niX8hCYL+bgUPG +XFhVaKLIseFvB/Jv4dQrIb+zp9rF7h9jeRq36rw2cnPhiieupNtJfOItYKUnIIaz +wO5rehZv/1Wo7r/OZ5BdHoCb5sof/TDJ4pzXYlunsim1/3gGAB8W6GrtLI/0X5er +niunVhjn6WpOsoxjdr4mtmociDFAZdDOsWhQR4XdM6CpAoHBAI2xX3yU7WI5QLap +ocwCgMV31p4Z3XlNEWFqeY5Nkt67Uws8UgLVaTx9lRvcUS0AADUKtJJadMRfsMAC +n8wspSkIkyWaxboaoXp+FV7/4+oHjoWiyWB/QLssqG8OhaugD7WwcBv+H+tmePtg +73HeQNney9kWQFISLDq3WmP8VBjiBb3XaK60mNIvHDYTRlslMfEo6zLDsSvp5G+Z +zW3UgDpd0DwYk7csTg7+sRyXurFhcmjrbmBipYGwITMKzBuoWwKBwQCTPny56odS +N/rVCjb74dD8Yk0AC62o+700U5bCbKFqSbegJDMWlXkUrLt1jXjpEPq+RGBYlEqc +umQdhieLf1FNgLD/epHATaSq0fF5fY9xSRJz1ERfDC5VptkTuDvl3OEUmH7rW2Ct +10vawNg/v3CSU4wxaothXqN9/4Qsfe2fdCma5xT7w6uOn2BqmKuGC+r7/yAvO6d2 +AzpVu7LGnLVmNrgcf5u2Yon/atY1WAvwVScB8GeNiD90SD2/jPwFYkc= +-----END RSA PRIVATE KEY----- diff --git a/internal/filter/filter_test.go b/internal/filter/filter_test.go new file mode 100644 index 0000000..14bcc59 --- /dev/null +++ b/internal/filter/filter_test.go @@ -0,0 +1,39 @@ +// This file is Free Software under the MIT License +// without warranty, see README.md and LICENSES/MIT.txt for details. +// +// SPDX-License-Identifier: MIT +// +// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) +// Software-Engineering: 2023 Intevation GmbH + +package filter + +import ( + "testing" +) + +// TestNewPatternMatcher tests if NewPatternMatcher recognizes +// whether a set of sample regular expressions is valid +func TestNewPatternMatcher(t *testing.T) { + var regex []string + if pm, err := NewPatternMatcher(regex); pm == nil || err != nil { + t.Errorf("Failure: Did not compile valid regex pattern") + } + regex = append(regex, "++") + if pm, err := NewPatternMatcher(regex); pm != nil || err == nil { + t.Errorf("Failure: No error returned at invalid compile pattern") + } +} + +// TestMatches tests if Matches returns whether a given string +// matches a sample of the expressions correctly. +func TestMatches(t *testing.T) { + regex := []string{"a"} + pm, _ := NewPatternMatcher(regex) + if !pm.Matches("a") { + t.Errorf("Failure: Did not match two identical strings") + } + if pm.Matches("b") { + t.Errorf("Failure: Matched two non-matching strings") + } +} diff --git a/internal/misc/mime_test.go b/internal/misc/mime_test.go new file mode 100644 index 0000000..bd5a31c --- /dev/null +++ b/internal/misc/mime_test.go @@ -0,0 +1,25 @@ +// This file is Free Software under the MIT License +// without warranty, see README.md and LICENSES/MIT.txt for details. +// +// SPDX-License-Identifier: MIT +// +// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) +// Software-Engineering: 2023 Intevation GmbH + +package misc + +import ( + "io" + "mime/multipart" + "testing" +) + +// TestCreateFormFile tests if CreateFormFile throws an error when creating +// a FormFile +func TestCreateFormFile(t *testing.T) { + writer := multipart.NewWriter(io.Discard) + + if _, err := CreateFormFile(writer, "csaf", "data", "application/json"); err != nil { + t.Errorf("Failure: failed to create an io.Writer via CreateFormFile") + } +} diff --git a/internal/models/models.go b/internal/models/models.go index 3b834fe..fad85c3 100644 --- a/internal/models/models.go +++ b/internal/models/models.go @@ -28,6 +28,14 @@ func NewTimeInterval(a, b time.Time) TimeRange { return TimeRange{a, b} } +// Year returns the time range for a given year. +func Year(year int) TimeRange { + return TimeRange{ + time.Date(year, time.January, 1, 0, 0, 0, 0, time.UTC), + time.Date(year, time.December, 31, 23, 59, 59, int(time.Second-time.Nanosecond), time.UTC), + } +} + // guessDate tries to guess an RFC 3339 date time from a given string. func guessDate(s string) (time.Time, bool) { for _, layout := range []string{ @@ -100,3 +108,8 @@ func (tr *TimeRange) UnmarshalFlag(s string) error { func (tr TimeRange) Contains(t time.Time) bool { return !