Merge unittest into sha-handling

commit 990c74a1a6
Merge: 86d7ce1 7824f3b
Author: koplas <pschwabauer@intevation.de>
Date:   Fri Nov 22 16:58:46 2024 +0100

    Merge branch 'sha-handling' into unittest

commit 86d7ce13dc
Merge: a6807d2 79b8900
Author: koplas <pschwabauer@intevation.de>
Date:   Fri Nov 22 16:54:45 2024 +0100

    Merge branch 'sha-handling' into unittest

commit 79b89009dd
Author: koplas <pschwabauer@intevation.de>
Date:   Fri Nov 22 16:31:56 2024 +0100

    Improve hash fetching and logging

commit a6807d24d6
Merge: ddb5518 d18d2c3
Author: koplas <pschwabauer@intevation.de>
Date:   Fri Nov 22 16:51:55 2024 +0100

    Merge branch 'sha-handling' into unittest

commit d18d2c3bf1
Author: koplas <pschwabauer@intevation.de>
Date:   Fri Nov 22 16:31:56 2024 +0100

    Improve hash fetching and logging

commit ddb5518c6d
Author: koplas <54645365+koplas@users.noreply.github.com>
Date:   Tue Sep 17 10:45:25 2024 +0200

    Extend SHA marking tests

commit 13c94f4fa0
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 20:46:31 2024 +0200

    Use temp directory for downloads

commit 1819b4896b
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 20:37:55 2024 +0200

    Fix rolie feed

commit 989e3667ba
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 20:23:22 2024 +0200

    Fix provider-metadata.json

commit 714735d74a
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 20:08:21 2024 +0200

    Implement provider handler

commit d488e39947
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 16:26:37 2024 +0200

    Add info about gpg key

commit a9bf9da130
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 16:12:49 2024 +0200

    Rename directory testdata

commit 6ca6dfee25
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 16:01:41 2024 +0200

    Add initial downloader tests

commit 20bee797c6
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 15:58:31 2024 +0200

    Fix: Remove unecessary error print

commit 8e4e508073
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 14:50:48 2024 +0200

    Extend links test

commit 3ba29f94de
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 14:11:14 2024 +0200

    Add initial directory feed testdata

commit dee55aafd9
Author: koplas <54645365+koplas@users.noreply.github.com>
Date:   Mon Sep 16 10:47:32 2024 +0200

    Add initial testdata

commit cd9338ae72
Author: koplas <54645365+koplas@users.noreply.github.com>
Date:   Thu Sep 12 15:54:42 2024 +0200

    Add initial download unittests

testdata/simple-directory-provider/openpgp/info.txt

@@ -0,0 +1,2 @@
+The GPG key was generated with no passphrase and this command:
+`gpg --default-new-key-algo "ed25519/cert,sign+cv25519/encr" --quick-generate-key security@example.com"`

testdata/simple-directory-provider/openpgp/privkey.asc

@@ -0,0 +1,15 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lFgEZtsQNxYJKwYBBAHaRw8BAQdASr3y4zW+4XGqUlvRJ7stRCUHv8HB4ZoMoTtU
+KLgnHr4AAQD5G5xy/yTN5b+lvV5Ahrbz1qOZ/wmKTieGOH9GZb6JwhHwtBRzZWN1
+cml0eUBleGFtcGxlLmNvbYiZBBMWCgBBFiEEqJFMovEROcammgAY+zzZsV3mFZYF
+AmbbEDcCGwMFCQWjmoAFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQ+zzZ
+sV3mFZZskQEAg5Dttqm6TA7MtLxz7VSlklx95LQr9d5jm4jcOaqlGT0A/1mAAlUq
+SDySFGI6DFQLcaZaUd9Yl+1b0Icr0tUiOaQHnF0EZtsQNxIKKwYBBAGXVQEFAQEH
+QOTHP4FkopIGJMWXTYsaeQ1Dugd+yNYWB357vRYq6QsiAwEIBwAA/0RIazq1s8Oe
+23jvNaZGb/adDYnRrkCMXXTBKsuA6WOAEhKIeAQYFgoAIBYhBKiRTKLxETnGppoA
+GPs82bFd5hWWBQJm2xA3AhsMAAoJEPs82bFd5hWWDKABAOl+NoM6FBhKAvckUXDR
+MLZ4k778N4Vy9VHbectjRKj1AQCO3JOmON+U6/mjohXrc2bwzKzt2yGiLP2HMxDx
+uzMXBQ==
+=4XHC
+-----END PGP PRIVATE KEY BLOCK-----

