gocsaf

mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 18:15:42 +01:00

Author	SHA1	Message	Date
Sascha L. Teichmann	c15125a393	Fix copyright date	2023-01-19 16:45:26 +01:00
Sascha L. Teichmann	5b60e7d728	Add package comments to make revive happy.	2023-01-19 16:45:26 +01:00
Sascha L. Teichmann	c4b70d20cd	Demand Go 1.19 in go.mod. Replaced interface{} with any	2023-01-19 16:45:26 +01:00
tschmidtb51	6b9ecead89	refactor: remove temporary solution joinUrlPath and use joinPath from Go 1.19.1 net/url	2022-09-24 18:53:03 +02:00
Sascha L. Teichmann	70b4e18b58	Treat invalid PMDs as error and stop processing if needed * Improve how PMD validation result is used when searching for a valid PMD. We now stop if no PMD can be validated against the json schema.	2022-08-26 16:53:18 +02:00
JanHoefelmeyer	3bb8ea0019	Improve checker regarding PMD location problems * Change checking to test for Security, wellknown and DNS requirement at once and only throws error if all three fail. * Use security.txt parser from csaf/util to extract provider url. * Improve code comments and messages for the reports. Co-authored-by: Jan Höfelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de> Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de> Co-authored-by: Bernhard Reiter <bernhard@intevation.de>	2022-08-26 13:31:56 +02:00
Sascha L. Teichmann	37d8a8d6df	Conversion provider -> publisher is not worth the method.	2022-08-16 12:28:14 +02:00
Sascha L. Teichmann	8e0812c82f	add model for publishers in aggregator	2022-08-16 11:35:51 +02:00
Sascha L. Teichmann	050e225d07	Fix type assertions from directory_url expression result	2022-08-01 13:00:10 +02:00
Sascha L. Teichmann	dce3d1f4a7	load advisories via directory_urls	2022-08-01 06:46:05 +02:00
Sascha L. Teichmann	8af0aeea46	Write directory_urls in provider if write indices.	2022-07-30 12:20:21 +02:00
Bernhard E. Reiter	86fb441446	Change default port for secvisogram (#262 ) * Change default port for secvisogram * Following change from https://github.com/secvisogram/csaf-validator-service/pull/14 * Improve script for setting up validation service * Add a test to fail if we cannot connect. * Add copyright header.	2022-07-26 15:13:02 +02:00
Sascha L. Teichmann	bed44e5e87	Do not silence errors when fetching a pmd	2022-07-26 12:06:14 +02:00
Sascha L. Teichmann	772e6351b8	Improved default logging prefix.	2022-07-23 16:29:38 +02:00
Sascha L. Teichmann	58ec57e1cb	Avoid duplicate errors checking and logging when loading pmds.	2022-07-23 16:11:54 +02:00
Sascha L. Teichmann	d1855a9c30	Improve checks and messages for bad entries in files * Ignore bad URLs in index.txt, improve messages. resolve #158	2022-07-21 17:11:46 +02:00
Sascha L. Teichmann	4c1fdd2289	simplified loading of provider metadata in case of dns fallback. (#240 )	2022-07-19 16:14:56 +02:00
Sascha L. Teichmann	8b57851486	Moved direct loading of pmd from downloader to library. (#233 ) * Moved direct loading of pmd from downloader to library, so aggregator and checker gain the ability. * Disabled some checks if we were given a direct PMD URL.	2022-07-18 17:59:38 +02:00
Sascha L. Teichmann	198e5b8897	write dynamic categories into feed categories document.	2022-06-30 11:58:36 +02:00
Sascha L. Teichmann	72a7240fd0	write category documents in create.	2022-06-30 05:04:00 +02:00
Sascha L. Teichmann	da4dda9042	add models for ROLIE services	2022-06-29 16:00:56 +02:00
Sascha L. Teichmann	ed2df66ce6	Merge branch 'main' into rolie-categories	2022-06-29 14:38:49 +02:00
Sascha L. Teichmann	e25fe66ee8	Merge branch 'main' into rolie-categories	2022-06-24 11:07:05 +02:00
Sascha L. Teichmann	bace61e0b3	Add forgotten validation for metadata	2022-06-23 19:48:02 +02:00
Sascha L. Teichmann	b359fd0a62	Add CSAF downloader * Dense and refactor ROLIE code in aggregator a bit. * Move advisory file processor to csaf package. * Fix minor typo on main readme	2022-06-23 14:14:44 +02:00
