186 commits

Author	SHA1	Message	Date
Marius Goetze	d1f33ab27d	fix incorrect usage of formatted string ... output probably unchanged, but now `go vet` is happy that formatted strings are not misused	2025-09-08 13:19:15 +02:00
Paul Schwabauer	187d114631	Remove unnecessary URL joins (#676) ... This should avoid bugs for more complex scenarios.	2025-09-01 16:13:57 +02:00
JanHoefelmeyer	ae184eb189	Merge pull request #655 from gocsaf/json-eof ... Make json parsing more strict	2025-07-08 07:46:07 +02:00
koplas	fc3837d655	Make json parsing more strict	2025-07-02 17:06:25 +02:00
koplas	01c43d96ce	Fix checker url base handling	2025-07-02 16:27:58 +02:00
Christoph Klassen	c833c00f84	Merge pull request #649 from gocsaf/url-join ... Use JoinPath	2025-06-26 08:18:39 +02:00
JanHoefelmeyer	5d37dd1339	Move PMD error from logs to report.	2025-06-25 09:31:50 +02:00
JanHoefelmeyer	d09db6635d	Fix: Assume most restrictive role to prevent false-positives	2025-06-24 17:24:08 +02:00
koplas	3f4fe5cf18	Also generate report when role is not available	2025-06-24 17:18:42 +02:00
JanHoefelmeyer	02d4931152	Fix: Return properly early	2025-06-24 17:06:55 +02:00
koplas	1098c6add0	Use correct base URL	2025-06-20 16:37:37 +02:00
koplas	091854a248	Always generate report ... Closes #385	2025-06-20 14:24:05 +02:00
koplas	6ac97810d0	Use JoinPath ... This avoids issues where parts of the URL are discarded.	2025-06-19 15:11:45 +02:00
JanHoefelmeyer	8163f57851	Compare changes dates (#609) ... * Feat: Compare dates in changes.csv to those within the files if existent * Fix: remove debug output and fix typo * Make map handling consistent * Improve: refactor time extraction * fix: some syntax fixes * Small nits * Fix: Check changes before stopping the scan of already tested advisories * Revert "Fix: Check changes before stopping the scan of already tested advisories - bad way to solve the problem, can cause problems" This reverts commit d38dc285cc. * fix: delay checking of changes dates so it is not skipped most of the time * Fix time comparison --------- Co-authored-by: koplas <pschwabauer@intevation.de> Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>	2025-03-14 10:05:56 +01:00
koplas	3cfafa8263	Report error in checker if content type is not correct ... Related: #606	2025-03-10 11:11:34 +01:00
koplas	1d1c5698da	Merge branch 'main' into sha-handling	2025-03-05 09:41:29 +01:00
JanHoefelmeyer	82a6929e4d	Fix: Poor phrasing corrected	2025-01-29 09:41:16 +01:00
JanHoefelmeyer	02787b24b7	Update comments, clean up security check	2025-01-29 09:26:59 +01:00
JanHoefelmeyer	7d74543bbb	Fix: Now give errors if lookup methods fail, refactor accordingly	2025-01-29 09:02:18 +01:00
JanHoefelmeyer	b6721e1d5a	Add check for missing either sha256 or sha512 hashes only	2025-01-10 11:42:54 +01:00
koplas	d8e903587a	Warn only if the other hash could be fetched	2024-12-18 15:37:58 +01:00
koplas	9dd4b7fc8d	Add tests for no hash given or available	2024-12-13 15:54:39 +01:00
koplas	a3d6d6acfb	Downgrade error to info in directory hash fetching	2024-12-13 14:26:00 +01:00
ncsc-ie-devs	1daaed2c51	ensure HTTP requests use proxy env vars (#597) ... * fix: ensure HTTP requests use proxy env vars Updated all instances of `http.Transport` to include the `Proxy` field set to `http.ProxyFromEnvironment`. This ensures that the application respects proxy configuration defined by the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables. ### Changes: - Modified `http.Transport` initialization across the codebase to use: ```go Proxy: http.ProxyFromEnvironment ``` - Ensured TLS configurations remain intact by preserving `TLSClientConfig`. ### Why: - Previously, HTTP requests bypassed proxy settings due to missing configuration in the transport layer. - This fix enables compatibility with proxied environments, aligning with standard Go behavior. ### Impact: - All HTTP and HTTPS traffic now adheres to proxy settings. - Domains listed in `NO_PROXY` bypass the proxy as expected. ### Verification: - Tested with proxy environment variables set (`HTTP_PROXY`, `HTTPS_PROXY`). - Verified requests route through the proxy and `NO_PROXY` works as intended. * reformat with fmt --------- Co-authored-by: Cormac Doherty <cormac.doherty@ncsc.gov.ie>	2024-12-02 11:42:54 +01:00