testdata/simple-directory-provider/openpgp/pubkey.asc

@@ -0,0 +1,13 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEZtsQNxYJKwYBBAHaRw8BAQdASr3y4zW+4XGqUlvRJ7stRCUHv8HB4ZoMoTtU
+KLgnHr60FHNlY3VyaXR5QGV4YW1wbGUuY29tiJkEExYKAEEWIQSokUyi8RE5xqaa
+ABj7PNmxXeYVlgUCZtsQNwIbAwUJBaOagAULCQgHAgIiAgYVCgkICwIEFgIDAQIe
+BwIXgAAKCRD7PNmxXeYVlmyRAQCDkO22qbpMDsy0vHPtVKWSXH3ktCv13mObiNw5
+qqUZPQD/WYACVSpIPJIUYjoMVAtxplpR31iX7VvQhyvS1SI5pAe4OARm2xA3Egor
+BgEEAZdVAQUBAQdA5Mc/gWSikgYkxZdNixp5DUO6B37I1hYHfnu9FirpCyIDAQgH
+iHgEGBYKACAWIQSokUyi8RE5xqaaABj7PNmxXeYVlgUCZtsQNwIbDAAKCRD7PNmx
+XeYVlgygAQDpfjaDOhQYSgL3JFFw0TC2eJO+/DeFcvVR23nLY0So9QEAjtyTpjjf
+lOv5o6IV63Nm8Mys7dshoiz9hzMQ8bszFwU=
+=rhGT
+-----END PGP PUBLIC KEY BLOCK-----

testdata/simple-directory-provider/provider-metadata.json

@@ -0,0 +1,25 @@
+{
+  "canonical_url": "{{.URL}}/provider-metadata.json",
+  "distributions": [
+    {
+      "directory_url": "{{.URL}}/white/"
+    }
+  ],
+  "last_updated": "2020-01-01T00:00:00Z",
+  "list_on_CSAF_aggregators": true,
+  "metadata_version": "2.0",
+  "mirror_on_CSAF_aggregators": true,
+  "public_openpgp_keys": [
+    {
+      "fingerprint": "A8914CA2F11139C6A69A0018FB3CD9B15DE61596",
+      "url": "{{.URL}}/openpgp/pubkey.asc"
+    }
+  ],
+  "publisher": {
+    "category": "vendor",
+    "name": "ACME Inc",
+    "namespace": "https://example.com",
+    "contact_details": "mailto:security@example.com"
+  },
+  "role": "csaf_trusted_provider"
+}

