Add type to checker messages

* Add a type to checker messages, so the results can be interpreted better. Especially the difference between warning and errors can be used.
2025-12-22 18:15:42 +01:00 · 2022-06-09 12:26:19 +02:00 · 2022-06-09 12:26:19 +02:00 · c09e5f66f3
commit c09e5f66f3
parent 19d39b85d3
5 changed files with 182 additions and 110 deletions
--- a/cmd/csaf_checker/links.go
+++ b/cmd/csaf_checker/links.go
@ -53,11 +53,11 @@ func (pgs pages) listed(path string, pro *processor) (bool, error) {
 	pro.badDirListings.use()
 	if err != nil {
-		pro.badDirListings.add("Fetching %s failed: %v", base, err)
+		pro.badDirListings.error("Fetching %s failed: %v", base, err)
 		return false, errContinue
 	}
 	if res.StatusCode != http.StatusOK {
-		pro.badDirListings.add("Fetching %s failed. Status code %d (%s)",
+		pro.badDirListings.error("Fetching %s failed. Status code %d (%s)",
 			base, res.StatusCode, res.Status)
 		return false, errContinue
 	}
--- a/cmd/csaf_checker/processor.go
+++ b/cmd/csaf_checker/processor.go
@ -37,7 +37,7 @@ import (
 )
 // topicMessages stores the collected topicMessages for a specific topic.
-type topicMessages []string
+type topicMessages []Message
 type processor struct {
 	opts   *options
@ -120,14 +120,29 @@ func (wt whereType) String() string {
 }
 // add adds a message to this topic.
-func (m *topicMessages) add(format string, args ...interface{}) {
+func (m *topicMessages) add(typ MessageType, format string, args ...interface{}) {
-	*m = append(*m, fmt.Sprintf(format, args...))
+	*m = append(*m, Message{Type: typ, Text: fmt.Sprintf(format, args...)})
 }
 // error adds an error message to this topic.
 func (m *topicMessages) error(format string, args ...interface{}) {
 	m.add(ErrorType, format, args...)
 }
 // warn adds a warning message to this topic.
 func (m *topicMessages) warn(format string, args ...interface{}) {
 	m.add(WarnType, format, args...)
 }
 // info adds an info message to this topic.
 func (m *topicMessages) info(format string, args ...interface{}) {
 	m.add(InfoType, format, args...)
 }
 // use signals that we going to use this topic.
 func (m *topicMessages) use() {
 	if *m == nil {
-		*m = []string{}
+		*m = []Message{}
 	}
 }
@ -318,7 +333,7 @@ func (p *processor) integrity(
 	files []string,
 	base string,
 	mask whereType,
-	lg func(string, ...interface{}),
+	lg func(MessageType, string, ...interface{}),
 ) error {
 	b, err := url.Parse(base)
 	if err != nil {
@ -331,7 +346,7 @@ func (p *processor) integrity(
 	for _, f := range files {
 		fp, err := url.Parse(f)
 		if err != nil {
-			lg("Bad URL %s: %v", f, err)
+			lg(ErrorType, "Bad URL %s: %v", f, err)
 			continue
 		}
 		u := b.ResolveReference(fp).String()
@ -341,11 +356,11 @@ func (p *processor) integrity(
 		p.checkTLS(u)
 		res, err := client.Get(u)
 		if err != nil {
-			lg("Fetching %s failed: %v.", u, err)
+			lg(ErrorType, "Fetching %s failed: %v.", u, err)
 			continue
 		}
 		if res.StatusCode != http.StatusOK {
-			lg("Fetching %s failed: Status code %d (%s)",
+			lg(ErrorType, "Fetching %s failed: Status code %d (%s)",
 				u, res.StatusCode, res.Status)
 			continue
 		}
@ -362,17 +377,17 @@ func (p *processor) integrity(
 			tee := io.TeeReader(res.Body, hasher)
 			return json.NewDecoder(tee).Decode(&doc)
 		}(); err != nil {
-			lg("Reading %s failed: %v", u, err)
+			lg(ErrorType, "Reading %s failed: %v", u, err)
 			continue
 		}
 		errors, err := csaf.ValidateCSAF(doc)
 		if err != nil {
-			lg("Failed to validate %s: %v", u, err)
+			lg(ErrorType, "Failed to validate %s: %v", u, err)
 			continue
 		}
 		if len(errors) > 0 {
-			lg("CSAF file %s has %d validation errors.", u, len(errors))
+			lg(ErrorType, "CSAF file %s has %d validation errors.", u, len(errors))
 		}
 		// Check if file is in the right folder.
