mirror of
https://github.com/gocsaf/csaf.git
synced 2025-12-22 11:55:40 +01:00
Be more precise with conditional rules.
This commit is contained in:
Sascha L. Teichmann
parent
7eae607810
commit
c7453a6448
3 changed files with 124 additions and 43 deletions
|
|
@ -254,7 +254,16 @@ func (p *processor) run(domains []string) (*Report, error) {
|
|||
continue
|
||||
}
|
||||
|
||||
for _, r := range buildReporters(*domain.Role) {
|
||||
rules := roleRequirements(*domain.Role)
|
||||
// TODO: store error base on rules eval in report.
|
||||
if rules == nil {
|
||||
log.Printf(
|
||||
"WARN: Cannot find requirement rules for role %q. Assuming trusted provider.\n",
|
||||
*domain.Role)
|
||||
rules = trustedProviderRules
|
||||
}
|
||||
|
||||
for _, r := range rules.reporters() {
|
||||
r.report(p, domain)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -12,8 +12,6 @@ import (
|
|||
"fmt"
|
||||
"sort"
|
||||
"strings"
|
||||
|
||||
"github.com/csaf-poc/csaf_distribution/v2/csaf"
|
||||
)
|
||||
|
||||
type (
|
||||
|
|
@ -72,46 +70,6 @@ var reporters = [23]reporter{
|
|||
&mirrorReporter{baseReporter{num: 23, description: "Mirror"}},
|
||||
}
|
||||
|
||||
var roleImplies = map[csaf.MetadataRole][]csaf.MetadataRole{
|
||||
csaf.MetadataRoleProvider: {csaf.MetadataRolePublisher},
|
||||
csaf.MetadataRoleTrustedProvider: {csaf.MetadataRoleProvider},
|
||||
}
|
||||
|
||||
func requirements(role csaf.MetadataRole) [][2]int {
|
||||
var own [][2]int
|
||||
switch role {
|
||||
case csaf.MetadataRoleTrustedProvider:
|
||||
own = [][2]int{{18, 20}}
|
||||
case csaf.MetadataRoleProvider:
|
||||
// TODO: use commented numbers when TLPs should be checked.
|
||||
own = [][2]int{{6 /* 5 */, 7}, {8, 10}, {11, 14}, {15, 17}}
|
||||
case csaf.MetadataRolePublisher:
|
||||
own = [][2]int{{1, 3 /* 4 */}}
|
||||
}
|
||||
for _, base := range roleImplies[role] {
|
||||
own = append(own, requirements(base)...)
|
||||
}
|
||||
return own
|
||||
}
|
||||
|
||||
// buildReporters initializes each report by assigning a number and description to it.
|
||||
// It returns an array of the reporter interface type.
|
||||
func buildReporters(role csaf.MetadataRole) []reporter {
|
||||
var reps []reporter
|
||||
reqs := requirements(role)
|
||||
// sort to have them ordered by there number.
|
||||
sort.Slice(reqs, func(i, j int) bool { return reqs[i][0] < reqs[j][0] })
|
||||
for _, req := range reqs {
|
||||
from, to := req[0]-1, req[1]-1
|
||||
for i := from; i <= to; i++ {
|
||||
if rep := reporters[i]; rep != nil {
|
||||
reps = append(reps, rep)
|
||||
}
|
||||
}
|
||||
}
|
||||
return reps
|
||||
}
|
||||
|
||||
func (bc *baseReporter) requirement(domain *Domain) *Requirement {
|
||||
req := &Requirement{
|
||||
Num: bc.num,
|
||||
|
|
|
|||
114
cmd/csaf_checker/rules.go
Normal file
114
cmd/csaf_checker/rules.go
Normal file
|
|
@ -0,0 +1,114 @@
|
|||
// This file is Free Software under the MIT License
|
||||
// without warranty, see README.md and LICENSES/MIT.txt for details.
|
||||
//
|
||||
// SPDX-License-Identifier: MIT
|
||||
//
|
||||
// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
|
||||
// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
"sort"
|
||||
|
||||
"github.com/csaf-poc/csaf_distribution/v2/csaf"
|
||||
)
|
||||
|
||||
type ruleCondition int
|
||||
|
||||
const (
|
||||
condAll ruleCondition = iota
|
||||
condOneOf
|
||||
)
|
||||
|
||||
type requirementRules struct {
|
||||
cond ruleCondition
|
||||
satisfies int
|
||||
subs []*requirementRules
|
||||
}
|
||||
|
||||
var (
|
||||
publisherRules = &requirementRules{
|
||||
cond: condAll,
|
||||
subs: ruleAtoms(1, 2, 3 /* 4 */),
|
||||
}
|
||||
|
||||
providerRules = &requirementRules{
|
||||
cond: condAll,
|
||||
subs: []*requirementRules{
|
||||
publisherRules,
|
||||
{cond: condOneOf, subs: ruleAtoms(8, 9, 10)},
|
||||
{cond: condOneOf, subs: []*requirementRules{
|
||||
{cond: condAll, subs: ruleAtoms(11, 12, 13, 14)},
|
||||
{cond: condAll, subs: ruleAtoms(15, 16, 17)},
|
||||
}},
|
||||
},
|
||||
}
|
||||
|
||||
trustedProviderRules = &requirementRules{
|
||||
cond: condAll,
|
||||
subs: []*requirementRules{
|
||||
providerRules,
|
||||
{cond: condAll, subs: ruleAtoms(18, 19, 20)},
|
||||
},
|
||||
}
|
||||
)
|
||||
|
||||
func ruleAtoms(nums ...int) []*requirementRules {
|
||||
rules := make([]*requirementRules, len(nums))
|
||||
for i, num := range nums {
|
||||
rules[i] = &requirementRules{
|
||||
cond: condAll,
|
||||
satisfies: num,
|
||||
}
|
||||
}
|
||||
return rules
|
||||
}
|
||||
|
||||
func (rules *requirementRules) reporters() []reporter {
|
||||
if rules == nil {
|
||||
return nil
|
||||
}
|
||||
var nums []int
|
||||
|
||||
var recurse func(*requirementRules)
|
||||
recurse = func(rules *requirementRules) {
|
||||
if rules.satisfies != 0 {
|
||||
// There should not be any dupes
|
||||
for _, n := range nums {
|
||||
if n == rules.satisfies {
|
||||
goto doRecurse
|
||||
}
|
||||
}
|
||||
nums = append(nums, rules.satisfies)
|
||||
}
|
||||
doRecurse:
|
||||
for _, sub := range rules.subs {
|
||||
recurse(sub)
|
||||
}
|
||||
}
|
||||
recurse(rules)
|
||||
|
||||
sort.Ints(nums)
|
||||
|
||||
reps := make([]reporter, len(nums))
|
||||
|
||||
for i, n := range nums {
|
||||
reps[i] = reporters[n]
|
||||
}
|
||||
return reps
|
||||
}
|
||||
|
||||
// roleRequirements returns the rules for the given role.
|
||||
func roleRequirements(role csaf.MetadataRole) *requirementRules {
|
||||
switch role {
|
||||
case csaf.MetadataRoleTrustedProvider:
|
||||
return trustedProviderRules
|
||||
case csaf.MetadataRoleProvider:
|
||||
return providerRules
|
||||
case csaf.MetadataRolePublisher:
|
||||
return publisherRules
|
||||
default:
|
||||
return nil
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue