SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions
1175 commits 13 branches 34 tags 8.5 MiB
Commit graph

304 commits

Author SHA1 Message Date
Bernhard Reiter
ef44c92f8b
improve code cleanness: use format string w error 
and thus makes newer go test versions happy
 2025-10-23 13:17:28 +02:00
Marius Goetze
d1f33ab27d fix incorrect usage of formatted string 
output probably unchanged, but now `go vet` is happy that formatted strings are not misused
 2025-09-08 13:19:15 +02:00
Paul Schwabauer
187d114631
Remove unnecessary URL joins (#676)
Some checks failed
generate-markdown / auto-update-readme (push) Has been cancelled
Details
Go / build (push) Has been cancelled
Details
Go / run_modver (push) Has been cancelled
Details 
This should avoid bugs for more complex scenarios.
 2025-09-01 16:13:57 +02:00
koplas
100e4d395b Fix csaf checker listed check 
Correctly handle URLs that are absolute.
 2025-08-26 11:58:49 +02:00
JanHoefelmeyer
ae184eb189
Merge pull request #655 from gocsaf/json-eof
Some checks failed
generate-markdown / auto-update-readme (push) Has been cancelled
Details
Go / build (push) Has been cancelled
Details
Go / run_modver (push) Has been cancelled
Details 
Make json parsing more strict
 2025-07-08 07:46:07 +02:00
koplas
fc3837d655
Make json parsing more strict
Some checks are pending
Go / build (push) Waiting to run
Details
Go / run_modver (push) Blocked by required conditions
Details
2025-07-02 17:06:25 +02:00
koplas
01c43d96ce
Fix checker url base handling 2025-07-02 16:27:58 +02:00
Christoph Klassen
c833c00f84
Merge pull request #649 from gocsaf/url-join
Some checks failed
generate-markdown / auto-update-readme (push) Has been cancelled
Details
Go / build (push) Has been cancelled
Details
Go / run_modver (push) Has been cancelled
Details 
Use JoinPath
 2025-06-26 08:18:39 +02:00
JanHoefelmeyer
5d37dd1339 Move PMD error from logs to report.
Some checks failed
Go / build (push) Has been cancelled
Details
Go / run_modver (push) Has been cancelled
Details
2025-06-25 09:31:50 +02:00
JanHoefelmeyer
d09db6635d Fix: Assume most restrictive role to prevent false-positives
Some checks are pending
Go / build (push) Waiting to run
Details
Go / run_modver (push) Blocked by required conditions
Details
2025-06-24 17:24:08 +02:00
koplas
3f4fe5cf18
Also generate report when role is not available 2025-06-24 17:18:42 +02:00
JanHoefelmeyer
02d4931152 Fix: Return properly early 2025-06-24 17:06:55 +02:00
koplas
1098c6add0 Use correct base URL
Some checks failed
Go / build (push) Has been cancelled
Details
Go / run_modver (push) Has been cancelled
Details
2025-06-20 16:37:37 +02:00
koplas
091854a248 Always generate report
Some checks failed
Go / build (push) Has been cancelled
Details
Go / run_modver (push) Has been cancelled
Details 
Closes #385
 2025-06-20 14:24:05 +02:00
koplas
6ac97810d0
Use JoinPath 
This avoids issues where parts of the URL are discarded.
 2025-06-19 15:11:45 +02:00
JanHoefelmeyer
8163f57851
Compare changes dates (#609) 
* Feat: Compare dates in changes.csv to those within the files if existent

* Fix: remove debug output and fix typo

* Make map handling consistent

* Improve: refactor time extraction

* fix: some syntax fixes

* Small nits

* Fix: Check changes before stopping the scan of already tested advisories

* Revert "Fix: Check changes before stopping the scan of already tested advisories - bad way to solve the problem, can cause problems"

This reverts commit d38dc285cc.