koplas	a5f4b10c4e	Merge branch 'main' into sha-handling	2024-11-27 12:39:14 +01:00
Bernhard Reiter	e8706e5eb9	feat: perform go path repo move ... * Change the go module path from github.com/csaf-poc/csaf_distribution to github.com/gocsaf/csaf. * Rename archive for release tarballs. * Adjust testing scripts and documentation.	2024-11-04 13:20:47 +01:00
koplas	c0de0c2b6d	Check if hash present, before sending a request	2024-09-27 15:20:36 +02:00
JanHoefelmeyer	464e88b530	Merge pull request #571 from csaf-poc/fingerprint-no-breaking ... Improve PGP fingerprint handling	2024-09-09 11:51:09 +02:00
Bernhard Reiter	5231b3386b	docs: improve code comment (minor)	2024-09-07 09:58:14 +02:00
koplas	c2e24f7bbb	Remove check for empty fingerprint ... The schema validation already catches this error and this check will never run.	2024-09-06 18:21:25 +02:00
koplas	9037574d96	Improve PGP fingerprint handling ... Warn if no fingerprint is specified and give more details, if fingerprint comparison fails. Closes #555	2024-08-08 12:42:19 +02:00
koplas	be2e4e7424	Improve hash path handling of directory feeds	2024-07-31 11:42:45 +02:00
koplas	0ab851a874	Use a default user agent	2024-07-31 10:16:08 +02:00
koplas	a131b0fb4b	Improve SHA* marking	2024-07-25 15:39:40 +02:00
JanHoefelmeyer	39a29e39f1	Change Licenses from MIT to Apache 2.0	2024-04-22 13:11:30 +02:00
Sascha L. Teichmann	9a1c66eb8e	checker: Ensure that the processor is reset before checking each domain. (#523)	2024-01-15 08:59:58 +01:00
Sascha L. Teichmann	03e418182d	Advisories: Time filter download by 'updated' field in ROLIE entries. (#519) ... * Use 'updated' field of ROLIE field entries to time filter downloads. * More suited variable naming	2023-12-04 11:31:14 +01:00
JanHoefelmeyer	fb7c77b419	Remove unnecessary else block	2023-11-21 13:45:46 +01:00
JanHoefelmeyer	4a9f8a6f03	Change: cmd/csaf_checker/processor.go: Improve comment	2023-11-21 12:14:45 +01:00
JanHoefelmeyer	318c898a83	Change: cmd/csaf_checker/processor.go: Seperate check of security.txt under .well-known and legacy location into different messages to improve readability	2023-11-21 12:09:37 +01:00
Sascha L. Teichmann	3935d9aa7a	Update cmd/csaf_checker/processor.go ... Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com>	2023-11-20 21:53:51 +01:00
JanHoefelmeyer	e27d64e42c	Add path of offending security.txt to error message since now multiple paths are checked	2023-11-14 07:55:53 +01:00
Sascha L. Teichmann	0a2b69bd55	Adjust checker, too.	2023-11-13 09:59:12 +01:00
Sascha L. Teichmann	716f128754	Fix year folder check (#472)	2023-09-29 09:47:11 +02:00
Sascha L. Teichmann	7a8cdb6d19	Lift distribution from v2 to v3. (#467) ... * v2 -> v3 * Increase version within Makefile --------- Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>	2023-09-27 15:46:57 +02:00
Sascha L. Teichmann	4dfa2dd552	Dedup code a bit	2023-08-23 17:14:49 +02:00
JanHoefelmeyer	12815430ec	Remove superflous reset of temporary variable	2023-08-23 13:22:28 +02:00
JanHoefelmeyer	8d51577e49	Use whereType for mistake	2023-08-23 12:58:40 +02:00
JanHoefelmeyer	4b56f3e837	Exchange slice with util.set for mistakes in checkMissing	2023-08-23 12:29:05 +02:00
JanHoefelmeyer	7651dc2a05	Sort missing files into errors	2023-08-23 11:40:37 +02:00