* Create dummy structure to uniquely identify each advisory
* Remove dummy values, remove unused variable for now
* Formatting
* Add Evaluation of whether a white Advisory is access protected and add it to the respective slice, implement functionality
* Initialize p.whiteAdvisories before using it, stop sorting if no Client was used
* Ammend rules to include requirement 4, warning instead of error if white advisory is found protected, use badWhitePermissions.use()
* Formatting
* Fix typo: avaible -> available
* Improve check on whether building identifier failed
* Move extracting of tlp labels and related functions from processor to roliecheck
* Create Labelchecker and check access of white advisories regardless of whether ROLIE feeds exist. Only check Ranks if ROLIE feeds are used
* Formatting
* Do not use label checker as a pointer.
* Rename label checker
* Add XXX to questionable code.
* Simplify checking white advisories.
* Improve error message if no checks for accessibility of white advisories were done
* Extract TLP label directly without extractTLP function, consistent plural in error message
* Add comments and check type assertion in tlp label extraction.
* Move check for white advisories to label checker.
* Improve methods naming an comments.
* Address a few review questions.
* Move functionality of checkProtection fully into evaluateTLP
* Add comments and warn only if we are in a white feed or in a dirlisting.
---------
Co-authored-by: JanHoefelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
* Add info for Req 8-10 if direct url was given and as such no checks were performed.
* Update cmd/csaf_checker/processor.go
Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com>
* Break overly long lines
---------
Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com>
* Improve error message if filename does not match document/tracking/id and let it be reported by the proper reporter
* style: remove unnecessary "\n"
* style: convert space to tab to calm linter
---------
Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
Co-authored-by: JanHoefelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com>
* Create ROLIE feed if summaries are empty
* Formatting, Remove sorting of 0 elements
* Handle minimum entry length error as warning in checker
* Use empty array instead of creating an empty array to reference
* Change schema to allow for empty entry arrays
* Use https://raw.githubusercontent.com/oasis-tcs/csaf/81b2663697958bc5f85d14372712a40028fb8338/csaf_2.0/json_schema/ROLIE_feed_json_schema.json as schema for ROLIE feeds
* Change label name from empty to undefined
* Change default of create_service_document for csaf_provider to true
* Config
* Count entries in csaf-checker, warn if there are none.
* Add Comments to csaf/rolie.go's CountEntries function
* Delete index.txt and changes.csv in aggregator if there are no entries.
* Create an empty ROLIE feed document when setting up folders during create
* nit: set update time stamp in structure init.
* Instantiate label checker only once.
* Ignore domain not having roles.
* provider: Create empty entry section in ROLIE feed.
* Stop check for domain if PMD check fails
* Add missing continue statement
* Report missing ROLIE feed entries in ROLIE feed, not Provider Metadata
* Do not ommit empty entries in ROLIE feeds.
* Fixed error handling problem introduced by faulty merge. Removed unused errStop handling while there.
---------
Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
Co-authored-by: JanHoefelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
* Add badROLIEfeed as Topic Message
* Use badROLIEfeed to guarantee existant TLP labels White, Green or unlabeled. (Test not implemented)
* syntax
* Formatting
* Add Tlp check, completion struct
* Add mismatch to completion, add function checkCompletion to fill mismatch and also give an error if invalid tlp levels have been used
* formatting
* Add function to remove incomplete csaf feeds from list of complete csaf feeds for a given tlp level
* Add checkSummary function that checks whether a given feed would qualify as summary feed between all currently checked feeds
* Add completed check of tlp levels
* Add checks for correct hashes and signatures in ROLIE feed
* formatting
* Add rolieFeedReporter functionality
* fix typo
* Add todo, add return values to functions
* Switch error, ... return value so error returns last
* Fix typo
* Remove hash/sig checks that don't work, improve ROLIE message
* Add handling for advisories without tlp level
* Formatting
* Clean up rolie checks.
* Started with simplifying rolie checking
* Every ROLIE with data should have a summary.
* Clean up ROLIE feed label checker.
* if no TLP level can be extracted, return Unlabeled, not WHITE
* Add handling of advisories whose tlp exists, but has no label
* Also check TLP Red for completeness
* Only remove advisory from remain when it has exactly the right tlp color.
* Fix import in new rolie feed checker.
* Update comment to reflect current functionality
* Accept advisory of lesser tlp color in feed as completing.
* Collect advisory labels from advisories.
* Clarify that if no summary feed was found, it may exist but be either not listed or not accessible.
* Do not clone advisory lookup before.
* Move rolie check code to respective file.
---------
Co-authored-by: JanHoefelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
* The validator is now able to print the details of the remote validations.
---------
Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
Co-authored-by: JanHoefelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
* Change checking to test for Security, wellknown and DNS requirement at once and only throws error if all three fail.
* Use security.txt parser from csaf/util to extract provider url.
* Improve code comments and messages for the reports.
Co-authored-by: Jan Höfelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
