* fix: ensure HTTP requests use proxy env vars
Updated all instances of `http.Transport` to include the `Proxy` field set to `http.ProxyFromEnvironment`. This ensures that the application respects proxy configuration defined by the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables.
### Changes:
- Modified `http.Transport` initialization across the codebase to use:
```go
Proxy: http.ProxyFromEnvironment
```
- Ensured TLS configurations remain intact by preserving `TLSClientConfig`.
### Why:
- Previously, HTTP requests bypassed proxy settings due to missing configuration in the transport layer.
- This fix enables compatibility with proxied environments, aligning with standard Go behavior.
### Impact:
- All HTTP and HTTPS traffic now adheres to proxy settings.
- Domains listed in `NO_PROXY` bypass the proxy as expected.
### Verification:
- Tested with proxy environment variables set (`HTTP_PROXY`, `HTTPS_PROXY`).
- Verified requests route through the proxy and `NO_PROXY` works as intended.
* reformat with fmt
---------
Co-authored-by: Cormac Doherty <cormac.doherty@ncsc.gov.ie>
* Change the go module path
from github.com/csaf-poc/csaf_distribution to github.com/gocsaf/csaf.
* Rename archive for release tarballs.
* Adjust testing scripts and documentation.
The error message had a trailing `:` which suggest that there are some details which were truncated. However the details are already printed before in the log.
* Convert a lot of variables to snake case
* Add snakecase for variables made out of two words that had it in no version yet (for consistency)
* Adjust example files too
---------
Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
* use full name for printing out the used logfile for the downloader.
* for debug or verbose, log the timeintervall that will be used
for downloader and aggregator. (The checker has this as part
of its output already.)
* Simplify forward method
* Add unit test for validation status
* Add unit test for stats logging in forwarder.
* Add unit test for http client creation.
* Add unit test for replaceExt
* Add unit test for buildRequest
* Add unit test for limitedString
* Add unit test for storeFailedAdvisory
* Add unit test for storeFailedAdvisory ... fixed
* Add unit test for storeFailed
* Add unit test for forward
* comment wording
* Remove verbose flag from downloader.
* Do structured http logging in forwarder, too.
* Use structured logging to separate http traffic of downloader from forwarder.
* add forwarding support in downloader
* Raise needed Go version to 1.21+ so slog can be used.
* Introduce validation mode flag (strict, unsafe)
* Add structured logging and place log into the download folder.
* Improve some code comment (bernhardreiter)
* Add counting stats to downloader.
* started with forwarding support in downloader
* Add missing files.
* Add missing files.
* Raise needed Go version
* More Go version bumping.
* Fix forwarding
* Go 1.21+ needed
* Make terminating forwarder more robust.
* Better var naming
* Remove dead code. Improve commentary.
* Prepare validation status adjustment.
* Move validations to functions to make them executable in a loop.
* Introduce validation mode flag (strict, unsafe)
* Label the option experimental and limited at all places.
* Point to the downloader documentation as single point to write more.
* Add more hints on how the old PEM block encryption is experimental
and why it often shall not be used.
---------
Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