@ -380,17 +395,17 @@ func (p *processor) integrity(
 		if date, err := p.expr.Eval(
 			`$.document.tracking.initial_release_date`, doc); err != nil {
-			p.badFolders.add(
+			p.badFolders.error(
 				"Extracting 'initial_release_date' from %s failed: %v", u, err)
 		} else if text, ok := date.(string); !ok {
-			p.badFolders.add("'initial_release_date' is not a string in %s", u)
+			p.badFolders.error("'initial_release_date' is not a string in %s", u)
 		} else if d, err := time.Parse(time.RFC3339, text); err != nil {
-			p.badFolders.add(
+			p.badFolders.error(
 				"Parsing 'initial_release_date' as RFC3339 failed in %s: %v", u, err)
 		} else if m := yearFromURL.FindStringSubmatch(u); m == nil {
-			p.badFolders.add("No year folder found in %s", u)
+			p.badFolders.error("No year folder found in %s", u)
 		} else if year, _ := strconv.Atoi(m[1]); d.UTC().Year() != year {
-			p.badFolders.add("%s should be in folder %d", u, d.UTC().Year())
+			p.badFolders.error("%s should be in folder %d", u, d.UTC().Year())
 		}
 		// Check hashes
@ -406,11 +421,11 @@ func (p *processor) integrity(
 			hashFile := u + "." + x.ext
 			p.checkTLS(hashFile)
 			if res, err = client.Get(hashFile); err != nil {
-				p.badIntegrities.add("Fetching %s failed: %v.", hashFile, err)
+				p.badIntegrities.error("Fetching %s failed: %v.", hashFile, err)
 				continue
 			}
 			if res.StatusCode != http.StatusOK {
-				p.badIntegrities.add("Fetching %s failed: Status code %d (%s)",
+				p.badIntegrities.error("Fetching %s failed: Status code %d (%s)",
 					hashFile, res.StatusCode, res.Status)
 				continue
 			}
@ -419,15 +434,15 @@ func (p *processor) integrity(
 				return util.HashFromReader(res.Body)
 			}()
 			if err != nil {
-				p.badIntegrities.add("Reading %s failed: %v.", hashFile, err)
+				p.badIntegrities.error("Reading %s failed: %v.", hashFile, err)
 				continue
 			}
 			if len(h) == 0 {
-				p.badIntegrities.add("No hash found in %s.", hashFile)
+				p.badIntegrities.error("No hash found in %s.", hashFile)
 				continue
 			}
 			if !bytes.Equal(h, x.hash) {
-				p.badIntegrities.add("%s hash of %s does not match %s.",
+				p.badIntegrities.error("%s hash of %s does not match %s.",
 					strings.ToUpper(x.ext), u, hashFile)
 			}
 		}
@ -439,11 +454,11 @@ func (p *processor) integrity(
 		p.badSignatures.use()
 		if res, err = client.Get(sigFile); err != nil {
-			p.badSignatures.add("Fetching %s failed: %v.", sigFile, err)
+			p.badSignatures.error("Fetching %s failed: %v.", sigFile, err)
 			continue
 		}
 		if res.StatusCode != http.StatusOK {
-			p.badSignatures.add("Fetching %s failed: status code %d (%s)",
+			p.badSignatures.error("Fetching %s failed: status code %d (%s)",
 				sigFile, res.StatusCode, res.Status)
 			continue
 		}
@ -457,7 +472,7 @@ func (p *processor) integrity(
 			return crypto.NewPGPSignatureFromArmored(string(all))
 		}()
 		if err != nil {
-			p.badSignatures.add("Loading signature from %s failed: %v.",
+			p.badSignatures.error("Loading signature from %s failed: %v.",
 				sigFile, err)
 			continue
 		}
@ -473,7 +488,7 @@ func (p *processor) integrity(
 				}
 			}
 			if !verified {
-				p.badSignatures.add("Signature of %s could not be verified.", u)
+				p.badSignatures.error("Signature of %s could not be verified.", u)
 			}
 		}
 	}
@ -484,11 +499,11 @@ func (p *processor) processROLIEFeed(feed string) error {
 	client := p.httpClient()
 	res, err := client.Get(feed)
 	if err != nil {
-		p.badProviderMetadata.add("Cannot fetch feed %s: %v", feed, err)
+		p.badProviderMetadata.error("Cannot fetch feed %s: %v", feed, err)
 		return errContinue
 	}
 	if res.StatusCode != http.StatusOK {
