mirror of
https://github.com/gocsaf/csaf.git
synced 2025-12-22 11:55:40 +01:00
Merge pull request #122 from csaf-poc/checker-more-implementation
Checker more implementation
This commit is contained in:
Sascha L. Teichmann
GitHub
commit
de4f50787d
2 changed files with 95 additions and 14 deletions
|
|
@ -57,6 +57,8 @@ type processor struct {
|
|||
badIndices topicMessages
|
||||
badChanges topicMessages
|
||||
badFolders topicMessages
|
||||
badWellknownMetadata topicMessages
|
||||
badDNSPath topicMessages
|
||||
|
||||
expr *util.PathEval
|
||||
}
|
||||
|
|
@ -191,6 +193,8 @@ func (p *processor) checkDomain(domain string) error {
|
|||
(*processor).checkSecurity,
|
||||
(*processor).checkCSAFs,
|
||||
(*processor).checkMissing,
|
||||
(*processor).checkWellknownMetadataReporter,
|
||||
(*processor).checkDNSPathReporter,
|
||||
} {
|
||||
if err := check(p, domain); err != nil && err != errContinue {
|
||||
if err == errStop {
|
||||
|
|
@ -1003,3 +1007,64 @@ func (p *processor) checkPGPKeys(domain string) error {
|
|||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// checkWellknownMetadataReporter checks if the provider-metadata.json file is
|
||||
// avaialable under the /.well-known/csaf/ directory.
|
||||
// It returns nil if all checks are passed, otherwise error.
|
||||
func (p *processor) checkWellknownMetadataReporter(domain string) error {
|
||||
|
||||
client := p.httpClient()
|
||||
|
||||
p.badWellknownMetadata.use()
|
||||
|
||||
path := "https://" + domain + "/.well-known/csaf/provider-metadata.json"
|
||||
|
||||
res, err := client.Get(path)
|
||||
if err != nil {
|
||||
p.badWellknownMetadata.add("Fetiching %s failed: %v", path, err)
|
||||
return errContinue
|
||||
}
|
||||
if res.StatusCode != http.StatusOK {
|
||||
p.badWellknownMetadata.add("Fetching %s failed. Status code %d (%s)",
|
||||
path, res.StatusCode, res.Status)
|
||||
return errContinue
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// checkDNSPathReporter checks if the "csaf.data.security.domain.tld" DNS record is available
|
||||
// and serves the "provider-metadata.json".
|
||||
// It returns nil if all checks are passed, otherwise error.
|
||||
func (p *processor) checkDNSPathReporter(domain string) error {
|
||||
|
||||
client := p.httpClient()
|
||||
|
||||
p.badDNSPath.use()
|
||||
|
||||
path := "https://csaf.data.security.domain.tld"
|
||||
res, err := client.Get(path)
|
||||
if err != nil {
|
||||
p.badDNSPath.add("Fetiching %s failed: %v", path, err)
|
||||
return errContinue
|
||||
}
|
||||
if res.StatusCode != http.StatusOK {
|
||||
p.badDNSPath.add("Fetching %s failed. Status code %d (%s)",
|
||||
path, res.StatusCode, res.Status)
|
||||
return errContinue
|
||||
}
|
||||
hash := sha256.New()
|
||||
defer res.Body.Close()
|
||||
content, err := io.ReadAll(res.Body)
|
||||
if err != nil {
|
||||
p.badDNSPath.add("Error while reading the response form %s", path)
|
||||
return errContinue
|
||||
}
|
||||
hash.Write(content)
|
||||
if !bytes.Equal(hash.Sum(nil), p.pmd256) {
|
||||
p.badDNSPath.add("The csaf.data.security.domain.tld DNS record does not serve the provider-metatdata.json")
|
||||
return errContinue
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -119,16 +119,32 @@ func (r *securityReporter) report(p *processor, domain *Domain) {
|
|||
req.Messages = p.badSecurity
|
||||
}
|
||||
|
||||
func (r *wellknownMetadataReporter) report(_ *processor, domain *Domain) {
|
||||
// TODO: Implement me!
|
||||
//report tests the availability of the "provider-metadata.json" under /.well-known/csaf/ directoy.
|
||||
func (r *wellknownMetadataReporter) report(p *processor, domain *Domain) {
|
||||
req := r.requirement(domain)
|
||||
req.message("(Not checked, missing implementation.)")
|
||||
if !p.badWellknownMetadata.used() {
|
||||
req.message("No check if provider-metadata.json is under /.well-known/csaf/ was done.")
|
||||
return
|
||||
}
|
||||
if len(p.badWellknownMetadata) == 0 {
|
||||
req.message("Found /.well-known/csaf/provider-metadata.json")
|
||||
return
|
||||
}
|
||||
req.Messages = p.badWellknownMetadata
|
||||
}
|
||||
|
||||
func (r *dnsPathReporter) report(_ *processor, domain *Domain) {
|
||||
// TODO: Implement me!
|
||||
// report tests if the "csaf.data.security.domain.tld" DNS record available and serves the "provider-metadata.json"
|
||||
func (r *dnsPathReporter) report(p *processor, domain *Domain) {
|
||||
req := r.requirement(domain)
|
||||
req.message("(Not checked, missing implementation.)")
|
||||
if !p.badDNSPath.used() {
|
||||
req.message("No csaf.data.security.domain.tld DNS record checked.")
|
||||
return
|
||||
}
|
||||
if len(p.badDNSPath) == 0 {
|
||||
req.message("csaf.data.security.domain.tld DNS record is available and serves the provider-metadata.json.")
|
||||
return
|
||||
}
|
||||
req.Messages = p.badDNSPath
|
||||
}
|
||||
|
||||
func (r *oneFolderPerYearReport) report(p *processor, domain *Domain) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue