SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Simplified code.

Browse source
This commit is contained in:
Sascha L. Teichmann 2021-12-13 23:00:10 +01:00
parent f945937a6d
commit c562c94108
1 changed files with 26 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

54
cmd/csaf_checker/checks.go
View file

@ -226,6 +226,11 @@ func (bc *baseCheck) add(messages ...string) {
bc.messages = append(bc.messages, messages...) bc.messages = append(bc.messages, messages...)
} }
func (bc *baseCheck) sprintf(format string, args ...interface{}) {
msg := fmt.Sprintf(format, args...)
bc.messages = append(bc.messages, msg)
}
func (bc *baseCheck) ok(message string) bool { func (bc *baseCheck) ok(message string) bool {
k := len(bc.messages) == 0 k := len(bc.messages) == 0
if k { if k {
@ -279,14 +284,12 @@ func (pmdc *providerMetadataCheck) run(p *processor, domain string) error {
} }
res, err := client.Do(req) res, err := client.Do(req)
if err != nil { if err != nil {
msg := fmt.Sprintf("Fetching provider metadata failed: %s.", err.Error()) pmdc.sprintf("Fetching provider metadata failed: %s.", err.Error())
pmdc.add(msg)
return nil return nil
} }
defer res.Body.Close() defer res.Body.Close()
if res.StatusCode != http.StatusOK { if res.StatusCode != http.StatusOK {
msg := fmt.Sprintf("Status: %d (%s).", res.StatusCode, res.Status) pmdc.sprintf("Status: %d (%s).", res.StatusCode, res.Status)
pmdc.add(msg)
} }
// Calculate checksum for later comparison. // Calculate checksum for later comparison.
@ -302,8 +305,7 @@ func (pmdc *providerMetadataCheck) run(p *processor, domain string) error {
p.pmd256 = h.Sum(nil) p.pmd256 = h.Sum(nil)
if err := json.NewDecoder(bytes.NewReader(data)).Decode(&p.pmd); err != nil { if err := json.NewDecoder(bytes.NewReader(data)).Decode(&p.pmd); err != nil {
msg := fmt.Sprintf("Decoding JSON failed: %s.", err.Error()) pmdc.sprintf("Decoding JSON failed: %s.", err.Error())
pmdc.add(msg)
} }
errors, err := csaf.ValidateProviderMetadata(p.pmd) errors, err := csaf.ValidateProviderMetadata(p.pmd)
if err != nil { if err != nil {
@ -330,7 +332,7 @@ func (sc *securityCheck) run(p *processor, domain string) error {
return err return err
} }
if res.StatusCode != http.StatusOK { if res.StatusCode != http.StatusOK {
sc.add(fmt.Sprintf("Fetching security failed. Status code %d (%s)", res.StatusCode, res.Status)) sc.sprintf("Fetching security failed. Status code %d (%s)", res.StatusCode, res.Status)
return nil return nil
} }
u, err := func() (string, error) { u, err := func() (string, error) {
@ -345,7 +347,7 @@ func (sc *securityCheck) run(p *processor, domain string) error {
return "", lines.Err() return "", lines.Err()
}() }()
if err != nil { if err != nil {
sc.add(fmt.Sprintf("Error while reading security.txt: %s", err.Error())) sc.sprintf("Error while reading security.txt: %s", err.Error())
} }
if u == "" { if u == "" {
sc.add("No CSAF line found in security.txt.") sc.add("No CSAF line found in security.txt.")
@ -355,7 +357,7 @@ func (sc *securityCheck) run(p *processor, domain string) error {
// Try to load // Try to load
up, err := url.Parse(u) up, err := url.Parse(u)
if err != nil { if err != nil {
sc.add(fmt.Sprintf("CSAF URL '%s' invalid: %s.", u, err.Error())) sc.sprintf("CSAF URL '%s' invalid: %s.", u, err.Error())
return nil return nil
} }
@ -370,29 +372,27 @@ func (sc *securityCheck) run(p *processor, domain string) error {
return err return err
} }
if res, err = client.Do(req); err != nil { if res, err = client.Do(req); err != nil {
sc.add(fmt.Sprintf("Cannot fetch %s from security.txt: %s", u, err.Error())) sc.sprintf("Cannot fetch %s from security.txt: %s", u, err.Error())
return nil return nil
} }
if res.StatusCode != http.StatusOK { if res.StatusCode != http.StatusOK {