-		p.badProviderMetadata.add("Fetching %s failed. Status code %d (%s)",
+		p.badProviderMetadata.error("Fetching %s failed. Status code %d (%s)",
 			feed, res.StatusCode, res.Status)
 		return errContinue
 	}
@ -509,7 +524,7 @@ func (p *processor) processROLIEFeed(feed string) error {
 	}()
 	if err != nil {
-		p.badProviderMetadata.add("Loading ROLIE feed failed: %v.", err)
+		p.badProviderMetadata.error("Loading ROLIE feed failed: %v.", err)
 		return errContinue
 	}
 	errors, err := csaf.ValidateROLIE(rolieDoc)
@ -517,15 +532,15 @@ func (p *processor) processROLIEFeed(feed string) error {
 		return err
 	}
 	if len(errors) > 0 {
-		p.badProviderMetadata.add("%s: Validating against JSON schema failed:", feed)
+		p.badProviderMetadata.error("%s: Validating against JSON schema failed:", feed)
 		for _, msg := range errors {
-			p.badProviderMetadata.add(strings.ReplaceAll(msg, `%`, `%%`))
+			p.badProviderMetadata.error(strings.ReplaceAll(msg, `%`, `%%`))
 		}
 	}
 	base, err := util.BaseURL(feed)
 	if err != nil {
-		p.badProviderMetadata.add("Bad base path: %v", err)
+		p.badProviderMetadata.error("Bad base path: %v", err)
 		return errContinue
 	}
@ -561,13 +576,13 @@ func (p *processor) checkIndex(base string, mask whereType) error {
 	res, err := client.Get(index)
 	if err != nil {
-		p.badIndices.add("Fetching %s failed: %v", index, err)
+		p.badIndices.error("Fetching %s failed: %v", index, err)
 		return errContinue
 	}
 	if res.StatusCode != http.StatusOK {
 		// It's optional
 		if res.StatusCode != http.StatusNotFound {
-			p.badIndices.add("Fetching %s failed. Status code %d (%s)",
+			p.badIndices.error("Fetching %s failed. Status code %d (%s)",
 				index, res.StatusCode, res.Status)
 		}
 		return errContinue
@ -583,7 +598,7 @@ func (p *processor) checkIndex(base string, mask whereType) error {
 		return files, scanner.Err()
 	}()
 	if err != nil {
-		p.badIndices.add("Reading %s failed: %v", index, err)
+		p.badIndices.error("Reading %s failed: %v", index, err)
 		return errContinue
 	}
@ -603,13 +618,13 @@ func (p *processor) checkChanges(base string, mask whereType) error {
 	p.badChanges.use()
 	if err != nil {
-		p.badChanges.add("Fetching %s failed: %v", changes, err)
+		p.badChanges.error("Fetching %s failed: %v", changes, err)
 		return errContinue
 	}
 	if res.StatusCode != http.StatusOK {
 		if res.StatusCode != http.StatusNotFound {
 			// It's optional
-			p.badChanges.add("Fetching %s failed. Status code %d (%s)",
+			p.badChanges.error("Fetching %s failed. Status code %d (%s)",
 				changes, res.StatusCode, res.Status)
 		}
 		return errContinue
@ -640,14 +655,14 @@ func (p *processor) checkChanges(base string, mask whereType) error {
 		return times, files, nil
 	}()
 	if err != nil {
-		p.badChanges.add("Reading %s failed: %v", changes, err)
+		p.badChanges.error("Reading %s failed: %v", changes, err)
 		return errContinue
 	}
 	if !sort.SliceIsSorted(times, func(i, j int) bool {
 		return times[j].Before(times[i])
 	}) {
-		p.badChanges.add("%s is not sorted in descending order", changes)
+		p.badChanges.error("%s is not sorted in descending order", changes)
 	}
 	return p.integrity(files, base, mask, p.badChanges.add)
@ -667,7 +682,7 @@ func (p *processor) processROLIEFeeds(domain string, feeds [][]csaf.Feed) error
 			}
 			up, err := url.Parse(string(*feed.URL))
 			if err != nil {
-				p.badProviderMetadata.add("Invalid URL %s in feed: %v.", *feed.URL, err)
+				p.badProviderMetadata.error("Invalid URL %s in feed: %v.", *feed.URL, err)
 				continue
 			}
 			feedURL := base.ResolveReference(up).String()
@ -693,7 +708,7 @@ func (p *processor) checkCSAFs(domain string) error {
 	if hasRolie {
 		var feeds [][]csaf.Feed
