SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 18:15:42 +01:00
Code Issues Releases Activity Actions
1101 commits 13 branches 34 tags 8.5 MiB
Commit graph

49 commits

Author SHA1 Message Date
Bernhard Reiter
e8706e5eb9 feat: perform go path repo move 
* Change the go module path
   from github.com/csaf-poc/csaf_distribution to github.com/gocsaf/csaf.
 * Rename archive for release tarballs.
 * Adjust testing scripts and documentation.
 2024-11-04 13:20:47 +01:00
JanHoefelmeyer
39a29e39f1 Change Licenses from MIT to Apache 2.0 2024-04-22 13:11:30 +02:00
Sascha L. Teichmann
7a8cdb6d19
Lift distribution from v2 to v3. (#467) 
* v2 -> v3

* Increase version within Makefile

---------

Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
 2023-09-27 15:46:57 +02:00
Sascha L. Teichmann
f2657bb51a
uploader: use the TOML config file infrastructure, too. (#439) 
* Make uploader use the TOML config file intrastructure, too.

* Improve method naming a bit.

* Improve method naming a bit.

* Add forgotten struct tags for TOML

* Add version to command line only parameters in uploader documentation

* Be explicit about supported options in config file.

* allow interactive flags in config file.

---------

Co-authored-by: JanHoefelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
 2023-08-22 17:17:06 +02:00
Sascha L. Teichmann
a153906d03
Document that client-passphrase option is experimental 
* Label the option experimental and limited at all places.
 * Point to the downloader documentation as single point to write more.
 * Add more hints on how the old PEM block encryption is experimental
   and why it often shall not be used.
---------

Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
 2023-08-18 11:24:39 +02:00
Sascha L. Teichmann
017a6b0a10 Move cert handling into library and add option passphrase. Adjust uploader and checker. 2023-08-02 21:02:58 +02:00
Bernhard E. Reiter
cf49c7e414
Fix go.mod and internal dependencies (#371) 
* Use a "/v2" in the module path to match the git version tag which
   lead with a 2. Change all mention of the module as dependency
   internally as well.
 2023-06-05 10:24:35 +02:00
Bernhard Herzog
821f018a98 Check that filename matches ID in csaf_uploader 2023-05-11 13:54:42 +02:00
Sascha L. Teichmann
ffb29f5ba4 Replace 'confirming filename' with 'conforming filename' 2023-02-03 16:21:15 +01:00
Sascha L. Teichmann
361656faf0 Fix typo and add a link to source. 2023-02-02 17:26:12 +01:00
Sascha L. Teichmann
7cc37bd9fc Enforce mime type 'application/json' when uploading advisories to the provider. 2023-02-02 17:26:12 +01:00
Sascha L. Teichmann
2f280c69ac In case of error, log filename, too. 2023-01-30 19:28:48 +01:00
Sascha L. Teichmann
c4b70d20cd Demand Go 1.19 in go.mod. Replaced interface{} with any 2023-01-19 16:45:26 +01:00
Sascha L. Teichmann
e5f584092c Unify loading of client certs in checker and uploader. 2022-07-27 01:28:37 +02:00
Jan Höfelmeyer
92f6bc5a31 fixes missing negation of condition and fixes error messages 2022-07-25 08:25:06 +02:00
Sascha L. Teichmann
7cb376dd0e Use content-type to tell unexpected errors from good ones apart. 2022-07-24 16:41:49 +02:00
Jan Höfelmeyer
82feb18eef Exchanged error message if Decoder fails to point towards server logs 2022-07-21 15:54:46 +02:00
Sascha L. Teichmann
b359fd0a62
Add CSAF downloader 
* Dense and refactor ROLIE code in aggregator a bit.
* Move  advisory file processor to csaf package.
* Fix minor typo on main readme
 2022-06-23 14:14:44 +02:00
Bernhard E. Reiter
2961a70bf2
Change OpenPGP signatures to be without headers (#183) 
* Change options when creating the armored version of the signature
   to leave out the optional headers, which would be `Version:`
   and `Comment:`, as it is considered uncommon for a while now to
   set these.
 2022-06-14 13:18:42 +02:00
Sascha L. Teichmann
c0aa7edc70
Improve code style 
* Remove unnecessary brackets in logical comparison.
 2022-06-01 09:15:31 +02:00
Sascha L. Teichmann
f823d71ec5
Replace deprecated terminal import 2022-05-31 16:18:28 +02:00
Sascha L. Teichmann
17f22855ee
Add filename conformity check 
* Add util function to check a filename for confirming to csaf-v2.0-csd02.
* Add code to reject bad filenames in provider, checker, aggregator and uploader.
 2022-05-20 18:57:27 +02:00
Bernhard Reiter
d5d48c7d2e
Fix typo in long option of uploader 2022-05-16 16:05:44 +02:00
Bernhard Reiter
9da0589236
Improve uploader exit code 
* Fix returning the error if https upload has failed.
 2022-05-10 17:58:39 +02:00
Sascha L. Teichmann
de872893f1 simplified code 2022-05-10 16:54:58 +02:00
Bernhard Reiter
046e96cfec
Improve exit code for failed upload 
* Add an exit code if an upload failed, but also print all the messages
   as before.
 2022-05-10 16:46:32 +02:00
Fadi Abbud
6fe6907c1d
Add --version option 
* Add flag to display the version for each binary. It is based on `git describe` but adds
  a number to the PATCH level if we are between annotated tags, so makes it semver.org
 compatible. Use the "-ldflags" method that also works with go 1.17.
* Use Makefile bash and sed magic to do PATCH level increase if needed.

Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
 2022-04-13 14:27:11 +02:00
Fadi Abbud
a91d36cc95
Add options to use TLS client certificate for authentication (Checker) 
* Add "client-cert" and "client-key" flag options to allow the checker to use TLS client certificate for authentication.
* Fix typo TSL -> TLS in docs.


Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
 2022-03-31 17:57:43 +02:00
Fadi Abbud
b9603b7742
Add options to use TLS client certificate for authentication (Uploader) 
* Add "client-cert" and "client-key" flag options to allow the uploader to use
TLS client certificate for authentication with the provider.

Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
 2022-03-31 15:57:00 +02:00
Bernhard Reiter
1f4f32435d
Fixing `CASF' typos 
* Bump copyright year 2021 -> 2022 on a few files.
 2022-02-25 17:38:07 +01:00
Sascha L. Teichmann
24710be9fe Improved wording of comments a bit. 2022-01-10 14:08:07 +01:00
Fadi Abbud
06d6d69755 Fix typo 2022-01-06 09:58:15 +01:00
Fadi Abbud
b32f2c6b03 Fix typo 2022-01-05 15:59:16 +01:00
Fadi Abbud
a1d2a445b7 Add some code documentation (csaf_uploader) 2022-01-05 12:29:35 +01:00
Sascha L. Teichmann
f37242b8a2 Fixed last commit. 2021-12-12 18:35:37 +01:00
Sascha L. Teichmann
fc033ad666 Added unsecure flag to csaf_uploader. 2021-12-12 18:17:46 +01:00
Sascha L. Teichmann
9d4ac9f595
Merge pull request #13 from csaf-poc/licensing 
Licensing
 2021-12-10 10:36:28 +01:00
Sascha L. Teichmann
aa01434164 Check against JSON schema locally before uploading. 2021-12-09 16:26:05 +01:00
Fadi Abbud
901e5bed74 Add License headers 2021-12-09 16:19:26 +01:00
Sascha L. Teichmann
8d846136fc Code simplification 2021-12-09 16:07:53 +01:00
Sascha L. Teichmann
b313354357 Added flag to uploader to support externally signed files. 2021-12-09 16:02:34 +01:00
Sascha L. Teichmann
e4ed65db89 Implemented create request. 2021-12-07 16:29:43 +01:00
Sascha L. Teichmann
c536f728ed Implemented CSAF upload. 2021-12-07 16:14:37 +01:00
Sascha L. Teichmann
662c729ba2 load crypto key and sign files 2021-12-07 14:01:44 +01:00
Sascha L. Teichmann
edaa6c3838 Moved action option to front. 2021-12-07 12:20:54 +01:00
Sascha L. Teichmann
9e52dfff80 Added no-ini to config option. 2021-12-07 12:18:18 +01:00
Sascha L. Teichmann
f069593f87 Started with upload processor. 2021-12-07 12:12:52 +01:00
Sascha L. Teichmann
19b4f1dfb2 Added support for entering passwords interactively. 2021-12-07 11:38:14 +01:00
Sascha L. Teichmann
9fb23892b6 Started with uploader. 2021-12-07 02:50:05 +01:00