testdata/simple-directory-provider/security.txt

@@ -0,0 +1,2 @@
+CSAF: /provider-metadata.json
+

testdata/simple-directory-provider/white/avendor-advisory-0004-not-listed.json

@@ -0,0 +1,170 @@
+{
+  "document": {
+    "category": "csaf_vex",
+    "csaf_version": "2.0",
+    "distribution": {
+      "tlp": {
+        "label": "WHITE",
+        "url": "https://www.first.org/tlp/v1/"
+      }
+    },
+    "notes": [
+      {
+        "category": "summary",
+        "title": "Test document summary",
+        "text": "Auto generated test CSAF document"
+      }
+    ],
+    "publisher": {
+      "category": "vendor",
+      "name": "ACME Inc.",
+      "namespace": "https://www.example.com"
+    },
+    "title": "Test CSAF document",
+    "tracking": {
+      "current_release_date": "2020-01-01T00:00:00Z",
+      "generator": {
+        "date": "2020-01-01T00:00:00Z",
+        "engine": {
+          "name": "csaf-tool",
+          "version": "0.3.2"
+        }
+      },
+      "id": "Avendor-advisory-0004",
+      "initial_release_date": "2020-01-01T00:00:00Z",
+      "revision_history": [
+        {
+          "date": "2020-01-01T00:00:00Z",
+          "number": "1",
+          "summary": "Initial version"
+        }
+      ],
+      "status": "final",
+      "version": "1"
+    }
+  },
+  "product_tree": {
+    "branches": [
+      {
+        "category": "vendor",
+        "name": "AVendor",
+        "branches": [
+          {
+            "category": "product_name",
+            "name": "product_1",
+            "branches": [
+              {
+                "category": "product_version",
+                "name": "1.1",
+                "product": {
+                  "name": "AVendor product_1 1.1",
+                  "product_id": "CSAFPID_0001"
+                }
+              },
+              {
+                "category": "product_version",
+                "name": "1.2",
+                "product": {
+                  "name": "AVendor product_1 1.2",
+                  "product_id": "CSAFPID_0002"
+                }
+              },
+              {
+                "category": "product_version",
+                "name": "2.0",
+                "product": {
+                  "name": "AVendor product_1 2.0",
+                  "product_id": "CSAFPID_0003"
+                }
+              }
+            ]
+          }
+        ]
+      },
+      {
+        "category": "vendor",
+        "name": "AVendor1",
+        "branches": [
+          {
+            "category": "product_name",
+            "name": "product_2",
+            "branches": [
+              {
+                "category": "product_version",
+                "name": "1",
+                "product": {
+                  "name": "AVendor1 product_2 1",
+                  "product_id": "CSAFPID_0004"
+                }
+              }
+            ]
+          }
+        ]
+      },
+      {
+        "category": "vendor",
+        "name": "AVendor",
+        "branches": [
+          {
+            "category": "product_name",
+            "name": "product_3",
+            "branches": [
+              {
+                "category": "product_version",
+                "name": "2022H2",
+                "product": {
+                  "name": "AVendor product_3 2022H2",
+                  "product_id": "CSAFPID_0005"
+                }
+              }
+            ]
+          }
+        ]
+      }
+    ]
+  },
+  "vulnerabilities": [
+    {
+      "cve": "CVE-2020-1234",
+      "notes": [
+        {
+          "category": "description",
+          "title": "CVE description",
+          "text": "https://nvd.nist.gov/vuln/detail/CVE-2020-1234"
+        }
+      ],
+      "product_status": {
+        "under_investigation": ["CSAFPID_0001"]
+      },
+      "threats": [
+        {
+          "category": "impact",
+          "details": "Customers should upgrade to the latest version of the product",
+          "date": "2020-01-01T00:00:00Z",
+          "product_ids": ["CSAFPID_0001"]
+        }
+      ]
+    },
+    {
+      "cve": "CVE-2020-9876",
+      "notes": [
+        {
+          "category": "description",
+          "title": "CVE description",
+          "text": "https://nvd.nist.gov/vuln/detail/CVE-2020-9876"
+        }
+      ],
+      "product_status": {
+        "under_investigation": ["CSAFPID_0001"]
+      },
+      "threats": [
+        {
+          "category": "impact",
+          "details": "Still under investigation",
+          "date": "2020-01-01T00:00:00Z",
+          "product_ids": ["CSAFPID_0001"]
+        }
+      ]
+    }
+  ]
+}