 		if err := util.ReMarshalJSON(&feeds, rolie); err != nil {
-			p.badProviderMetadata.add("ROLIE feeds are not compatible: %v.", err)
+			p.badProviderMetadata.error("ROLIE feeds are not compatible: %v.", err)
 		} else if err := p.processROLIEFeeds(domain, feeds); err != nil {
 			if err != errContinue {
 				return err
@ -747,7 +762,7 @@ func (p *processor) checkMissing(string) error {
 				where = append(where, in+" "+mask.String())
 			}
 		}
-		p.badIntegrities.add("%s %s", f, strings.Join(where, ", "))
+		p.badIntegrities.error("%s %s", f, strings.Join(where, ", "))
 	}
 	return nil
 }
@ -767,7 +782,7 @@ func (p *processor) checkInvalid(string) error {
 	if len(invalids) > 0 {
 		sort.Strings(invalids)
-		p.badDirListings.add("advisories with invalid file names: %s",
+		p.badDirListings.error("advisories with invalid file names: %s",
 			strings.Join(invalids, ", "))
 	}
@ -796,7 +811,7 @@ func (p *processor) checkListing(string) error {
 	if len(unlisted) > 0 {
 		sort.Strings(unlisted)
-		p.badDirListings.add("Not listed advisories: %s",
+		p.badDirListings.error("Not listed advisories: %s",
 			strings.Join(unlisted, ", "))
 	}
@ -814,11 +829,11 @@ func (p *processor) checkProviderMetadata(domain string) error {
 	client := p.httpClient()
-	lpmd := csaf.LoadProviderMetadataForDomain(client, domain, p.badProviderMetadata.add)
+	lpmd := csaf.LoadProviderMetadataForDomain(client, domain, p.badProviderMetadata.warn)
 	if lpmd == nil {
-		p.badProviderMetadata.add("No valid provider-metadata.json found.")
+		p.badProviderMetadata.error("No valid provider-metadata.json found.")
-		p.badProviderMetadata.add("STOPPING here - cannot perform other checks.")
+		p.badProviderMetadata.error("STOPPING here - cannot perform other checks.")
 		return errStop
 	}
@ -842,12 +857,12 @@ func (p *processor) checkSecurity(domain string) error {
 	path := "https://" + domain + "/.well-known/security.txt"
 	res, err := client.Get(path)
 	if err != nil {
-		p.badSecurity.add("Fetching %s failed: %v", path, err)
+		p.badSecurity.error("Fetching %s failed: %v", path, err)
 		return errContinue
 	}
 	if res.StatusCode != http.StatusOK {
-		p.badSecurity.add("Fetching %s failed. Status code %d (%s)",
+		p.badSecurity.error("Fetching %s failed. Status code %d (%s)",
 			path, res.StatusCode, res.Status)
 		return errContinue
 	}
@ -864,18 +879,18 @@ func (p *processor) checkSecurity(domain string) error {
 		return "", lines.Err()
 	}()
 	if err != nil {
-		p.badSecurity.add("Error while reading security.txt: %v", err)
+		p.badSecurity.error("Error while reading security.txt: %v", err)
 		return errContinue
 	}
 	if u == "" {
-		p.badSecurity.add("No CSAF line found in security.txt.")
+		p.badSecurity.error("No CSAF line found in security.txt.")
 		return errContinue
 	}
 	// Try to load
 	up, err := url.Parse(u)
 	if err != nil {
-		p.badSecurity.add("CSAF URL '%s' invalid: %v", u, err)
+		p.badSecurity.error("CSAF URL '%s' invalid: %v", u, err)
 		return errContinue
 	}
@ -887,11 +902,11 @@ func (p *processor) checkSecurity(domain string) error {
 	u = base.ResolveReference(up).String()
 	p.checkTLS(u)
 	if res, err = client.Get(u); err != nil {
-		p.badSecurity.add("Cannot fetch %s from security.txt: %v", u, err)
+		p.badSecurity.error("Cannot fetch %s from security.txt: %v", u, err)
 		return errContinue
 	}
 	if res.StatusCode != http.StatusOK {
-		p.badSecurity.add("Fetching %s failed. Status code %d (%s)",
+		p.badSecurity.error("Fetching %s failed. Status code %d (%s)",
 			u, res.StatusCode, res.Status)
 		return errContinue
 	}
@ -899,12 +914,12 @@ func (p *processor) checkSecurity(domain string) error {
 	// Compare checksums to already read provider-metadata.json.
