SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions
1028 commits 13 branches 34 tags 8.5 MiB
Commit graph

265 commits

Author SHA1 Message Date
Sascha L. Teichmann
1dab0cc9ff Move code to more suited place. 2023-05-15 14:29:47 +02:00
Sascha L. Teichmann
a0b272a60d Deactivate TLP reporters 2023-05-15 14:15:20 +02:00
JanHoefelmeyer
150db4d31b Add new reporters to list of reporters in csaf_checker/main.go 2023-05-15 14:12:16 +02:00
Sascha L. Teichmann
068a94235c Add PMD loading errors to bad provider metadata report. 2023-05-15 14:01:27 +02:00
Sascha L. Teichmann
9ac902347c Fix revive 2023-05-15 13:54:21 +02:00
JanHoefelmeyer
aeff511895 Add reporters for missing requirements and their respective report functions 2023-05-15 13:49:27 +02:00
Sascha L. Teichmann
bd7831d7c3 Build reporters from role 2023-05-15 12:12:42 +02:00
Sascha L. Teichmann
2e968b197d Removed old pmd loader. 2023-05-15 08:47:18 +02:00
Sascha L. Teichmann
c4e9637f2b Re-use eval of processor. 2023-05-11 15:25:31 +02:00
Sascha L. Teichmann
c263391821
Be more verbose in case of signature check failures (#361) 
* Simplify handling of signature keys. Be more verbose in case of signature check failures.

* Fixed check for having no OpenPGP loaded
 2023-05-05 15:02:53 +02:00
Bernhard E. Reiter
8ad805e1e5
doc: improve rate default documentation (#364) 
* doc: improve rate default documentation

solve #359

* Adjust downloader doc, too.

* doc(csaf_checker): Add missing phrase, correct spelling

* docs(csaf_checker): correct format mistake

---------

Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com>
 2023-05-01 20:38:19 +02:00
Bernhard Herzog
c37b127d82 Check that filename matches ID in csaf_checker 2023-04-25 19:24:59 +02:00
JanHoefelmeyer
3590cf1ef2
Rephrase csaf validation result (#356) 
* Rephrase csaf validation result

* Change Checker report depending on whether and how a remote validator was used.

* Formatting

* Improve code readability

---------

Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
 2023-03-30 19:09:51 +02:00
Sascha L. Teichmann
0c2768b711 Fix header client. Simplify code. 2023-03-24 13:40:31 +01:00
JanHoefelmeyer
8f87273837
Remote validator output (#347) 
* The validator is now able to print the details of the remote validations.
---------

Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
Co-authored-by: JanHoefelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
 2023-03-15 11:02:06 +01:00
JanHoefelmeyer
39b48e083c
Improve docs for checker and downloader 
* make it more clear that a domain can also be interpreted as a direct URL.

resolve #316 
---------

Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
 2023-02-28 14:11:15 +01:00
JanHoefelmeyer
80195a24c3 improve phrasing in checker 'has not a' 2023-02-03 16:21:15 +01:00
Sascha L. Teichmann
ffb29f5ba4 Replace 'confirming filename' with 'conforming filename' 2023-02-03 16:21:15 +01:00
Sascha L. Teichmann
e998133429 Update cmd/csaf_checker/reporters.go 
Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com>
 2023-02-02 17:17:50 +01:00
Sascha L. Teichmann
7a5f8701bd Improve reported text a bit. 2023-02-02 17:17:50 +01:00
Sascha L. Teichmann
8425644886 Add new requirement sections 1 and 2 to report 2023-02-02 17:17:50 +01:00
Sascha L. Teichmann
cbd9dead37 Fix small typo in reporting wromg content type 2023-02-02 00:54:39 +01:00
Sascha L. Teichmann
6430712dad Warn in checker and downloader if advisories are delivered as none 'application/json' 2023-02-02 00:54:39 +01:00
tschmidtb51
0383e951a8
Merge branch 'main' into checker-validator 2023-01-27 17:58:37 +01:00
Sascha L. Teichmann
2a40ab6393 Set the default of 'validatorpresets' to 'mandatory'. 2023-01-27 17:16:45 +01:00
Sascha L. Teichmann
51fba46893 Add extra http header support to downloader and checker. 2023-01-26 22:09:38 +01:00
Sascha L. Teichmann
e004939abf Implement remote validation in checker. 2023-01-25 10:27:44 +01:00
Sascha L. Teichmann
5b60e7d728 Add package comments to make revive happy. 2023-01-19 16:45:26 +01:00
Sascha L. Teichmann
c4b70d20cd Demand Go 1.19 in go.mod. Replaced interface{} with any 2023-01-19 16:45:26 +01:00
tschmidtb51
6b9ecead89 refactor: remove temporary solution joinUrlPath and use joinPath from Go 1.19.1 net/url 2022-09-24 18:53:03 +02:00
Sascha L. Teichmann
70b4e18b58
Treat invalid PMDs as error and stop processing if needed 
*  Improve how PMD validation result is used when searching for a valid PMD.
   We now stop if no PMD can be validated against the json schema.
 2022-08-26 16:53:18 +02:00
JanHoefelmeyer
3bb8ea0019
Improve checker regarding PMD location problems 
* Change checking to test for Security, wellknown and DNS requirement at once and only throws error if all three fail.
* Use security.txt parser from csaf/util to extract provider url.
* Improve code comments and messages for the reports.

Co-authored-by: Jan Höfelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
 2022-08-26 13:31:56 +02:00
Sascha L. Teichmann
29d7dd1223 Make URLs absolute in integrity check 2022-08-01 14:46:57 +02:00
Sascha L. Teichmann
fad70b4dd5 Merge branch 'main' into directory-url 2022-08-01 13:20:04 +02:00
JanHoefelmeyer
9890a417b4
Merge pull request #268 from csaf-poc/no-rolie-index-changes-listings 
There are no index.txt, changes.csv in ROLIE dists.
 2022-08-01 13:18:36 +02:00
JanHoefelmeyer
141fbe21ca
Find missing (#269) 
Solves #160 

* Implements check on whether index.txt/changes.csv and directory listings exist. Also fixes minor grammatical mistakes

* Adds missing else to prevent defaulting to missing-error handling even if another error was found

* Removes comment

* test whether changes.csv or index.txt is empty

* Fixed type mismatching, undeclared variable

* Fixes typo in variable

* Fixes another typo in variable

* Fixes formatting error

* Removed reminder comments

* Fixes formatting errors

* Added check for missing directories

* Moved empty dirlistcheck to the right position

* fixes typo

* fixes typo

* Add info if files are found

* Cleans up code

* simplified check for empty changes.csv and index.txt

Co-authored-by: Jan Höfelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
 2022-08-01 13:17:35 +02:00
Sascha L. Teichmann
050e225d07 Fix type assertions from directory_url expression result 2022-08-01 13:00:10 +02:00
Sascha L. Teichmann
ada8070c63 There are no index.txt, changes.csv in ROLIE dists. 2022-08-01 07:20:52 +02:00
Sascha L. Teichmann
dce3d1f4a7 load advisories via directory_urls 2022-08-01 06:46:05 +02:00
Fadi Abbud
fcafcbf13f Remove code duplication 
* The availability check of both the cert and key file is done in the
"prepare" function.
 2022-07-27 09:40:10 +02:00
Sascha L. Teichmann
e5f584092c Unify loading of client certs in checker and uploader. 2022-07-27 01:28:37 +02:00
Sascha L. Teichmann
1241429d19
Load client certs early to detect misconfiguration 
* Move loading of client certificate into the TLS handling code
   to an earlier position.
 2022-07-26 18:00:07 +02:00
Sascha L. Teichmann
d1855a9c30
Improve checks and messages for bad entries in files 
* Ignore bad URLs in index.txt, improve messages.

resolve #158
 2022-07-21 17:11:46 +02:00
JanHoefelmeyer
a84afa35cd
improve error message for requirement 9 (#243) 
* Improve phrasing to be more clear about that the test
  was not performed if we had found not provider-metadata.json.
 2022-07-21 12:48:48 +02:00
Sascha L. Teichmann
3a43ca5630 Merge branch 'main' into publisher-in-report 2022-07-20 11:35:17 +02:00
Sascha L. Teichmann
6bf7b52890 Add fieldset araound publsher in html report 2022-07-20 11:35:04 +02:00
Fadi Abbud
6a87157184
Merge pull request #235 from csaf-poc/bad-dirs-only-once 
Only report bad directories in listing check only once.
 2022-07-19 12:51:29 +02:00
Sascha L. Teichmann
649b5c904b Added publisher and role to domain report. 2022-07-18 22:44:34 +02:00
Sascha L. Teichmann
efa233f2ce Merge branch 'main' into quick-ckeck 2022-07-18 20:08:02 +02:00
Sascha L. Teichmann
86a015d6bf
Correct field order in changes.csv (#228) 2022-07-18 18:37:55 +02:00