(t.Before(tr[0]) || t.After(tr[1])) } + +// Intersects returns true if the two time ranges intersects. +func (tr TimeRange) Intersects(other TimeRange) bool { + return !(other[1].Before(tr[0]) || tr[1].Before(other[0])) +} diff --git a/internal/models/models_test.go b/internal/models/models_test.go new file mode 100644 index 0000000..ffbcb9c --- /dev/null +++ b/internal/models/models_test.go @@ -0,0 +1,168 @@ +// This file is Free Software under the MIT License +// without warranty, see README.md and LICENSES/MIT.txt for details. +// +// SPDX-License-Identifier: MIT +// +// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) +// Software-Engineering: 2023 Intevation GmbH + +package models + +import ( + "testing" + "time" +) + +// TestNewTimeInterval tests the creation of time intervals via NewTimeInterval() +func TestNewTimeInterval(t *testing.T) { + var ( + before = time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC) + after = time.Date(2010, time.November, 10, 23, 0, 0, 0, time.UTC) + pseudoTimeRange = TimeRange{before, after} + ) + if NewTimeInterval(after, before) != pseudoTimeRange { + t.Errorf("Failure: Couldn't generate timerange.") + } +} + +// TestGuessDate tests whether a sample of strings are correctly parsed into Dates by guessDate() +func TestGuessDate(t *testing.T) { + if _, guess := guessDate("2006-01-02T15:04:05"); !guess { + t.Errorf("Failure: Could not guess valid Date from valid string") + } + if _, guess := guessDate("2006"); !guess { + t.Errorf("Failure: Could not guess valid Date from valid string") + } + if _, guess := guessDate("2006-01-02"); !guess { + t.Errorf("Failure: Could not guess valid Date from valid string") + } + + if _, guess := guessDate(""); guess { + t.Errorf("Failure: Guessed Date from invalid string") + } +} + +// TestUnmarshalText tests whether UnmarshalText() correctly unmarshals a sample of byteSlices +func TestUnmarshalText(t *testing.T) { + testTimeRange := NewTimeInterval( + time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC), + time.Date(2010, time.November, 10, 23, 0, 0, 0, time.UTC)) + byteSlice := []byte{'3', 'h'} + var emptySlice []byte + if testTimeRange.UnmarshalText(byteSlice) != nil { + t.Errorf(testTimeRange.UnmarshalText(byteSlice).Error()) + } + if testTimeRange.UnmarshalText(emptySlice) == nil { + t.Errorf("Failure: UnmarshalText succeeded on invalid slice of bytes.") + } +} + +// TestMarshalJSON tests whether MarshalJSON() correctly marshals a sample TimeRange +func TestMarshalJSON(t *testing.T) { + testTimeRange := NewTimeInterval( + time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC), + time.Date(2010, time.November, 10, 23, 0, 0, 0, time.UTC)) + if _, err := testTimeRange.MarshalJSON(); err != nil { + t.Errorf("Failure: %v", err) + } +} + +// TestUnmarshalFlag tests whether UnmarshalFlag() correctly extracts time from a given timeRange string. +func TestUnmarshalFlag(t *testing.T) { + testTimeRange := NewTimeInterval( + time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC), + time.Date(2010, time.November, 10, 23, 0, 0, 0, time.UTC)) + if err := testTimeRange.UnmarshalFlag("3h"); err != nil { + t.Errorf(err.Error()) + } + if err := testTimeRange.UnmarshalFlag("2006-01-02T15:04:05"); err != nil { + t.Errorf(err.Error()) + } + if err := testTimeRange.UnmarshalFlag("2006-01-02T15:04:05a"); err == nil { + t.Errorf("Failure: Extracted time from invalid string") + } + if err := testTimeRange.UnmarshalFlag("2006-01-02T15:04:05a, 2007-01-02T15:04:05"); err == nil { + t.Errorf("Failure: Extracted time from invalid string") + } + if err := testTimeRange.UnmarshalFlag("2006-01-02T15:04:05, 2007-01-02T15:04:05a"); err == nil { + t.Errorf("Failure: Extracted time from invalid string") + } + if err := testTimeRange.UnmarshalFlag("2006-01-02T15:04:05, 2007-01-02T15:04:05"); err != nil { + t.Errorf(err.Error()) + } +} + +// TestContains tests whether Contains() correctly identifies