SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 05:40:11 +01:00
Code Issues Releases Activity Actions
1040 commits 13 branches 34 tags 8.5 MiB
Commit graph

1040 commits

This branch
This branch
All branches
Author SHA1 Message Date
koplas
df65ad13cb
Fix: return correct exit code 2024-12-10 10:13:42 +01:00
Sascha L. Teichmann
16e86051c5 Be more precise about exit codes. 2024-12-04 14:27:24 +01:00
koplas
938ceb872a Return exit code based on validation result 2024-12-04 13:54:38 +01:00
koplas
57953e495f Warn if no remote validator was specified 2024-12-04 13:23:57 +01:00
ncsc-ie-devs
1daaed2c51
ensure HTTP requests use proxy env vars (#597) 
* fix: ensure HTTP requests use proxy env vars

Updated all instances of `http.Transport` to include the `Proxy` field set to `http.ProxyFromEnvironment`. This ensures that the application respects proxy configuration defined by the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables.

### Changes:
- Modified `http.Transport` initialization across the codebase to use:
  ```go
  Proxy: http.ProxyFromEnvironment
  ```
- Ensured TLS configurations remain intact by preserving `TLSClientConfig`.

### Why:
- Previously, HTTP requests bypassed proxy settings due to missing configuration in the transport layer.
- This fix enables compatibility with proxied environments, aligning with standard Go behavior.

### Impact:
- All HTTP and HTTPS traffic now adheres to proxy settings.
- Domains listed in `NO_PROXY` bypass the proxy as expected.

### Verification:
- Tested with proxy environment variables set (`HTTP_PROXY`, `HTTPS_PROXY`).
- Verified requests route through the proxy and `NO_PROXY` works as intended.

* reformat with fmt

---------

Co-authored-by: Cormac Doherty <cormac.doherty@ncsc.gov.ie>
 2024-12-02 11:42:54 +01:00
JanHoefelmeyer
18af28f475
Merge pull request #600 from gocsaf/docs-proxy-for-2 
fix docs link to standard
 2024-12-02 10:41:57 +01:00
Bernhard Reiter
b8a98033bf
fix docs link to standard 2024-11-28 15:58:20 +01:00
JanHoefelmeyer
678f232a9a
Merge pull request #593 from gocsaf/add-upload-permission 
Add required upload permissions
 2024-11-27 10:04:06 +01:00
JanHoefelmeyer
2435abe3e1
Merge pull request #594 from gocsaf/update_go_3rd_party_libs_2024_11_22 
Update Go 3rd party libs
 2024-11-26 08:23:18 +01:00
JanHoefelmeyer
3dc84f3537
Merge pull request #598 from gocsaf/docs-readme-12 
Update README.md that go paths can be adjusted
 2024-11-26 07:08:57 +01:00
Bernhard Reiter
b2180849e9
Update README.md that go paths can be adjusted 2024-11-25 09:38:13 +01:00
Sascha L. Teichmann
9495d8b1c3 Update Go 3rd party libs 2024-11-22 16:10:54 +01:00
koplas
f6d7589fde Add required upload permissions 2024-11-22 15:58:41 +01:00
JanHoefelmeyer
fe4f01d062
fix: Link to file was not working (#592) 2024-11-22 14:52:56 +01:00
JanHoefelmeyer
01645f5559 Fix: Update downloader docs 2024-11-21 14:55:41 +01:00
Bernhard Reiter
1e3504c753 improve Makefile improvement 2024-11-15 19:54:00 +01:00
Bernhard Reiter
ace8aeaf98 fix: build-in version for release tags 
* Change Makefile to remove the leading `v` from the git tag
   in the case of release tags. Previously this was only done for
   pre-release git tags.
 2024-11-15 19:54:00 +01:00
JanHoefelmeyer
3e9b5e1ebb
Merge pull request #584 from gocsaf/dev-12 
improve test setup scripts by adding missing package
 2024-11-05 09:22:35 +01:00
Bernhard Reiter
e8706e5eb9 feat: perform go path repo move 
* Change the go module path
   from github.com/csaf-poc/csaf_distribution to github.com/gocsaf/csaf.
 * Rename archive for release tarballs.
 * Adjust testing scripts and documentation.
 2024-11-04 13:20:47 +01:00
Bernhard Reiter
ffadad38c6
improve test setupscript by adding missing zip 
Add zip as packages to be installed in preparation as
 the `make dist` target uses it.
 2024-10-30 15:53:22 +01:00
JanHoefelmeyer
91207f2b7b
Merge pull request #581 from gocsaf/repomove-alert 
docs: add link update alert to README.md
 2024-10-30 12:24:29 +01:00
JanHoefelmeyer
1c860a1ab2
Update README.md: Fix: typo 2024-10-30 11:22:24 +01:00
Bernhard E. Reiter
1aad5331d2
Update README.md 
reformat a bit
 2024-10-30 11:15:31 +01:00
Sascha L. Teichmann
7aa95c03ca
fix: bring aggregator schema to errata01 (#583) 2024-10-30 11:03:18 +01:00
Bernhard E. Reiter
6ebe7f5f5d
Update repo move alert in README.md 
use a better phrasing
 2024-10-30 10:53:15 +01:00
Bernhard E. Reiter
bf057e2fa8
Update repo move alert in README.md 
HTML links can be adjusted right now, go module paths will have to wait a bit.
 2024-10-30 10:51:38 +01:00
Bernhard E. Reiter
bdd8aa0a94
Update README.md 2024-10-29 09:50:26 +01:00
Bernhard E. Reiter
18e2e35e7c
Update README.md with link update alert 2024-10-29 09:49:27 +01:00
Paul Schwabauer
f7dc3f5ec7
Use .test TLD for integration setup (#577) 
.local is reserved for local-area networks, and .localhost is reserved for loopback devices. Using .test allows easier usage for different test setups.

