* Add badROLIEfeed as Topic Message
* Use badROLIEfeed to guarantee existant TLP labels White, Green or unlabeled. (Test not implemented)
* syntax
* Formatting
* Add Tlp check, completion struct
* Add mismatch to completion, add function checkCompletion to fill mismatch and also give an error if invalid tlp levels have been used
* formatting
* Add function to remove incomplete csaf feeds from list of complete csaf feeds for a given tlp level
* Add checkSummary function that checks whether a given feed would qualify as summary feed between all currently checked feeds
* Add completed check of tlp levels
* Add checks for correct hashes and signatures in ROLIE feed
* formatting
* Add rolieFeedReporter functionality
* fix typo
* Add todo, add return values to functions
* Switch error, ... return value so error returns last
* Fix typo
* Remove hash/sig checks that don't work, improve ROLIE message
* Add handling for advisories without tlp level
* Formatting
* Clean up rolie checks.
* Started with simplifying rolie checking
* Every ROLIE with data should have a summary.
* Clean up ROLIE feed label checker.
* if no TLP level can be extracted, return Unlabeled, not WHITE
* Add handling of advisories whose tlp exists, but has no label
* Also check TLP Red for completeness
* Only remove advisory from remain when it has exactly the right tlp color.
* Fix import in new rolie feed checker.
* Update comment to reflect current functionality
* Accept advisory of lesser tlp color in feed as completing.
* Collect advisory labels from advisories.
* Clarify that if no summary feed was found, it may exist but be either not listed or not accessible.
* Do not clone advisory lookup before.
* Move rolie check code to respective file.
---------
Co-authored-by: JanHoefelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
* Rephrase csaf validation result
* Change Checker report depending on whether and how a remote validator was used.
* Formatting
* Improve code readability
---------
Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
* Change checking to test for Security, wellknown and DNS requirement at once and only throws error if all three fail.
* Use security.txt parser from csaf/util to extract provider url.
* Improve code comments and messages for the reports.
Co-authored-by: Jan Höfelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
* Changes phrasing of redirects to be clearer. Now omits redirects if they are already listed as part of a larger redirect chain
* Rebuilt how the redirection string is built. Now checks for duplicate redirections after all redirections have been read
* Fixes intendation error
* Fixed redirect output.
* Fixed recording redirects.
Co-authored-by: Jan Höfelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
* updates phrasing of error message if processor does not check security.txt due to an earlier error
* Fixes typo in error message
Co-authored-by: Jan Höfelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
* Make it dynamic by the domain given for the check.
* Change reporting text to be more clear about which is the dynamic
part (in lack of direct access to the path which was checked.)
* Implement testing if the provider-metadata.json is under
/.well-known/csaf/ available.
* Implement testing if the DNS is available and serves the
provider-metadata.json
* Remove minor typos.
* Go upper case for HTTPS as this is more common.
* Make texts indicating a good result start with somethink else
than "No", this removes an indirection in thinking and also offers
a visible difference.
* Bump copyright year to 2022.
* Do PGP to "public OpenPGP keys" while at the reporters.go file
while at it (to make merging easier).
* Use an explicit message to indicate that a check is not done because
of a missing implementation.