sc.add(fmt.Sprintf("Fetching %s failed. Status code %d (%s).", u, res.StatusCode, res.Status)) sc.sprintf("Fetching %s failed. Status code %d (%s).", u, res.StatusCode, res.Status)
return nil return nil
} }
defer res.Body.Close() defer res.Body.Close()
// Compare checksums to already read provider-metadata.json. // Compare checksums to already read provider-metadata.json.
h := sha256.New() h := sha256.New()
if _, err := io.Copy(h, res.Body); err != nil { if _, err := io.Copy(h, res.Body); err != nil {
sc.add(fmt.Sprintf("Reading %s failed: %s.", u, err.Error())) sc.sprintf("Reading %s failed: %s.", u, err.Error())
return nil return nil
} }
if !bytes.Equal(h.Sum(nil), p.pmd256) { if !bytes.Equal(h.Sum(nil), p.pmd256) {
sc.add(fmt.Sprintf( sc.sprintf(
"Content of %s from security.txt is not identical to .well-known/csaf/provider-metadata.json", u)) "Content of %s from security.txt is not identical to .well-known/csaf/provider-metadata.json", u)
} }
if len(sc.baseCheck.messages) == 0 { sc.ok("Valid CSAF line in security.txt found.")
sc.add("Valid CSAF line in security.txt found.")
}
return nil return nil
} }
@ -454,13 +454,13 @@ func (ppkc *publicPGPKeyCheck) run(p *processor, domain string) error {
src, err := p.jsonPath("$.pgp_keys") src, err := p.jsonPath("$.pgp_keys")
if err != nil { if err != nil {
ppkc.add(fmt.Sprintf("No PGP keys found: %v.", err)) ppkc.sprintf("No PGP keys found: %v.", err)
return nil return nil
} }
var keys []csaf.PGPKey var keys []csaf.PGPKey
if err := util.ReMarshalJSON(&keys, src); err != nil { if err := util.ReMarshalJSON(&keys, src); err != nil {
ppkc.add(fmt.Sprintf("PGP keys invalid: %v.", err)) ppkc.sprintf("PGP keys invalid: %v.", err)
return nil return nil
} }
@ -481,12 +481,12 @@ func (ppkc *publicPGPKeyCheck) run(p *processor, domain string) error {
for i := range keys { for i := range keys {
key := &keys[i] key := &keys[i]
if key.URL == nil { if key.URL == nil {
ppkc.add(fmt.Sprintf("Missing URL for fingerprint %x.", key.Fingerprint)) ppkc.sprintf("Missing URL for fingerprint %x.", key.Fingerprint)
continue continue
} }
up, err := url.Parse(*key.URL) up, err := url.Parse(*key.URL)
if err != nil { if err != nil {
ppkc.add(fmt.Sprintf("Invalid URL '%s': %v", *key.URL, err)) ppkc.sprintf("Invalid URL '%s': %v", *key.URL, err)
continue continue
} }
@ -500,11 +500,11 @@ func (ppkc *publicPGPKeyCheck) run(p *processor, domain string) error {
} }
res, err := client.Do(req) res, err := client.Do(req)
if err != nil { if err != nil {
ppkc.add(fmt.Sprintf("Fetching PGP key %s failed: %v.", u, err)) ppkc.sprintf("Fetching PGP key %s failed: %v.", u, err)
continue continue
} }
if res.StatusCode != http.StatusOK { if res.StatusCode != http.StatusOK {
ppkc.add(fmt.Sprintf("Fetching PGP key %s status code: %d (%s)", u, res.StatusCode, res.Status)) ppkc.sprintf("Fetching PGP key %s status code: %d (%s)", u, res.StatusCode, res.Status)
continue continue
} }
@ -514,12 +514,12 @@ func (ppkc *publicPGPKeyCheck) run(p *processor, domain string) error {
}() }()
if err != nil { if err != nil {
ppkc.add(fmt.Sprintf("Reading PGP key %s failed: %v", u, err)) ppkc.sprintf("Reading PGP key %s failed: %v", u, err)
continue continue
} }
if ckey.GetFingerprint() != string(key.Fingerprint) { if ckey.GetFingerprint() != string(key.Fingerprint) {
ppkc.add(fmt.Sprintf("Fingerprint of PGP key %s do not match remotely loaded.", u)) ppkc.sprintf("Fingerprint of PGP key %s do not match remotely loaded.", u)
continue continue
} }
p.keys = append(p.keys, ckey) p.keys = append(p.keys, ckey)
@ -530,9 +530,7 @@ func (ppkc *publicPGPKeyCheck) run(p *processor, domain string) error {
return nil return nil
} }
if len(ppkc.baseCheck.messages) == 0 { ppkc.ok(fmt.Sprintf("%d PGP key(s) loaded successfully.", len(p.keys)))
ppkc.add(fmt.Sprintf("%d PGP key(s) loaded successfully.", len(p.keys)))
}
return nil return nil
} }