SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 18:15:42 +01:00
Code Issues Releases Activity Actions
558 commits 13 branches 34 tags 8.5 MiB
Commit graph

558 commits

This branch
This branch
All branches
Author SHA1 Message Date
bernhardreiter bernhardreiter@users.noreply.github.com
25cb3b2c10 Apply automatic changes 2022-06-09 08:43:33 +00:00
Sascha L. Teichmann
69f0f3499a
Change openpgp key providing code to use local directory 
* Adjust provider and aggregator to copy the used openpgp pubkey into a locally
  provided directory `openpgp` beside the `prodiver-metadata.json`.
  This more robust and self-reliant than using a public pubkey server,
  which is the reason why the CSAF 2.0 csd02 mentions it as example in
  "7.1.20 Requirement 20: Public OpenPGP Key".
 * Improve aggregator by removing a typo `aggreator` from one written paths.
   (Done with this change as it also affects the openpgp/ paths writing.)

solve #85
 2022-06-09 10:42:44 +02:00
Bernhard E. Reiter
a849ac0d5f
Improve https get diagnostics, add verbose option 
* Implement a logging client and activate it using verbose parameter or option
   in checker and aggregator.

Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
 2022-06-02 15:07:55 +02:00
Bernhard Reiter
e4011ea4cc
Merge branch 'main' of github.com:csaf-poc/csaf_distribution into main 2022-06-01 16:20:29 +02:00
Bernhard Reiter
89edf94cee
Improve Makefile to better set version number 
* Add --always to git describe to also return if we are run
   on a shallow clone in a git hub action with action/checkout.
 2022-06-01 09:56:37 +02:00
Sascha L. Teichmann
c0aa7edc70
Improve code style 
* Remove unnecessary brackets in logical comparison.
 2022-06-01 09:15:31 +02:00
Sascha L. Teichmann
527a6f6005
Implement better search for provider-metadata.json 
* Decouple loading of provider metadata from processor and moved in the base library.
* Integrate new code into checker and aggregator
* Adhere to csd02 revision of CSAF 2.0.

resolve #60
 2022-05-31 18:10:18 +02:00
Bernhard Reiter
dca6f2c5c4
Improve version number in checker html result 2022-05-31 17:25:20 +02:00
Bernhard Reiter
b3759b8f9e
Improve version info in checker html result 2022-05-31 17:22:39 +02:00
Sascha L. Teichmann
f823d71ec5
Replace deprecated terminal import 2022-05-31 16:18:28 +02:00
s-l-teichmann s-l-teichmann@users.noreply.github.com
36785ac697 Apply automatic changes 2022-05-31 14:14:39 +00:00
Sascha L. Teichmann
da9fd3a9fd
Merge pull request #156 from csaf-poc/dev-docs3 
Improve setup documentation regarding securitry
 2022-05-31 16:13:57 +02:00
Bernhard Reiter
873fa9ccb4
Improve docs 
* Correct language in a few points.
 * Move upload example to use TLS client certificates as recommended.
 2022-05-31 15:58:46 +02:00
Bernhard Reiter
773047a91d
Fix script at one mkdir for existing directory 2022-05-31 15:32:41 +02:00
Bernhard Reiter
2b3a71bca0
Improve setup documentation 
* Add general hints that this example only shows how the components
   work together and that a GNU/Linux admin should be consulted for
   a secure setup.
 * Adjust the scripts that setup a testing instance to use better
   permissions as good example.
 * Add a section about security considerations.
 2022-05-31 15:24:26 +02:00
Sascha L. Teichmann
562538122a
Merge pull request #153 from csaf-poc/checker-throttling 
Checker throttling
 2022-05-31 10:37:21 +02:00
Fadi Abbud
406366e0bd Add short form of flag and description 2022-05-31 08:56:07 +02:00
Sascha L. Teichmann
bc90389090 Use factored out rate throttling client in checker. 2022-05-30 23:25:21 +02:00
Sascha L. Teichmann
07ab770a35 Factored throttling client out of aggregator. 2022-05-30 23:12:08 +02:00
Fadi Abbud
a1036c3847 Add 'Rate' config option for download throttling (Checker) 2022-05-30 13:38:29 +02:00
Fadi Abbud
3a2c4f8b22
Merge pull request #151 from csaf-poc/rolie-category 
Add missing category list in ROLIE feeds. Resolves issue #41
 2022-05-25 14:51:24 +02:00
Sascha L. Teichmann
86070629e2 Forget to add indices in aggregator. 2022-05-25 14:41:30 +02:00
Sascha L. Teichmann
a63911be41 Fix wrong content of ROLIE link 2022-05-25 12:30:33 +02:00
Sascha L. Teichmann
de595f5da9 Add missing category list in ROLIE feeds. Resolves issue #41 2022-05-25 10:17:17 +02:00
Fadi Abbud
13423c3d4d
Add datetime and version info to report of checker 
Resolve #142 

Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
 2022-05-24 16:59:27 +02:00
Sascha L. Teichmann
17f22855ee
Add filename conformity check 
* Add util function to check a filename for confirming to csaf-v2.0-csd02.
* Add code to reject bad filenames in provider, checker, aggregator and uploader.
 2022-05-20 18:57:27 +02:00
Fadi Abbud
f6fa366ee5
Merge pull request #145 from csaf-poc/rolie-feed-in-label-folder 
Move ROLIE feed to respective folder. For Issue #143, #144
 2022-05-19 14:17:24 +02:00
Sascha L. Teichmann
a50ed4ab01 Write correct url prefix to provider-metadata. 2022-05-19 12:22:06 +02:00
Sascha L. Teichmann
a2d96872e1 Started to work on a prefixed pmd. WIP 2022-05-19 11:43:20 +02:00
Sascha L. Teichmann
6295466ef5 Partially role back last commit. WIP 2022-05-19 11:33:11 +02:00
Sascha L. Teichmann
c69709c1ec Move ROLIE feed to respective folder. For Issue #143, #144 2022-05-19 10:20:20 +02:00
Bernhard Reiter
bdc161504d
Fix test DNS setup 2022-05-17 20:44:08 +02:00
Bernhard Reiter
95911d193a
Adjust ready for beta status 2022-05-17 20:36:41 +02:00
Sascha L. Teichmann
d779a3fd7e
Merge pull request #135 from csaf-poc/link-checker 
Link checker
 2022-05-17 17:26:35 +02:00
Sascha L. Teichmann
16556cd8bb check each advisory is listable 2022-05-17 17:20:43 +02:00
Sascha L. Teichmann
e12a47f2f1
Merge pull request #138 from csaf-poc/dev-dns-detection 
Improve metadata detection for checker
 2022-05-17 16:21:11 +02:00
Bernhard Reiter
9eca8a924f
Improved searching for provider-metadata.json 
* Changes order to try the DNS path after security.txt.
* Add diagnostic output which URL is looked for.
 2022-05-17 16:08:38 +02:00
Sascha L. Teichmann
131a7155fa If there are year folders in directory listings, fetch files from the extra level. 2022-05-17 15:58:34 +02:00
Bernhard Reiter
2cfb4b8e49
Fix DNS path check 
* Make it dynamic by the domain given for the check.
 * Change reporting text to be more clear about which is the dynamic
   part (in lack of direct access to the path which was checked.)
 2022-05-17 15:34:39 +02:00
Bernhard Reiter
29f26e0299
Merge branch 'main' into link-checker 2022-05-17 14:45:01 +02:00
Bernhard Reiter
498aa925a8
Fix typo in html template for checker 2022-05-17 14:41:58 +02:00
Sascha L. Teichmann
e4c2c00879
Merge pull request #137 from csaf-poc/fix-locating-providermetadata 
Fix path for locating provider-metadata.json
 2022-05-17 12:56:56 +02:00
Fadi Abbud
f5b7f81aa4 Fix path for locating provider-metadata.json 2022-05-17 12:54:14 +02:00
Sascha L. Teichmann
eaa2620eba Harvest only JSON files. 2022-05-17 11:51:29 +02:00
Sascha L. Teichmann
3fc7411d45
Merge pull request #132 from csaf-poc/dev-rolie-validation 
Validation against ROLIE json schema
 2022-05-17 10:45:45 +02:00
Bernhard E. Reiter
3e79671bb5
Add checker results as GH artifact for integration test 
* Rename and upload checker-result.html to GH.
 2022-05-17 10:18:50 +02:00
Bernhard Reiter
292e6ce611
Merge branch 'main' into dev-rolie-validation 2022-05-17 09:19:51 +02:00
Bernhard Reiter
4428679822
Merge branch 'main' into link-checker 2022-05-17 09:18:20 +02:00
Fadi Abbud
b8a6c1914a
Add checker run to integration test scripts 2022-05-17 09:12:20 +02:00
Sascha L. Teichmann
3bbd37c441 Implemented links on directory listings checking 2022-05-17 01:22:30 +02:00