a sample of points in time to be within +// a timerange or not. +func TestContains(t *testing.T) { + testTimeRange := NewTimeInterval( + time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC), + time.Date(2010, time.November, 10, 23, 0, 0, 0, time.UTC)) + testPointInTime := time.Date(2010, time.March, 10, 23, 0, 0, 0, time.UTC) + testPointAfterTime := time.Date(2022, time.March, 10, 23, 0, 0, 0, time.UTC) + testPointBeforeTime := time.Date(2002, time.March, 10, 23, 0, 0, 0, time.UTC) + if !testTimeRange.Contains(testPointInTime) { + t.Errorf("Failure: Did not recognize point within timerange correctly.") + } + if testTimeRange.Contains(testPointAfterTime) { + t.Errorf("Failure: Did not recognize that a point in time was after a timerange correctly.") + } + if testTimeRange.Contains(testPointBeforeTime) { + t.Errorf("Failure: Did not recognize that a point in time was before a timerange correctly.") + } +} + +// TestTimeRangeIntersects checks if TimeRange.Intersects works. +func TestTimeRangeIntersects(t *testing.T) { + var ( + a = time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC) + b = a.AddDate(0, 0, 10) + c = b.AddDate(0, 0, 10) + d = c.AddDate(0, 0, 10) + ) + for _, x := range []struct { + ranges [2]TimeRange + expected bool + }{ + {ranges: [2]TimeRange{{a, b}, {a, b}}, expected: true}, // equal + {ranges: [2]TimeRange{{a, b}, {c, d}}, expected: false}, // disjoint + {ranges: [2]TimeRange{{a, b}, {b, c}}, expected: true}, // touching + {ranges: [2]TimeRange{{a, c}, {b, d}}, expected: true}, // overlapping + {ranges: [2]TimeRange{{a, d}, {b, c}}, expected: true}, // containing + {ranges: [2]TimeRange{{a, b}, {a, c}}, expected: true}, // containing touch left + {ranges: [2]TimeRange{{b, c}, {a, c}}, expected: true}, // containing touch right + } { + got1 := x.ranges[0].Intersects(x.ranges[1]) + got2 := x.ranges[1].Intersects(x.ranges[0]) + if got1 != got2 { + t.Fatalf("intersecting %v is not commutative", x.ranges) + } + if got1 != x.expected { + t.Fatalf("%v: got %t expected %t", x.ranges, got1, x.expected) + } + } +} + +// TestTimeRangeYear checks if the Year construction works. +func TestTimeRangeYear(t *testing.T) { + var ( + year = Year(1984) + first = time.Date(1984, time.January, 1, 0, 0, 0, 0, time.UTC) + before = first.Add(-time.Nanosecond) + after = time.Date(1984+1, time.January, 1, 0, 0, 0, 0, time.UTC) + last = after.Add(-time.Nanosecond) + ) + for _, x := range []struct { + t time.Time + expected bool + }{ + {t: first, expected: true}, + {t: before, expected: false}, + {t: last, expected: true}, + {t: after, expected: false}, + } { + if got := year.Contains(x.t); got != x.expected { + t.Fatalf("%v: got %t expected %t", x.t, got, x.expected) + } + } +} diff --git a/internal/options/data/config.toml b/internal/options/data/config.toml new file mode 100644 index 0000000..4997225 --- /dev/null +++ b/internal/options/data/config.toml @@ -0,0 +1 @@ +Test = "data/config.toml" diff --git a/internal/options/data/config_plus.toml b/internal/options/data/config_plus.toml new file mode 100644 index 0000000..a7c600c --- /dev/null +++ b/internal/options/data/config_plus.toml @@ -0,0 +1,2 @@ +Test = "data/config_plus.toml" +surplus = true diff --git a/internal/options/data/empty.toml b/internal/options/data/empty.toml new file mode 100644 index 0000000..b852bc0 --- /dev/null +++ b/internal/options/data/empty.toml @@ -0,0 +1 @@ +# Empty but valid config file diff --git a/internal/options/log.go b/internal/options/log.go new file mode 100644 index 0000000..c8e828d --- /dev/null +++ b/internal/options/log.go @@ -0,0 +1,33 @@ +// This file is Free Software under the MIT License +// without warranty, see README.md and LICENSES/MIT.txt for details. +// +// SPDX-License-Identifier: MIT +// +// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) +// Software-Engineering: 2023 Intevation