* Fix aggregator URL handling
Parts of the URL were not path escaped. This results in a wrong URL; if
the provider name contains characters that need to be escaped.
* Simplify JoinPath usage
* Extend structured logging usage in aggregator
* Use structured logging in advisories processor
* Remove unnecessary inner function
* Format
* Feat: Add verbose flag to example aggregator toml (in comment)
---------
Co-authored-by: JanHoefelmeyer <jan.hoefelmeyer@intevation.de>
* fix: ensure HTTP requests use proxy env vars
Updated all instances of `http.Transport` to include the `Proxy` field set to `http.ProxyFromEnvironment`. This ensures that the application respects proxy configuration defined by the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables.
### Changes:
- Modified `http.Transport` initialization across the codebase to use:
```go
Proxy: http.ProxyFromEnvironment
```
- Ensured TLS configurations remain intact by preserving `TLSClientConfig`.
### Why:
- Previously, HTTP requests bypassed proxy settings due to missing configuration in the transport layer.
- This fix enables compatibility with proxied environments, aligning with standard Go behavior.
### Impact:
- All HTTP and HTTPS traffic now adheres to proxy settings.
- Domains listed in `NO_PROXY` bypass the proxy as expected.
### Verification:
- Tested with proxy environment variables set (`HTTP_PROXY`, `HTTPS_PROXY`).
- Verified requests route through the proxy and `NO_PROXY` works as intended.
* reformat with fmt
---------
Co-authored-by: Cormac Doherty <cormac.doherty@ncsc.gov.ie>
* Change the go module path
from github.com/csaf-poc/csaf_distribution to github.com/gocsaf/csaf.
* Rename archive for release tarballs.
* Adjust testing scripts and documentation.
This PR adds structured logging for the aggregator service. Currently, only the text handler is used, but I can extend this to use the JSON handler as well. In this case, probably some code that is shared between the aggregator and the downloader would need to be moved to a common package.
I was also wondering, whether this repo is moving to Go 1.21 at the future, since `slog` was introduced in to the standard lib in 1.21. So currently, this still relies on the `x/exp` package.
Fixes #462
* Convert a lot of variables to snake case
* Add snakecase for variables made out of two words that had it in no version yet (for consistency)
* Adjust example files too
---------
Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
* use full name for printing out the used logfile for the downloader.
* for debug or verbose, log the timeintervall that will be used
for downloader and aggregator. (The checker has this as part
of its output already.)
* Create ROLIE feed if summaries are empty
* Formatting, Remove sorting of 0 elements
* Handle minimum entry length error as warning in checker
* Use empty array instead of creating an empty array to reference
* Change schema to allow for empty entry arrays
* Use https://raw.githubusercontent.com/oasis-tcs/csaf/81b2663697958bc5f85d14372712a40028fb8338/csaf_2.0/json_schema/ROLIE_feed_json_schema.json as schema for ROLIE feeds
* Change label name from empty to undefined
* Change default of create_service_document for csaf_provider to true
* Config
* Count entries in csaf-checker, warn if there are none.
* Add Comments to csaf/rolie.go's CountEntries function
* Delete index.txt and changes.csv in aggregator if there are no entries.
* Create an empty ROLIE feed document when setting up folders during create
* nit: set update time stamp in structure init.
* Instantiate label checker only once.
* Ignore domain not having roles.
* provider: Create empty entry section in ROLIE feed.
* Stop check for domain if PMD check fails
* Add missing continue statement
* Report missing ROLIE feed entries in ROLIE feed, not Provider Metadata
* Do not ommit empty entries in ROLIE feeds.
* Fixed error handling problem introduced by faulty merge. Removed unused errStop handling while there.
---------
Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
Co-authored-by: JanHoefelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
* The validator is now able to print the details of the remote validations.
---------
Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
Co-authored-by: JanHoefelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