Sascha L. Teichmann	78d8b89aca	Add support for remote validation services. (#185 ) * Simple tool to test the remote validation * Added remote validator support to provider. * Added remote validation to aggregator. * Calm golint * Removed csaf_remote_validator tool as it was only for dev. * Re-added csaf_remote_validator tool. Testing is not done. * Embed the document entirely * Include testing the remote validator in the Itests * Change permission of the script * Remove code for Itests * As these will be done in another branch Co-authored-by: Fadi Abbud <fadi.abbud@intevation.de>	2022-06-21 14:47:06 +02:00
Sascha L. Teichmann	caea539b45	Added model for rolie categories	2022-06-14 18:31:10 +02:00
Sascha L. Teichmann	fa434fa039	Improve checker regarding ROLIE feed advisory URLs, hashes and signatures * Add checking the ROLIE feed advisory URLs, hashes and signatures.	2022-06-14 13:41:51 +02:00
Sascha L. Teichmann	589547fa94	Improve writing ROLIE feed documents * Add signature and two time has as link rel attributes to each rolie entry for provider and aggregator. Thus following CSAF 2.0 csd02. resolve #74	2022-06-14 09:50:36 +02:00
Sascha L. Teichmann	922e468d99	Compare fingerprints case-insensitive	2022-06-09 16:30:20 +02:00
Sascha L. Teichmann	776a08578b	Provider: fix default metadata role defaults to trusted now. Solves #36 (issue) (#166 ) * Change provider's default metadata role to `csaf_trusted_provider`. solve #36	2022-06-09 12:57:22 +02:00
Bernhard E. Reiter	a849ac0d5f	Improve https get diagnostics, add verbose option * Implement a logging client and activate it using verbose parameter or option in checker and aggregator. Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>	2022-06-02 15:07:55 +02:00
Sascha L. Teichmann	527a6f6005	Implement better search for provider-metadata.json * Decouple loading of provider metadata from processor and moved in the base library. * Integrate new code into checker and aggregator * Adhere to csd02 revision of CSAF 2.0. resolve #60	2022-05-31 18:10:18 +02:00
Sascha L. Teichmann	a50ed4ab01	Write correct url prefix to provider-metadata.	2022-05-19 12:22:06 +02:00
Sascha L. Teichmann	a2d96872e1	Started to work on a prefixed pmd. WIP	2022-05-19 11:43:20 +02:00
Fadi Abbud	982aaee891	Add Comment	2022-05-16 11:27:09 +02:00
Fadi Abbud	726711c688	Implement validation for ROLIE json schema	2022-05-16 11:15:46 +02:00
Sascha L. Teichmann	8a1ebe0b7a	Add aggregator; improve itest workflow * Factor JSON evaluation and construction base URLs out of of checker. * Move json path matching to util. * Add csaf_aggregator (as additional command) * Improve itest workflow to checkout the branch where it is running on. resolve #105 resolve #72 Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Co-authored-by: Bernhard Reiter <bernhard@intevation.de> Co-authored-by: Fadi Abbud <fadi.abbud@intevation.de>	2022-05-10 18:12:38 +02:00
Sascha L. Teichmann	d6c0fa3518	Make extraction of fields optional	2022-05-10 16:38:34 +02:00
Sascha L. Teichmann	41e4029b0d	Impove Jsonpath matcher * Simplifed mass jsonpath extractions json document	2022-05-04 16:56:41 +02:00
Fadi Abbud	8bf48a2de2	Adjust provider for new CSAF CSD02 schema * Replace "pgp_keys" with "public_openpgp_key" in the provider-metadata.json. resolve #112	2022-04-28 20:46:37 +02:00
Sascha L. Teichmann	dad549c392	Move code from checker to library	2022-04-28 13:47:35 +02:00
tschmidtb51	11ed0e8f4d	CSD02 Schema update - resolves csaf-poc/csaf_distribution#97 - add strict schemas from OASIS repo	2022-04-08 18:23:14 +02:00
Bernhard Reiter	1f4f32435d	Fixing `CASF' typos * Bump copyright year 2021 -> 2022 on a few files.	2022-02-25 17:38:07 +01:00
Sascha L. Teichmann	b12ad718c5	Factor out summary extraction from advisories.	2022-02-24 12:22:10 +01:00
Fadi Abbud	670f4cbf60	Fix Typo	2022-02-24 09:06:16 +01:00
Sascha L. Teichmann	4fc6bc5509	Add another layer aound the ROLIE feed documents.	2022-02-23 21:10:19 +01:00
Sascha L. Teichmann	0760901d6e	Fixed issue #37	2022-01-31 14:17:35 +01:00
Sascha L. Teichmann	cd68a86a85	Fixed problems with ROLIE in provider metadata.	2021-12-13 02:08:32 +01:00
Sascha L. Teichmann	8c6cdadad3	Merge branch 'main' into csaf-checker	2021-12-10 10:42:37 +01:00

1 2

71 commits