GmbH + +package options + +import ( + "log/slog" + "strings" +) + +// LogLevel implements a helper type to be used in configurations. +type LogLevel struct{ slog.Level } + +// MarshalFlag implements [flags.Marshaler]. +func (ll LogLevel) MarshalFlag() (string, error) { + t, err := ll.MarshalText() + return strings.ToLower(string(t)), err +} + +// UnmarshalFlag implements [flags.Unmarshaler]. +func (ll *LogLevel) UnmarshalFlag(value string) error { + var l slog.Level + if err := l.UnmarshalText([]byte(value)); err != nil { + return err + } + *ll = LogLevel{Level: l} + return nil +} diff --git a/internal/options/log_test.go b/internal/options/log_test.go new file mode 100644 index 0000000..6c93865 --- /dev/null +++ b/internal/options/log_test.go @@ -0,0 +1,49 @@ +// This file is Free Software under the MIT License +// without warranty, see README.md and LICENSES/MIT.txt for details. +// +// SPDX-License-Identifier: MIT +// +// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) +// Software-Engineering: 2023 Intevation GmbH + +package options + +import ( + "log/slog" + "testing" +) + +func TestMarshalFlag(t *testing.T) { + ll := LogLevel{Level: slog.LevelInfo} + got, err := ll.MarshalFlag() + if err != nil { + t.Fatal(err) + } + if got != "info" { + t.Fatalf("got %q expected \"info\"", got) + } +} + +func TestUnmarshalFlag(t *testing.T) { + for _, x := range []struct { + input string + expect slog.Level + }{ + {input: "debug", expect: slog.LevelDebug}, + {input: "info", expect: slog.LevelInfo}, + {input: "warn", expect: slog.LevelWarn}, + {input: "error", expect: slog.LevelError}, + } { + var ll LogLevel + if err := ll.UnmarshalFlag(x.input); err != nil { + t.Fatalf("%q error: %v", x.input, err) + } + if ll.Level != x.expect { + t.Fatalf("%q: got %s expected %s", x.input, ll.Level, x.expect) + } + } + var ll LogLevel + if err := ll.UnmarshalFlag("invalid"); err == nil { + t.Fatal(`"invalid" should return an error`) + } +} diff --git a/internal/options/options.go b/internal/options/options.go index bead99d..961b4b4 100644 --- a/internal/options/options.go +++ b/internal/options/options.go @@ -3,8 +3,8 @@ // // SPDX-License-Identifier: MIT // -// SPDX-FileCopyrightText: 2022 German Federal Office for Information Security (BSI) -// Software-Engineering: 2022 Intevation GmbH +// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) +// Software-Engineering: 2023 Intevation GmbH // Package options contains helpers to handle command line options and config files. package options @@ -18,7 +18,7 @@ import ( "github.com/jessevdk/go-flags" "github.com/mitchellh/go-homedir" - "github.com/csaf-poc/csaf_distribution/v2/util" + "github.com/csaf-poc/csaf_distribution/v3/util" ) // Parser helps parsing command line arguments and loading diff --git a/internal/options/options_test.go b/internal/options/options_test.go new file mode 100644 index 0000000..3feba93 --- /dev/null +++ b/internal/options/options_test.go @@ -0,0 +1,206 @@ +// This file is Free Software under the MIT License +// without warranty, see README.md and LICENSES/MIT.txt for details. +// +// SPDX-License-Identifier: MIT +// +// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) +// Software-Engineering: 2023 Intevation GmbH + +package options + +import ( + "errors" + "fmt" + "os" + "os/exec" + "testing" +) + +type config struct { + Test string `long:"Test" description:"Test config struct"` + Version bool `long:"version" description:"test print version"` + ConfigLocation string `long:"configlocation" description:"test location"` +} + +// TestParse helps parsing command line arguments and loading +// stored configurations from file. +func TestParse(t *testing.T) { + orig := os.Args + defer func() { os.Args = orig }() + + os.Args = []string{"cmd"} + defaultConfigLocation := []string{"data/config.toml"} + p := Parser[config]{ + DefaultConfigLocations: defaultConfigLocation, + ConfigLocation: func(cfg *config) string { + return cfg.ConfigLocation + }, + Usage: "[OPTIONS] domain...", + HasVersion: func(cfg *config) bool { return cfg.Version }, + SetDefaults: func(cfg *config) { + }, + // Re-establish default values if not set. + EnsureDefaults: func(cfg *config) { + }, + } + + // Test searching for data/config.toml as config file + if _, _, err := p.Parse(); err != nil { + t.Errorf("Failure: Valid Parser using config location failed.") + } + + // Test invalid flag + os.Args = []string{"cmd", "--invalid"} + fmt.Println("The following test should produce a warning.") + if _, _, err := p.Parse(); err == nil { + t.Errorf("Failure: Parsed invalid flag 'invalid'") + } + + // Test with no default location; no config is loaded + var emptyLocation []string + p.DefaultConfigLocations = emptyLocation + os.Args = []string{"cmd"} + if _, _, err := p.Parse(); err != nil { + t.Errorf("Failure: Valid Parser without config location failed: %s", err.Error()) + } + + // Test failing to load TOML file + os.Args = []string{"cmd", "--configlocation=data/config_surplus.toml"} + if _, _, err := p.Parse(); err == nil { + t.Errorf("Failure: Parsed invalid toml file.") + } + + // Test failing to expand Path + os.Args = []string{"cmd", "--configlocation=~~"} + if _, _, err := p.Parse(); err == nil { + t.Errorf("Failure: Invalid path expanded.") + } + + // os.exit tests start here + // test the help flag + // if TEST_HELP was set, try parsing the help flag + if os.Getenv("TEST_HELP") == "1" { + os.Args = []string{"cmd", "--help"} + p.Parse() + return + } + + // Build subprocess that can be exited + cmd := exec.Command(orig[0], "-test.run=TestParse") + cmd.Env = append(os.Environ(), "TEST_HELP=1") + err := cmd.Run() + if err != nil { + t.Fatalf(err.Error()) + } + + // test the version flag + if os.Getenv("TEST_VERSION") == "1" { + os.Args = []string{"cmd", "--version"} + p.Parse() + return + } + + cmd = exec.Command(orig[0], "-test.run=TestParse") + cmd.Env = append(os.Environ(), "TEST_VERSION=1") + err = cmd.Run() + if err != nil { + t.Fatalf(err.Error()) + } +} + +// TestFindConfigFile tests if findConfigFile() correctly finds existing and +// doesn't find nonexisting config files +func TestFindConfigFile(t *testing.T) { + locations := []string{"data/config.toml"} + notLocation := []string{"notomllocation"} + errorExpandLocation := []string{"~~"} + + if findConfigFile(locations) != "data/config.toml" { + t.Errorf("Failure: Couldn't find existing toml file in specified location") + } + if !(findConfigFile(notLocation) == "") { + t.Errorf("Failure: Supposedly found configuration file in nonexistant location") + } + fmt.Println("The following test should produce a warning.") + if !(findConfigFile(errorExpandLocation) == "") { + t.Errorf("Failure: Supposedly found configuration file in nonexistant location") + } +} + +// TestLoadToml tests if loadTOML() can correctly load TOML files +func TestLoadToml(t *testing.T) { + var cfg config + if err := loadTOML(&cfg, "data/nonexistant.toml"); err.Error() != "open "+ + "data/nonexistant.toml: no such file or directory" { + t.Errorf("Failure: Didn't throw the correct " + + "error on trying to load nonexistant file") + } + const errMsg = `could not parse ["surplus"] from "data/config_plus.toml"` + if err := loadTOML(&cfg, "data/config_plus.toml"); err.Error() != errMsg { + t.Errorf("Failure: Succeeded in parsing nonexistant parameter") + } + if err := loadTOML(&cfg, "data/config.toml"); err != nil { + t.Errorf(err.Error()) + } +} + +// TestErrorCheck checks whether the ErrorChecker correctly logs a fatal error +func TestErrorCheck(t *testing.T) { + if os.Getenv("TEST_ERROR") == "1" { + ErrorCheck(errors.New("succesful")) + return + } + cmd := exec.Command(os.Args[0], "-test.run=TestErrorCheck") + cmd.Env = append(os.Environ(), "TEST_ERROR=1") + err := cmd.Run() + if e, ok := err.