 	h := sha256.New()
 	if _, err := io.Copy(h, res.Body); err != nil {
-		p.badSecurity.add("Reading %s failed: %v", u, err)
+		p.badSecurity.error("Reading %s failed: %v", u, err)
 		return errContinue
 	}
 	if !bytes.Equal(h.Sum(nil), p.pmd256) {
-		p.badSecurity.add("Content of %s from security.txt is not "+
+		p.badSecurity.error("Content of %s from security.txt is not "+
 			"identical to .well-known/csaf/provider-metadata.json", u)
 	}
@ -921,18 +936,18 @@ func (p *processor) checkPGPKeys(domain string) error {
 	src, err := p.expr.Eval("$.public_openpgp_keys", p.pmd)
 	if err != nil {
-		p.badPGPs.add("No public OpenPGP keys found: %v.", err)
+		p.badPGPs.warn("No public OpenPGP keys found: %v.", err)
 		return errContinue
 	}
 	var keys []csaf.PGPKey
 	if err := util.ReMarshalJSON(&keys, src); err != nil {
-		p.badPGPs.add("Invalid public OpenPGP keys: %v.", err)
+		p.badPGPs.error("Invalid public OpenPGP keys: %v.", err)
 		return errContinue
 	}
 	if len(keys) == 0 {
-		p.badPGPs.add("No public OpenPGP keys found.")
+		p.badPGPs.info("No public OpenPGP keys found.")
 		return errContinue
 	}
@ -948,12 +963,12 @@ func (p *processor) checkPGPKeys(domain string) error {
 	for i := range keys {
 		key := &keys[i]
 		if key.URL == nil {
-			p.badPGPs.add("Missing URL for fingerprint %x.", key.Fingerprint)
+			p.badPGPs.error("Missing URL for fingerprint %x.", key.Fingerprint)
 			continue
 		}
 		up, err := url.Parse(*key.URL)
 		if err != nil {
-			p.badPGPs.add("Invalid URL '%s': %v", *key.URL, err)
+			p.badPGPs.error("Invalid URL '%s': %v", *key.URL, err)
 			continue
 		}
@ -962,11 +977,11 @@ func (p *processor) checkPGPKeys(domain string) error {
 		res, err := client.Get(u)
 		if err != nil {
-			p.badPGPs.add("Fetching public OpenPGP key %s failed: %v.", u, err)
+			p.badPGPs.error("Fetching public OpenPGP key %s failed: %v.", u, err)
 			continue
 		}
 		if res.StatusCode != http.StatusOK {
-			p.badPGPs.add("Fetching public OpenPGP key %s status code: %d (%s)",
+			p.badPGPs.error("Fetching public OpenPGP key %s status code: %d (%s)",
 				u, res.StatusCode, res.Status)
 			continue
 		}
@ -977,24 +992,24 @@ func (p *processor) checkPGPKeys(domain string) error {
 		}()
 		if err != nil {
-			p.badPGPs.add("Reading public OpenPGP key %s failed: %v", u, err)
+			p.badPGPs.error("Reading public OpenPGP key %s failed: %v", u, err)
 			continue
 		}
 		if ckey.GetFingerprint() != string(key.Fingerprint) {
-			p.badPGPs.add("Fingerprint of public OpenPGP key %s does not match remotely loaded.", u)
+			p.badPGPs.error("Fingerprint of public OpenPGP key %s does not match remotely loaded.", u)
 			continue
 		}
 		keyring, err := crypto.NewKeyRing(ckey)
 		if err != nil {
-			p.badPGPs.add("Creating store for public OpenPGP key %s failed: %v.", u, err)
+			p.badPGPs.error("Creating store for public OpenPGP key %s failed: %v.", u, err)
 			continue
 		}
 		p.keys = append(p.keys, keyring)
 	}
 	if len(p.keys) == 0 {
-		p.badPGPs.add("No OpenPGP keys loaded.")
+		p.badPGPs.info("No OpenPGP keys loaded.")