* fix: delay checking of changes dates so it is not skipped most of the
time

* Fix time comparison

---------

Co-authored-by: koplas <pschwabauer@intevation.de>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
 2025-03-14 10:05:56 +01:00
koplas
534d6f049f Add content-type error report test 2025-03-10 12:04:46 +01:00
koplas
3cfafa8263 Report error in checker if content type is not correct 
Related: #606
 2025-03-10 11:11:34 +01:00
koplas
1d1c5698da
Merge branch 'main' into sha-handling 2025-03-05 09:41:29 +01:00
JanHoefelmeyer
82a6929e4d Fix: Poor phrasing corrected 2025-01-29 09:41:16 +01:00
JanHoefelmeyer
02787b24b7 Update comments, clean up security check 2025-01-29 09:26:59 +01:00
JanHoefelmeyer
7d74543bbb Fix: Now give errors if lookup methods fail, refactor accordingly 2025-01-29 09:02:18 +01:00
koplas
028f468d6f
Fix typo in error message 
Closes #608
 2025-01-23 10:32:13 +01:00
JanHoefelmeyer
b6721e1d5a Add check for missing either sha256 or sha512 hashes only 2025-01-10 11:42:54 +01:00
koplas
d8e903587a Warn only if the other hash could be fetched 2024-12-18 15:37:58 +01:00
koplas
d38150c6a0
Add testdata for individual hash forbidden tests 2024-12-16 12:57:28 +01:00
koplas
b1a7620763
Extend processor SHA fetching tests 
Allow to forbid individual hashes from downloading. This allows to for
testing the behavior, if one of the hashes could not be downloaded.
 2024-12-16 12:23:10 +01:00
koplas
9dd4b7fc8d Add tests for no hash given or available 2024-12-13 15:54:39 +01:00
koplas
a3d6d6acfb Downgrade error to info in directory hash fetching 2024-12-13 14:26:00 +01:00
koplas
68bd04676c Add requirement checker test data 2024-12-06 13:11:07 +01:00
koplas
5b6af7a4ad WIP: Add requirement tests 2024-12-04 18:04:08 +01:00
koplas
a51964be3f Add initial csaf_checker provider test 2024-12-04 16:02:03 +01:00
ncsc-ie-devs
1daaed2c51
ensure HTTP requests use proxy env vars (#597) 
* fix: ensure HTTP requests use proxy env vars

Updated all instances of `http.Transport` to include the `Proxy` field set to `http.ProxyFromEnvironment`. This ensures that the application respects proxy configuration defined by the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables.

### Changes:
- Modified `http.Transport` initialization across the codebase to use:
  ```go
  Proxy: http.ProxyFromEnvironment
  ```
- Ensured TLS configurations remain intact by preserving `TLSClientConfig`.

### Why:
- Previously, HTTP requests bypassed proxy settings due to missing configuration in the transport layer.
- This fix enables compatibility with proxied environments, aligning with standard Go behavior.

### Impact:
- All HTTP and HTTPS traffic now adheres to proxy settings.
- Domains listed in `NO_PROXY` bypass the proxy as expected.

### Verification:
- Tested with proxy environment variables set (`HTTP_PROXY`, `HTTPS_PROXY`).
- Verified requests route through the proxy and `NO_PROXY` works as intended.

* reformat with fmt

---------

Co-authored-by: Cormac Doherty <cormac.doherty@ncsc.gov.ie>
 2024-12-02 11:42:54 +01:00
koplas
56509bbb4d
Use new path in tests 2024-11-27 12:51:38 +01:00
koplas
a5f4b10c4e
Merge branch 'main' into sha-handling 2024-11-27 12:39:14 +01:00
koplas
ffb4eff933
Merge unittest into sha-handling 
commit 990c74a1a6
Merge: 86d7ce1 7824f3b
Author: koplas <pschwabauer@intevation.de>
Date:   Fri Nov 22 16:58:46 2024 +0100

    Merge branch 'sha-handling' into unittest

commit 86d7ce13dc
Merge: a6807d2 79b8900
Author: koplas <pschwabauer@intevation.de>
Date:   Fri Nov 22 16:54:45 2024 +0100

    Merge branch 'sha-handling' into unittest

commit 79b89009dd
Author: koplas <pschwabauer@intevation.de>
Date:   Fri Nov 22 16:31:56 2024 +0100

    Improve hash fetching and logging

commit a6807d24d6
Merge: ddb5518 d18d2c3
Author: koplas <pschwabauer@intevation.de>
Date:   Fri Nov 22 16:51:55 2024 +0100

    Merge branch 'sha-handling' into unittest

commit d18d2c3bf1
Author: koplas <pschwabauer@intevation.de>
Date:   Fri Nov 22 16:31:56 2024 +0100

    Improve hash fetching and logging

commit ddb5518c6d
Author: koplas <54645365+koplas@users.noreply.github.com>
Date:   Tue Sep 17 10:45:25 2024 +0200

    Extend SHA marking tests

commit 13c94f4fa0
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 20:46:31 2024 +0200

    Use temp directory for downloads

commit 1819b4896b
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 20:37:55 2024 +0200

    Fix rolie feed

commit 989e3667ba
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 20:23:22 2024 +0200

    Fix provider-metadata.json

commit 714735d74a
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 20:08:21 2024 +0200

    Implement provider handler

commit d488e39947
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 16:26:37 2024 +0200

    Add info about gpg key

commit a9bf9da130
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 16:12:49 2024 +0200

    Rename directory testdata

commit 6ca6dfee25
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 16:01:41 2024 +0200

    Add initial downloader tests

commit 20bee797c6
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 15:58:31 2024 +0200

    Fix: Remove unecessary error print

commit 8e4e508073
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 14:50:48 2024 +0200

    Extend links test

commit 3ba29f94de
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 14:11:14 2024 +0200

    Add initial directory feed testdata

commit dee55aafd9
Author: koplas <54645365+koplas@users.noreply.github.com>
Date:   Mon Sep 16 10:47:32 2024 +0200

    Add initial testdata

commit cd9338ae72
Author: koplas <54645365+koplas@users.noreply.github.com>
Date:   Thu Sep 12 15:54:42 2024 +0200

    Add initial download unittests
 2024-11-27 12:15:21 +01:00
Bernhard Reiter
e8706e5eb9 feat: perform go path repo move 
* Change the go module path
   from github.com/csaf-poc/csaf_distribution to github.com/gocsaf/csaf.
 * Rename archive for release tarballs.
 * Adjust testing scripts and documentation.
 2024-11-04 13:20:47 +01:00
koplas
c0de0c2b6d Check if hash present, before sending a request 2024-09-27 15:20:36 +02:00
JanHoefelmeyer
464e88b530
Merge pull request #571 from csaf-poc/fingerprint-no-breaking 
Improve PGP fingerprint handling
 2024-09-09 11:51:09 +02:00
Bernhard Reiter
5231b3386b
docs: improve code comment (minor) 2024-09-07 09:58:14 +02:00
koplas
c2e24f7bbb Remove check for empty fingerprint 
The schema validation already catches this error and this check will
never run.
 2024-09-06 18:21:25 +02:00
koplas
9037574d96
Improve PGP fingerprint handling 
Warn if no fingerprint is specified and give more details, if
fingerprint comparison fails.

Closes #555
 2024-08-08 12:42:19 +02:00
koplas
be2e4e7424
Improve hash path handling of directory feeds 2024-07-31 11:42:45 +02:00
koplas
0ab851a874
Use a default user agent 2024-07-31 10:16:08 +02:00
koplas
a131b0fb4b
Improve SHA* marking 2024-07-25 15:39:40 +02:00
JanHoefelmeyer
39a29e39f1 Change Licenses from MIT to Apache 2.0 2024-04-22 13:11:30 +02:00
Sascha L. Teichmann
9a1c66eb8e
checker: Ensure that the processor is reset before checking each domain. (#523) 2024-01-15 08:59:58 +01:00
Sascha L. Teichmann
03e418182d
Advisories: Time filter download by 'updated' field in ROLIE entries. (#519) 
* Use 'updated' field of ROLIE field entries to time filter downloads.

* More suited variable naming
 2023-12-04 11:31:14 +01:00
JanHoefelmeyer
a6bf44f7cc Removed impossible to achieve condition in reporters 2023-11-22 08:17:05 +01:00
JanHoefelmeyer
fb7c77b419 Remove unnecessary else block 2023-11-21 13:45:46 +01:00