testdata/simple-directory-provider/white/avendor-advisory-0004.json

@@ -0,0 +1,170 @@
+{
+  "document": {
+    "category": "csaf_vex",
+    "csaf_version": "2.0",
+    "distribution": {
+      "tlp": {
+        "label": "WHITE",
+        "url": "https://www.first.org/tlp/v1/"
+      }
+    },
+    "notes": [
+      {
+        "category": "summary",
+        "title": "Test document summary",
+        "text": "Auto generated test CSAF document"
+      }
+    ],
+    "publisher": {
+      "category": "vendor",
+      "name": "ACME Inc.",
+      "namespace": "https://www.example.com"
+    },
+    "title": "Test CSAF document",
+    "tracking": {
+      "current_release_date": "2020-01-01T00:00:00Z",
+      "generator": {
+        "date": "2020-01-01T00:00:00Z",
+        "engine": {
+          "name": "csaf-tool",
+          "version": "0.3.2"
+        }
+      },
+      "id": "Avendor-advisory-0004",
+      "initial_release_date": "2020-01-01T00:00:00Z",
+      "revision_history": [
+        {
+          "date": "2020-01-01T00:00:00Z",
+          "number": "1",
+          "summary": "Initial version"
+        }
+      ],
+      "status": "final",
+      "version": "1"
+    }
+  },
+  "product_tree": {
+    "branches": [
+      {
+        "category": "vendor",
+        "name": "AVendor",
+        "branches": [
+          {
+            "category": "product_name",
+            "name": "product_1",
+            "branches": [
+              {
+                "category": "product_version",
+                "name": "1.1",
+                "product": {
+                  "name": "AVendor product_1 1.1",
+                  "product_id": "CSAFPID_0001"
+                }
+              },
+              {
+                "category": "product_version",
+                "name": "1.2",
+                "product": {
+                  "name": "AVendor product_1 1.2",
+                  "product_id": "CSAFPID_0002"
+                }
+              },
+              {
+                "category": "product_version",
+                "name": "2.0",
+                "product": {
+                  "name": "AVendor product_1 2.0",
+                  "product_id": "CSAFPID_0003"
+                }
+              }
+            ]
+          }
+        ]
+      },
+      {
+        "category": "vendor",
+        "name": "AVendor1",
+        "branches": [
+          {
+            "category": "product_name",
+            "name": "product_2",
+            "branches": [
+              {
+                "category": "product_version",
+                "name": "1",
+                "product": {
+                  "name": "AVendor1 product_2 1",
+                  "product_id": "CSAFPID_0004"
+                }
+              }
+            ]
+          }
+        ]
+      },
+      {
+        "category": "vendor",
+        "name": "AVendor",
+        "branches": [
+          {
+            "category": "product_name",
+            "name": "product_3",
+            "branches": [
+              {
+                "category": "product_version",
+                "name": "2022H2",
+                "product": {
+                  "name": "AVendor product_3 2022H2",
+                  "product_id": "CSAFPID_0005"
+                }
+              }
+            ]
+          }
+        ]
+      }
+    ]
+  },
+  "vulnerabilities": [
+    {
+      "cve": "CVE-2020-1234",
+      "notes": [
+        {
+          "category": "description",
+          "title": "CVE description",
+          "text": "https://nvd.nist.gov/vuln/detail/CVE-2020-1234"
+        }
+      ],
+      "product_status": {
+        "under_investigation": ["CSAFPID_0001"]
+      },
+      "threats": [
+        {
+          "category": "impact",
+          "details": "Customers should upgrade to the latest version of the product",
+          "date": "2020-01-01T00:00:00Z",
+          "product_ids": ["CSAFPID_0001"]
+        }
+      ]
+    },
+    {
+      "cve": "CVE-2020-9876",
+      "notes": [
+        {
+          "category": "description",
+          "title": "CVE description",
+          "text": "https://nvd.nist.gov/vuln/detail/CVE-2020-9876"
+        }
+      ],
+      "product_status": {
+        "under_investigation": ["CSAFPID_0001"]
+      },
+      "threats": [
+        {
+          "category": "impact",
+          "details": "Still under investigation",
+          "date": "2020-01-01T00:00:00Z",
+          "product_ids": ["CSAFPID_0001"]
+        }
+      ]
+    }
+  ]
+}

testdata/simple-directory-provider/white/avendor-advisory-0004.json.asc

@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+
+iHUEABYKAB0WIQSokUyi8RE5xqaaABj7PNmxXeYVlgUCZukv9QAKCRD7PNmxXeYV
+ljq0AP9n/rTgoNCJzSTZzNrrMy28ZR+Ppp1MSPWGFUzsx6qLJgD/d8cu0lokMsXf
+y0uc9k7hrla/ajFUzNt3AVvT+CPFtAo=
+=7E66
+-----END PGP SIGNATURE-----

testdata/simple-directory-provider/white/avendor-advisory-0004.json.sha256

@@ -0,0 +1 @@
+cb263bf1beab18b893de63f2966d0d8c5f38d60101c24d3fd7a5feebaad02c3b  avendor-advisory-0004.json

testdata/simple-directory-provider/white/avendor-advisory-0004.json.sha512

@@ -0,0 +1 @@
+39476e1d08a0871d166091c90de259544382a3599eebda118a93468499a30fd034286086c461a97d3d5298e093b0be3868e8d89d8a6a255c4aa6adb81ebbfcad  avendor-advisory-0004.json

testdata/simple-directory-provider/white/changes.csv

@@ -0,0 +1 @@
+"avendor-advisory-0004.json","2020-01-01T00:00:00+00:00"

testdata/simple-directory-provider/white/index.html

@@ -0,0 +1,6 @@
+<!doctype html>
+<html>
+  <body>
+    <a href="./avendor-advisory-0004.json">avendor-advisory-0004</a>
+  </body>
+</html>

testdata/simple-directory-provider/white/index.txt

@@ -0,0 +1 @@
+avendor-advisory-0004.json