 	}
 	return nil
 }
@ -1012,11 +1027,11 @@ func (p *processor) checkWellknownMetadataReporter(domain string) error {
 	res, err := client.Get(path)
 	if err != nil {
-		p.badWellknownMetadata.add("Fetching %s failed: %v", path, err)
+		p.badWellknownMetadata.error("Fetching %s failed: %v", path, err)
 		return errContinue
 	}
 	if res.StatusCode != http.StatusOK {
-		p.badWellknownMetadata.add("Fetching %s failed. Status code %d (%s)",
+		p.badWellknownMetadata.error("Fetching %s failed. Status code %d (%s)",
 			path, res.StatusCode, res.Status)
 		return errContinue
 	}
@ -1036,11 +1051,11 @@ func (p *processor) checkDNSPathReporter(domain string) error {
 	path := "https://csaf.data.security." + domain
 	res, err := client.Get(path)
 	if err != nil {
-		p.badDNSPath.add("Fetching %s failed: %v", path, err)
+		p.badDNSPath.error("Fetching %s failed: %v", path, err)
 		return errContinue
 	}
 	if res.StatusCode != http.StatusOK {
-		p.badDNSPath.add("Fetching %s failed. Status code %d (%s)",
+		p.badDNSPath.error("Fetching %s failed. Status code %d (%s)",
 			path, res.StatusCode, res.Status)
 		return errContinue
 	}
@ -1048,12 +1063,12 @@ func (p *processor) checkDNSPathReporter(domain string) error {
 	defer res.Body.Close()
 	content, err := io.ReadAll(res.Body)
 	if err != nil {
-		p.badDNSPath.add("Error while reading the response from %s", path)
+		p.badDNSPath.error("Error while reading the response from %s", path)
 		return errContinue
 	}
 	hash.Write(content)
 	if !bytes.Equal(hash.Sum(nil), p.pmd256) {
-		p.badDNSPath.add("%s does not serve the same provider-metadata.json as previously found", path)
+		p.badDNSPath.error("%s does not serve the same provider-metadata.json as previously found", path)
 		return errContinue
 	}
--- a/cmd/csaf_checker/report.go
+++ b/cmd/csaf_checker/report.go
@ -8,11 +8,31 @@
 package main
 import "fmt"
 // MessageType is the kind of the message.
 type MessageType int
 const (
 	// InfoType represents an info message.
 	InfoType MessageType = iota
 	// WarnType represents a warning message.
 	WarnType
 	// ErrorType represents an error message.
 	ErrorType
 )
 // Message is a typed text message.
 type Message struct {
 	Type MessageType `json:"type"`
 	Text string      `json:"text"`
 }
 // Requirement a single requirement report of a domain.
 type Requirement struct {
-	Num         int      `json:"num"`
+	Num         int       `json:"num"`
-	Description string   `json:"description"`
+	Description string    `json:"description"`
-	Messages    []string `json:"messages,omitempty"`
+	Messages    []Message `json:"messages,omitempty"`
 }
 // Domain are the results of a domain.
@ -28,6 +48,43 @@ type Report struct {
 	Date    string    `json:"date,omitempty"`
 }
-func (r *Requirement) message(msg ...string) {
+// HasErrors tells if this requirement has errors.
-	r.Messages = append(r.Messages, msg...)
+func (r *Requirement) HasErrors() bool {
 	for i := range r.Messages {
 		if r.Messages[i].Type == ErrorType {
 			return true
 		}
 	}
 	return false
 }
 // HasErrors tells if this domain has errors.
 func (d *Domain) HasErrors() bool {
 	for _, r := range d.Requirements {
 		if r.HasErrors() {
 			return true
 		}
 	}
 	return false
 }
 // String implements fmt.Stringer interface.
 func (mt MessageType) String() string {
 	switch mt {
 	case InfoType:
 		return "INFO"
 	case WarnType:
 		return "WARN"
 	case ErrorType:
 		return "ERROR"
 	default:
 		return fmt.Sprintf("MessageType (%d)", int(mt))
 	}
 }
 // message appends typed messages to a requirement.
 func (r *Requirement) message(typ MessageType, texts ...string) {
 	for _, text := range texts {
 		r.Messages = append(r.Messages, Message{Type: typ, Text: text})
 	}
 }
--- a/cmd/csaf_checker/reporters.go
+++ b/cmd/csaf_checker/reporters.go
@ -48,11 +48,11 @@ func (bc *baseReporter) requirement(domain *Domain) *Requirement {
 func (r *tlsReporter) report(p *processor, domain *Domain) {
 	req := r.requirement(domain)
 	if p.noneTLS == nil {
-		req.message("No TLS checks performed.")
+		req.message(InfoType, "No TLS checks performed.")
 		return
 	}
 	if len(p.noneTLS) == 0 {
-		req.message("All tested URLs were HTTPS.")
+		req.message(InfoType, "All tested URLs were HTTPS.")
 		return
 	}
@ -63,8 +63,8 @@ func (r *tlsReporter) report(p *processor, domain *Domain) {
 		i++
 	}
 	sort.Strings(urls)
-	req.message("Following non-HTTPS URLs were used:")
+	req.message(ErrorType, "Following non-HTTPS URLs were used:")
-	req.message(urls...)
+	req.message(ErrorType, urls...)
 }
 // report tests if redirects are used and sets the "message" field value
@ -72,7 +72,7 @@ func (r *tlsReporter) report(p *processor, domain *Domain) {
 func (r *redirectsReporter) report(p *processor, domain *Domain) {
 	req := r.requirement(domain)
 	if len(p.redirects) == 0 {
-		req.message("No redirections found.")
+		req.message(InfoType, "No redirections found.")
 		return
 	}
@ -86,7 +86,7 @@ func (r *redirectsReporter) report(p *processor, domain *Domain) {
 	for i, k := range keys {
 		keys[i] = fmt.Sprintf("Redirect %s: %s", k, p.redirects[k])
 	}
-	req.Messages = keys
+	req.message(WarnType, keys...)
 }
 // report tests if an provider-metadata.json are available and sets the
@ -94,11 +94,11 @@ func (r *redirectsReporter) report(p *processor, domain *Domain) {
 func (r *providerMetadataReport) report(p *processor, domain *Domain) {
 	req := r.requirement(domain)
 	if !p.badProviderMetadata.used() {
-		req.message("No provider-metadata.json checked.")
+		req.message(InfoType, "No provider-metadata.json checked.")
 		return
 	}
 	if len(p.badProviderMetadata) == 0 {
-		req.message("Found good provider metadata.")
+		req.message(InfoType, "Found good provider metadata.")
 		return
 	}
 	req.Messages = p.badProviderMetadata
@ -109,11 +109,11 @@ func (r *providerMetadataReport) report(p *processor, domain *Domain) {
 func (r *securityReporter) report(p *processor, domain *Domain) {
 	req := r.requirement(domain)
 	if !p.badSecurity.used() {
-		req.message("No security.txt checked.")
+		req.message(InfoType, "No security.txt checked.")
 		return
 	}
 	if len(p.badSecurity) == 0 {
-		req.message("Found good security.txt.")
+		req.message(InfoType, "Found good security.txt.")
 		return
 	}
 	req.Messages = p.badSecurity
@ -123,11 +123,11 @@ func (r *securityReporter) report(p *processor, domain *Domain) {
 func (r *wellknownMetadataReporter) report(p *processor, domain *Domain) {
 	req := r.requirement(domain)
 	if !p.badWellknownMetadata.used() {
-		req.message("No check if provider-metadata.json is under /.well-known/csaf/ was done.")
+		req.message(InfoType, "No check if provider-metadata.json is under /.well-known/csaf/ was done.")
 		return
 	}
 	if len(p.badWellknownMetadata) == 0 {
-		req.message("Found /.well-known/csaf/provider-metadata.json")
+		req.message(InfoType, "Found /.well-known/csaf/provider-metadata.json")
 		return
 	}
 	req.Messages = p.badWellknownMetadata
@ -137,11 +137,11 @@ func (r *wellknownMetadataReporter) report(p *processor, domain *Domain) {
 func (r *dnsPathReporter) report(p *processor, domain *Domain) {
 	req := r.requirement(domain)
 	if !p.badDNSPath.used() {
-		req.message("No download from https://csaf.data.security.DOMAIN attempted.")
+		req.message(InfoType, "No download from https://csaf.data.security.DOMAIN attempted.")
 		return
 	}
 	if len(p.badDNSPath) == 0 {
-		req.message("https://csaf.data.security.DOMAIN is available and serves the provider-metadata.json.")
+		req.message(InfoType, "https://csaf.data.security.DOMAIN is available and serves the provider-metadata.json.")
 		return
 	}
 	req.Messages = p.badDNSPath
@ -150,11 +150,11 @@ func (r *dnsPathReporter) report(p *processor, domain *Domain) {
 func (r *oneFolderPerYearReport) report(p *processor, domain *Domain) {
 	req := r.requirement(domain)
 	if !p.badFolders.used() {
-		req.message("No checks if files are in right folders were performed.")
+		req.message(InfoType, "No checks if files are in right folders were performed.")
 		return
 	}
 	if len(p.badFolders) == 0 {
-		req.message("All CSAF files are in the right folders.")