(*exec.ExitError); ok && !e.Success() { + return + } + t.Fatalf("process ran with err %v, want exit status 1", err) + +} + +// TestSecondPassCommandlineParsing checks if the second pass +// of the command line passing is error checked. +func TestSecondPassCommandlineParsing(t *testing.T) { + orig := os.Args + defer func() { os.Args = orig }() + + os.Args = []string{"cmd"} + p := Parser[config]{ + ConfigLocation: func(cfg *config) string { + // This is a bit stupid. + os.Args = []string{"cmd", "--invalid"} + return "data/empty.toml" + }, + } + if _, _, err := p.Parse(); err == nil { + t.Fatalf("Second command line parsing pass did not fail.\n") + } +} + +// TestSecondPassCommandlineHelp triggers the help output in the +// second pass of the command line parsing. +func TestSecondPassCommandlineHelp(t *testing.T) { + if os.Getenv("TEST_ERROR") == "1" { + orig := os.Args + defer func() { os.Args = orig }() + + os.Args = []string{"cmd"} + p := Parser[config]{ + ConfigLocation: func(cfg *config) string { + // This is a bit stupid. + os.Args = []string{"cmd", "--help"} + return "data/empty.toml" + }, + } + p.Parse() + t.Fatalf("Second command line parsing pass help should not reach this.\n") + return + } + cmd := exec.Command(os.Args[0], "-test.run=TestSecondPassCommandlineHelp") + cmd.Env = append(os.Environ(), "TEST_ERROR=1") + if err := cmd.Run(); err != nil { + t.Fatalf("process ran with err %v", err) + } +} diff --git a/util/client.go b/util/client.go index 2f54032..239f8ec 100644 --- a/util/client.go +++ b/util/client.go @@ -31,6 +31,7 @@ type Client interface { // LoggingClient is a client that logs called URLs. type LoggingClient struct { Client + Log func(method, url string) } // LimitingClient is a Client implementing rate throttling. @@ -97,33 +98,42 @@ func (hc *HeaderClient) PostForm(url string, data url.Values) (*http.Response, e url, "application/x-www-form-urlencoded", strings.NewReader(data.Encode())) } +// log logs to a callback if given. +func (lc *LoggingClient) log(method, url string) { + if lc.Log != nil { + lc.Log(method, url) + } else { + log.Printf("[%s]: %s\n", method, url) + } +} + // Do implements the respective method of the Client interface. func (lc *LoggingClient) Do(req *http.Request) (*http.Response, error) { - log.Printf("[DO]: %s\n", req.URL.String()) + lc.log("DO", req.URL.String()) return lc.Client.Do(req) } // Get implements the respective method of the Client interface. func (lc *LoggingClient) Get(url string) (*http.Response, error) { - log.Printf("[GET]: %s\n", url) + lc.log("GET", url) return lc.Client.Get(url) } // Head implements the respective method of the Client interface. func (lc *LoggingClient) Head(url string) (*http.Response, error) { - log.Printf("[HEAD]: %s\n", url) + lc.log("HEAD", url) return lc.Client.Head(url) } // Post implements the respective method of the Client interface. func (lc *LoggingClient) Post(url, contentType string, body io.Reader) (*http.Response, error) { - log.Printf("[POST]: %s\n", url) + lc.log("POST", url) return lc.Client.Post(url, contentType, body) } // PostForm implements the respective method of the Client interface. func (lc *LoggingClient) PostForm(url string, data url.Values) (*http.Response, error) { - log.Printf("[POST FORM]: %s\n", url) + lc.log("POST FORM", url) return lc.Client.PostForm(url, data) } diff --git a/util/file_test.go b/util/file_test.go index b224a31..aafce6d 100644 --- a/util/file_test.go +++ b/util/file_test.go @@ -1,3 +1,11 @@ +// This file is Free Software under the MIT License +// without warranty, see README.md and LICENSES/MIT.txt for details. +// +// SPDX-License-Identifier: MIT +// +// SPDX-FileCopyrightText: 2022 German Federal Office for Information Security (BSI) +// Software-Engineering: 2022 Intevation GmbH + package util import (