SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions
287 commits 13 branches 34 tags 8.5 MiB
Commit graph

73 commits

Author SHA1 Message Date
Sascha L. Teichmann
8a1ebe0b7a
Add aggregator; improve itest workflow 
* Factor JSON evaluation and  construction base URLs out of of checker.
* Move json path matching to util.
* Add csaf_aggregator (as additional command)
* Improve itest workflow to checkout the branch where it is running on.

resolve #105
resolve  #72

Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com>
Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
Co-authored-by: Fadi Abbud <fadi.abbud@intevation.de>
 2022-05-10 18:12:38 +02:00
Fadi Abbud
72e6df2987 Rename some variables 2022-05-04 15:39:22 +02:00
Fadi Abbud
a69d35ab3c Add code documentation 2022-05-04 15:31:26 +02:00
Fadi Abbud
ea9c6b4502 Implement more tests for checker 
* Implement testing if the provider-metadata.json is under
/.well-known/csaf/ available.
* Implement testing if the DNS is available and serves the
provider-metadata.json
 2022-05-04 15:23:03 +02:00
Fadi Abbud
8bf48a2de2
Adjust provider for new CSAF CSD02 schema 
* Replace "pgp_keys" with "public_openpgp_key" in the provider-metadata.json.

resolve #112
 2022-04-28 20:46:37 +02:00
Sascha L. Teichmann
dad549c392
Move code from checker to library 2022-04-28 13:47:35 +02:00
Sascha L. Teichmann
3df91fa051
Type messages of a checker topic to avoid code duplication 2022-04-22 12:02:21 +02:00
Bernhard Reiter
880122315d
Correct minor typo in check output message 2022-04-21 17:16:18 +02:00
Bernhard Reiter
de738d2c56
Add message to explain a stopped check 
* In case of errStop, add a message to show which check aborted the
   others.
 2022-04-21 16:26:11 +02:00
Bernhard Reiter
dd48fc8b6c
Fix minor typo in code comment 2022-04-21 16:16:01 +02:00
Bernhard Reiter
cbb41588ea
Fix minor typos in code comments 2022-04-21 15:40:56 +02:00
Fadi Abbud
6fe6907c1d
Add --version option 
* Add flag to display the version for each binary. It is based on `git describe` but adds
  a number to the PATCH level if we are between annotated tags, so makes it semver.org
 compatible. Use the "-ldflags" method that also works with go 1.17.
* Use Makefile bash and sed magic to do PATCH level increase if needed.

Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
 2022-04-13 14:27:11 +02:00
Fadi Abbud
a91d36cc95
Add options to use TLS client certificate for authentication (Checker) 
* Add "client-cert" and "client-key" flag options to allow the checker to use TLS client certificate for authentication.
* Fix typo TSL -> TLS in docs.


Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
 2022-03-31 17:57:43 +02:00
Fadi Abbud
4fae2ec627 Fix typo 2022-03-22 08:39:13 +01:00
Sascha L. Teichmann
45ac434871
Merge pull request #80 from csaf-poc/checker-documentation 
Checker documentation
 2022-03-21 22:20:00 +01:00
Sascha L. Teichmann
f2f4b9081f
Merge pull request #79 from csaf-poc/dev-pgp-to-pubkeysopenpgp 
Improve Texts "PGP key" -> "public OpenPGP key"
 2022-03-21 22:17:41 +01:00
Fadi Abbud
9e2a9d7fad Code documentation and fix typo 2022-03-08 17:31:13 +01:00
Fadi Abbud
056f0fc6d6 Typo 2022-03-08 11:28:55 +01:00
Fadi Abbud
41a2d50773 Code documentation 2022-03-07 14:39:29 +01:00
Fadi Abbud
aa60e8f245 Add some code documentation 2022-03-04 16:04:21 +01:00
Bernhard Reiter
1c5664d8cb
Improve Texts "PGP key" -> "public OpenPGP key" 2022-03-03 14:46:07 +01:00
Sascha L. Teichmann
7841d78bb8 removed unnecessary assignments. 2022-03-03 12:21:16 +01:00
Bernhard Reiter
bfa5e787a2
Improve checker's reporting texts 
* Remove minor typos.
 * Go upper case for HTTPS as this is more common.
 * Make texts indicating a good result start with somethink else
   than "No", this removes an indirection in thinking and also offers
   a visible difference.
 * Bump copyright year to 2022.
 * Do PGP to "public OpenPGP keys" while at the reporters.go file
   while at it (to make merging easier).
 * Use an explicit message to indicate that a check is not done because
   of a missing implementation.
 2022-03-03 11:55:03 +01:00
Bernhard Reiter
1f4f32435d
Fixing `CASF' typos 
* Bump copyright year 2021 -> 2022 on a few files.
 2022-02-25 17:38:07 +01:00
Sascha L. Teichmann
b12ad718c5 Factor out summary extraction from advisories. 2022-02-24 12:22:10 +01:00
Sascha L. Teichmann
4fc6bc5509 Add another layer aound the ROLIE feed documents. 2022-02-23 21:10:19 +01:00
Sascha L. Teichmann
b894950b63 Load location of provider-metadata.json from security.txt 2022-02-07 20:12:32 +01:00
Sascha L. Teichmann
27f1aa5461 Started with loading provider-metadata.json from a list of possible locations. 2022-02-07 17:37:01 +01:00
Sascha L. Teichmann
9adab13948 Do not report success on checks which were not performed. 
Second part of the Fix of issue #24.
 2022-01-12 19:48:33 +01:00
Sascha L. Teichmann
09de416a4a Stop checker run of a domain after an error occurrs making a continuation pointless. 
Fixes issue #24.

TODO: Improve handling of checks that are not run due to the stop.
They currently report success which is not correct.
 2022-01-12 12:32:07 +01:00
Sascha L. Teichmann
da9bee4ff5 Implemented one folder per year requirement. 2021-12-16 15:17:38 +01:00
Sascha L. Teichmann
c334c0aa76 Fixed typo in spelling changes.csv. 2021-12-16 14:22:57 +01:00
Sascha L. Teichmann
0d7ca0db53 Renamed processing of ROLIE feeds more fittingly. 2021-12-16 11:29:18 +01:00
Sascha L. Teichmann
287a393b6c Fixed passing to less arguments to fmt. 2021-12-16 03:26:25 +01:00
Sascha L. Teichmann
68cab9ec58 Search for index.txt and changes.csv in csaf folder, too. 2021-12-16 03:17:37 +01:00
Sascha L. Teichmann
deaf8a5722 Cross validate where CSAFs where found. 2021-12-16 02:59:33 +01:00
Sascha L. Teichmann
8e16650512 Implemented changes.csv check. 2021-12-16 01:17:23 +01:00
Sascha L. Teichmann
57f8f06257 Implemented index.txt check 2021-12-16 00:43:50 +01:00
Sascha L. Teichmann
30789e60d5 Call the checks again. 2021-12-15 21:22:38 +01:00
Sascha L. Teichmann
d201cda542 Renamed checks to reporters. 2021-12-15 20:18:49 +01:00
Sascha L. Teichmann
ced85c181b Rename reporters. 2021-12-15 20:16:26 +01:00
Sascha L. Teichmann
534b96d211 WIP: Refactored for simpler reporting. 2021-12-15 19:41:29 +01:00
Sascha L. Teichmann
d8ccf9ff41 Rfactoring to processor started. 2021-12-15 17:44:13 +01:00
Sascha L. Teichmann
145f9b77a8 Cache json path expressions. 2021-12-15 13:24:29 +01:00
Sascha L. Teichmann
558408c531 Dont stop scanning if there is a bad url in a feed. 2021-12-15 13:09:24 +01:00
Sascha L. Teichmann
10e1af232c Simplified hashing 2021-12-15 12:54:07 +01:00
Sascha L. Teichmann
a561c74cf5 Simplified code. 2021-12-15 12:30:14 +01:00
Sascha L. Teichmann
f2dd5a89a7 Split code to more files. Mainly move processor code to its own file. 2021-12-15 12:14:31 +01:00
Sascha L. Teichmann
b5c5d8db4b Moved CSAF file checking to processor. 2021-12-15 12:03:08 +01:00
Sascha L. Teichmann
4ca4835c3a Simplified code. 2021-12-15 11:36:06 +01:00