SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Warn only if the other hash could be fetched

Browse source
This commit is contained in:
koplas 2024-12-18 15:37:58 +01:00
parent d38150c6a0
commit d8e903587a
3 changed files with 22 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

28
cmd/csaf_checker/processor.go
View file

@ -757,6 +757,9 @@ func (p *processor) integrity(
hashes = append(hashes, hash{"SHA512", f.SHA512URL, s512.Sum(nil)}) hashes = append(hashes, hash{"SHA512", f.SHA512URL, s512.Sum(nil)})
} }
couldFetchHash := false
hashFetchErrors := []string{}
for _, x := range hashes { for _, x := range hashes {
hu, err := url.Parse(x.url()) hu, err := url.Parse(x.url())
if err != nil { if err != nil {
@ -768,19 +771,15 @@ func (p *processor) integrity(
p.checkTLS(hashFile) p.checkTLS(hashFile)
if res, err = client.Get(hashFile); err != nil { if res, err = client.Get(hashFile); err != nil {
p.badIntegrities.error("Fetching %s failed: %v.", hashFile, err) hashFetchErrors = append(hashFetchErrors, fmt.Sprintf("Fetching %s failed: %v.", hashFile, err))
continue continue
} }
if res.StatusCode != http.StatusOK { if res.StatusCode != http.StatusOK {
if f.IsDirectory() { hashFetchErrors = append(hashFetchErrors, fmt.Sprintf("Fetching %s failed: Status code %d (%s)",
p.badIntegrities.info("Fetching %s failed: Status code %d (%s)", hashFile, res.StatusCode, res.Status))
hashFile, res.StatusCode, res.Status)
} else {
p.badIntegrities.error("Fetching %s failed: Status code %d (%s)",
hashFile, res.StatusCode, res.Status)
}
continue continue
} }
couldFetchHash = true
h, err := func() ([]byte, error) { h, err := func() ([]byte, error) {
defer res.Body.Close() defer res.Body.Close()
return util.HashFromReader(res.Body) return util.HashFromReader(res.Body)
@ -798,6 +797,19 @@ func (p *processor) integrity(
x.ext, u, hashFile) x.ext, u, hashFile)
} }
} }
msgType := ErrorType
// Log only as warning, if the other hash could be fetched
if couldFetchHash {
msgType = WarnType
}
if f.IsDirectory() {
msgType = InfoType
}
for _, fetchError := range hashFetchErrors {
p.badIntegrities.add(msgType, fetchError)
}
// Check signature // Check signature
su, err := url.Parse(f.SignURL()) su, err := url.Parse(f.SignURL())
if err != nil { if err != nil {

2
testdata/processor-requirements/sha256-sha512-forbid-sha256-rolie.json vendored
View file

@ -182,7 +182,7 @@
"description": "Integrity", "description": "Integrity",
"messages": [ "messages": [
{ {
"type": 2, "type": 1,
"text": "Fetching {{.URL}}/white/avendor-advisory-0004.json.sha256 failed: Status code 403 (403 Forbidden)" "text": "Fetching {{.URL}}/white/avendor-advisory-0004.json.sha256 failed: Status code 403 (403 Forbidden)"
} }
] ]

2
testdata/processor-requirements/sha256-sha512-forbid-sha512-rolie.json vendored
View file

@ -182,7 +182,7 @@
"description": "Integrity", "description": "Integrity",
"messages": [ "messages": [
{ {
"type": 2, "type": 1,
"text": "Fetching {{.URL}}/white/avendor-advisory-0004.json.sha512 failed: Status code 403 (403 Forbidden)" "text": "Fetching {{.URL}}/white/avendor-advisory-0004.json.sha512 failed: Status code 403 (403 Forbidden)"
} }
] ]