+		req.message(InfoType, "All CSAF files are in the right folders.")
 		return
 	}
 	req.Messages = p.badFolders
@ -163,11 +163,11 @@ func (r *oneFolderPerYearReport) report(p *processor, domain *Domain) {
 func (r *indexReporter) report(p *processor, domain *Domain) {
 	req := r.requirement(domain)
 	if !p.badIndices.used() {
-		req.message("No index.txt checked.")
+		req.message(InfoType, "No index.txt checked.")
 		return
 	}
 	if len(p.badIndices) == 0 {
-		req.message("Found good index.txt.")
+		req.message(InfoType, "Found good index.txt.")
 		return
 	}
 	req.Messages = p.badIndices
@ -176,11 +176,11 @@ func (r *indexReporter) report(p *processor, domain *Domain) {
 func (r *changesReporter) report(p *processor, domain *Domain) {
 	req := r.requirement(domain)
 	if !p.badChanges.used() {
-		req.message("No changes.csv checked.")
+		req.message(InfoType, "No changes.csv checked.")
 		return
 	}
 	if len(p.badChanges) == 0 {
-		req.message("Found good changes.csv.")
+		req.message(InfoType, "Found good changes.csv.")
 		return
 	}
 	req.Messages = p.badChanges
@ -189,11 +189,11 @@ func (r *changesReporter) report(p *processor, domain *Domain) {
 func (r *directoryListingsReporter) report(p *processor, domain *Domain) {
 	req := r.requirement(domain)
 	if !p.badDirListings.used() {
-		req.message("No directory listings checked.")
+		req.message(InfoType, "No directory listings checked.")
 		return
 	}
 	if len(p.badDirListings) == 0 {
-		req.message("All directory listings are valid.")
+		req.message(InfoType, "All directory listings are valid.")
 		return
 	}
 	req.Messages = p.badDirListings
@ -202,11 +202,11 @@ func (r *directoryListingsReporter) report(p *processor, domain *Domain) {
 func (r *integrityReporter) report(p *processor, domain *Domain) {
 	req := r.requirement(domain)
 	if !p.badIntegrities.used() {
-		req.message("No checksums checked.")
+		req.message(InfoType, "No checksums checked.")
 		return
 	}
 	if len(p.badIntegrities) == 0 {
-		req.message("All checksums match.")
+		req.message(InfoType, "All checksums match.")
 		return
 	}
 	req.Messages = p.badIntegrities
@ -215,23 +215,23 @@ func (r *integrityReporter) report(p *processor, domain *Domain) {
 func (r *signaturesReporter) report(p *processor, domain *Domain) {
 	req := r.requirement(domain)
 	if !p.badSignatures.used() {
-		req.message("No signatures checked.")
+		req.message(InfoType, "No signatures checked.")
 		return
 	}
 	req.Messages = p.badSignatures
 	if len(p.badSignatures) == 0 {
-		req.message("All signatures verified.")
+		req.message(InfoType, "All signatures verified.")
 	}
 }
 func (r *publicPGPKeyReporter) report(p *processor, domain *Domain) {
 	req := r.requirement(domain)
 	if !p.badPGPs.used() {
-		req.message("No public OpenPGP keys loaded.")
+		req.message(InfoType, "No public OpenPGP keys loaded.")
 		return
 	}
 	req.Messages = p.badPGPs
 	if len(p.keys) > 0 {
-		req.message(fmt.Sprintf("%d public OpenPGP key(s) loaded.", len(p.keys)))
+		req.message(InfoType, fmt.Sprintf("%d public OpenPGP key(s) loaded.", len(p.keys)))
 	}
 }
--- a/cmd/csaf_checker/tmpl/report.html
+++ b/cmd/csaf_checker/tmpl/report.html
@ -8,13 +8,13 @@
  <body>
    <h1>CSAF-Checker - Report</h1>
 {{- range .Domains }}
-    <h2>{{ .Name }}</h2>
+    <h2>{{ .Name }}{{ if .HasErrors }} (failed){{ end }}</h2>
    <dl>
 {{ range .Requirements }}
-    <dt><strong>Requirement {{ .Num }}: {{ .Description }}</strong></dt>
+    <dt><strong>Requirement {{ .Num }}: {{ .Description }}{{ if .HasErrors }} (failed){{ end }}</strong></dt>
 {{ range .Messages }}
-      <dd>- {{ . }}</dd>
+    <dd>- {{ .Type }}: {{ .Text }}</dd>
 {{ end }}
 {{ end }}
    </dl>