* Feat: Compare dates in changes.csv to those within the files if existent
* Fix: remove debug output and fix typo
* Make map handling consistent
* Improve: refactor time extraction
* fix: some syntax fixes
* Small nits
* Fix: Check changes before stopping the scan of already tested advisories
* Revert "Fix: Check changes before stopping the scan of already tested advisories - bad way to solve the problem, can cause problems"
This reverts commit d38dc285cc.
* fix: delay checking of changes dates so it is not skipped most of the
time
* Fix time comparison
---------
Co-authored-by: koplas <pschwabauer@intevation.de>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
* fix: ensure HTTP requests use proxy env vars
Updated all instances of `http.Transport` to include the `Proxy` field set to `http.ProxyFromEnvironment`. This ensures that the application respects proxy configuration defined by the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables.
### Changes:
- Modified `http.Transport` initialization across the codebase to use:
```go
Proxy: http.ProxyFromEnvironment
```
- Ensured TLS configurations remain intact by preserving `TLSClientConfig`.
### Why:
- Previously, HTTP requests bypassed proxy settings due to missing configuration in the transport layer.
- This fix enables compatibility with proxied environments, aligning with standard Go behavior.
### Impact:
- All HTTP and HTTPS traffic now adheres to proxy settings.
- Domains listed in `NO_PROXY` bypass the proxy as expected.
### Verification:
- Tested with proxy environment variables set (`HTTP_PROXY`, `HTTPS_PROXY`).
- Verified requests route through the proxy and `NO_PROXY` works as intended.
* reformat with fmt
---------
Co-authored-by: Cormac Doherty <cormac.doherty@ncsc.gov.ie>
* Change the go module path
from github.com/csaf-poc/csaf_distribution to github.com/gocsaf/csaf.
* Rename archive for release tarballs.
* Adjust testing scripts and documentation.
* Changed infos to warnings and errors for Requirements 11-17 if said Requirements were not checked.
* Made a few more infos to warnings, slightly improved some messages in the reporters.
* Add explicite errors if badROLIEFeed and badFolders were not used.
---------
Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
* Create dummy structure to uniquely identify each advisory
* Remove dummy values, remove unused variable for now
* Formatting
* Add Evaluation of whether a white Advisory is access protected and add it to the respective slice, implement functionality
* Initialize p.whiteAdvisories before using it, stop sorting if no Client was used
* Ammend rules to include requirement 4, warning instead of error if white advisory is found protected, use badWhitePermissions.use()
* Formatting
* Fix typo: avaible -> available
* Improve check on whether building identifier failed
* Move extracting of tlp labels and related functions from processor to roliecheck
* Create Labelchecker and check access of white advisories regardless of whether ROLIE feeds exist. Only check Ranks if ROLIE feeds are used
* Formatting
* Do not use label checker as a pointer.
* Rename label checker
* Add XXX to questionable code.
* Simplify checking white advisories.
* Improve error message if no checks for accessibility of white advisories were done
* Extract TLP label directly without extractTLP function, consistent plural in error message
* Add comments and check type assertion in tlp label extraction.
* Move check for white advisories to label checker.
* Improve methods naming an comments.
* Address a few review questions.
* Move functionality of checkProtection fully into evaluateTLP
* Add comments and warn only if we are in a white feed or in a dirlisting.
---------
Co-authored-by: JanHoefelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
* Add info for Req 8-10 if direct url was given and as such no checks were performed.
* Update cmd/csaf_checker/processor.go
Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com>
* Break overly long lines
---------
Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com>