 * https://www.rfc-editor.org/rfc/rfc2606#section-2 defines the "test." top level domain and "localhost.".
* https://www.rfc-editor.org/rfc/rfc6761.html#section-6.2 explains how different implementations can use "test.".
 2024-09-29 09:08:01 +02:00
JanHoefelmeyer
a70a04e169
Merge pull request #573 from csaf-poc/go122 
Upgrade to go v1.22
 2024-09-26 11:13:30 +02:00
koplas
f36c96e798
Upgrade to go v1.22 
Closes #570
 2024-09-12 13:45:59 +02:00
4echow
c148a18dba docs:: fix miner typo in csaf_downloader.md 2024-09-12 10:09:34 +02:00
JanHoefelmeyer
464e88b530
Merge pull request #571 from csaf-poc/fingerprint-no-breaking 
Improve PGP fingerprint handling
 2024-09-09 11:51:09 +02:00
Bernhard Reiter
5231b3386b
docs: improve code comment (minor) 2024-09-07 09:58:14 +02:00
koplas
c2e24f7bbb Remove check for empty fingerprint 
The schema validation already catches this error and this check will
never run.
 2024-09-06 18:21:25 +02:00
JanHoefelmeyer
108c2f5508
Merge pull request #553 from csaf-poc/user-agent 
Use a default user agent
 2024-08-09 14:28:29 +02:00
koplas
9037574d96
Improve PGP fingerprint handling 
Warn if no fingerprint is specified and give more details, if
fingerprint comparison fails.

Closes #555
 2024-08-08 12:42:19 +02:00
JanHoefelmeyer
8feddc70e1 feat: no longer require to be root user to call setup scripts 2024-08-05 16:41:55 +02:00
koplas
13a635c7e3
Add user-agent documentation to aggregator 2024-08-01 15:43:35 +02:00
Bernhard Reiter
1a2ce684ff
improve default header 
* use `csaf_distribution` with an underscore as underscores
   are allowed by RFC9110 and it is more consistent as it is used
   with underscore at other places.
 * change example to `VERSION` to indicate that this is dynamic.
 2024-08-01 14:53:23 +02:00
koplas
3a67fb5210
Add user-agent documentation 2024-07-31 11:00:40 +02:00
koplas
0ab851a874
Use a default user agent 2024-07-31 10:16:08 +02:00
JanHoefelmeyer
257c316894
Merge pull request #548 from greenbone/fix-error-message 
fix error message in csaf downloader
 2024-07-18 07:47:48 +02:00
Marius Goetze
bcf4d2f64a fix error message 
The error message had a trailing `:` which suggest that there are some details which were truncated. However the details are already printed before in the log.
 2024-07-16 12:00:09 +02:00
Marius Goetze
1e531de82d fix: don't require debug level to print error details on failed loading of provider metadata json 2024-07-15 14:22:15 +02:00
Marius Goetze
51dc9b5bcb refactor: deduplicate filtering pmd results from security.txt 
already done in `loadFromSecurity`
 2024-07-15 14:22:15 +02:00
Marius Goetze
a46c286cf4 fix: don't drop error messages from loading provider-metadata.json 
previously in case case of trying last resort dns, all other error messages were dropped
 2024-07-15 14:22:15 +02:00
JanHoefelmeyer
cb1ed601dd
Merge pull request #545 from csaf-poc/expand-util-tests 
Extend unit test coverage in util
 2024-06-24 14:48:05 +02:00
Sascha L. Teichmann
5c6736b178
Remove data races in downloader caused by shared use of json path eval. (#547) 2024-06-24 11:57:38 +02:00
koplas
3084cdbc37
Address comments 2024-06-21 15:35:30 +02:00