SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 05:40:11 +01:00
Code Issues Releases Activity Actions
1181 commits 13 branches 34 tags 8.5 MiB
Commit graph

148 commits

Author SHA1 Message Date
Sascha L. Teichmann
bace61e0b3 Add forgotten validation for metadata 2022-06-23 19:48:02 +02:00
Sascha L. Teichmann
b359fd0a62
Add CSAF downloader 
* Dense and refactor ROLIE code in aggregator a bit.
* Move  advisory file processor to csaf package.
* Fix minor typo on main readme
 2022-06-23 14:14:44 +02:00
Sascha L. Teichmann
78d8b89aca
Add support for remote validation services. (#185) 
* Simple tool to test the remote validation

* Added remote validator support to provider.

* Added remote validation to aggregator.

* Calm golint

* Removed csaf_remote_validator tool as it was only for dev.

* Re-added csaf_remote_validator tool. Testing is not done.

* Embed the document entirely

* Include testing the remote validator in the Itests

* Change permission of the script

* Remove code for Itests

* As these will be done in another branch

Co-authored-by: Fadi Abbud <fadi.abbud@intevation.de>
 2022-06-21 14:47:06 +02:00
Sascha L. Teichmann
caea539b45 Added model for rolie categories 2022-06-14 18:31:10 +02:00
Sascha L. Teichmann
fa434fa039
Improve checker regarding ROLIE feed advisory URLs, hashes and signatures 
* Add checking the  ROLIE feed advisory URLs, hashes and signatures.
 2022-06-14 13:41:51 +02:00
Sascha L. Teichmann
589547fa94
Improve writing ROLIE feed documents 
* Add signature and two time has as link rel attributes to each rolie entry
   for provider and aggregator. Thus following CSAF 2.0 csd02. 
resolve #74
 2022-06-14 09:50:36 +02:00
Sascha L. Teichmann
922e468d99
Compare fingerprints case-insensitive 2022-06-09 16:30:20 +02:00
Sascha L. Teichmann
776a08578b
Provider: fix default metadata role defaults to trusted now. Solves #36 (issue) (#166) 
* Change provider's default metadata role to `csaf_trusted_provider`.

solve #36
 2022-06-09 12:57:22 +02:00
Bernhard E. Reiter
a849ac0d5f
Improve https get diagnostics, add verbose option 
* Implement a logging client and activate it using verbose parameter or option
   in checker and aggregator.

Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
 2022-06-02 15:07:55 +02:00
Sascha L. Teichmann
527a6f6005
Implement better search for provider-metadata.json 
* Decouple loading of provider metadata from processor and moved in the base library.
* Integrate new code into checker and aggregator
* Adhere to csd02 revision of CSAF 2.0.

resolve #60
 2022-05-31 18:10:18 +02:00
Sascha L. Teichmann
a50ed4ab01 Write correct url prefix to provider-metadata. 2022-05-19 12:22:06 +02:00
Sascha L. Teichmann
a2d96872e1 Started to work on a prefixed pmd. WIP 2022-05-19 11:43:20 +02:00
Fadi Abbud
982aaee891 Add Comment 2022-05-16 11:27:09 +02:00
Fadi Abbud
726711c688 Implement validation for ROLIE json schema 2022-05-16 11:15:46 +02:00
Sascha L. Teichmann
8a1ebe0b7a
Add aggregator; improve itest workflow 
* Factor JSON evaluation and  construction base URLs out of of checker.
* Move json path matching to util.
* Add csaf_aggregator (as additional command)
* Improve itest workflow to checkout the branch where it is running on.

resolve #105
resolve  #72

Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com>
Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
Co-authored-by: Fadi Abbud <fadi.abbud@intevation.de>
 2022-05-10 18:12:38 +02:00
Sascha L. Teichmann
d6c0fa3518 Make extraction of fields optional 2022-05-10 16:38:34 +02:00
Sascha L. Teichmann
41e4029b0d
Impove Jsonpath matcher 
* Simplifed mass jsonpath extractions json document
 2022-05-04 16:56:41 +02:00
Fadi Abbud
8bf48a2de2
Adjust provider for new CSAF CSD02 schema 
* Replace "pgp_keys" with "public_openpgp_key" in the provider-metadata.json.

resolve #112
 2022-04-28 20:46:37 +02:00
Sascha L. Teichmann
dad549c392
Move code from checker to library 2022-04-28 13:47:35 +02:00
tschmidtb51
11ed0e8f4d CSD02 Schema update 
- resolves csaf-poc/csaf_distribution#97
- add strict schemas from OASIS repo
 2022-04-08 18:23:14 +02:00
Bernhard Reiter
1f4f32435d
Fixing `CASF' typos 
* Bump copyright year 2021 -> 2022 on a few files.
 2022-02-25 17:38:07 +01:00
Sascha L. Teichmann
b12ad718c5 Factor out summary extraction from advisories. 2022-02-24 12:22:10 +01:00
Fadi Abbud
670f4cbf60 Fix Typo 2022-02-24 09:06:16 +01:00
Sascha L. Teichmann
4fc6bc5509 Add another layer aound the ROLIE feed documents. 2022-02-23 21:10:19 +01:00
Sascha L. Teichmann
0760901d6e Fixed issue #37 2022-01-31 14:17:35 +01:00
Sascha L. Teichmann
cd68a86a85 Fixed problems with ROLIE in provider metadata. 2021-12-13 02:08:32 +01:00
Sascha L. Teichmann
8c6cdadad3 Merge branch 'main' into csaf-checker 2021-12-10 10:42:37 +01:00
Sascha L. Teichmann
7b7a691f71 Merge branch 'main' into csaf-checker 2021-12-09 20:25:14 +01:00
Fadi Abbud
901e5bed74 Add License headers 2021-12-09 16:19:26 +01:00
Sascha L. Teichmann
907894416f Used keyed initializers to make govet happy. 2021-12-09 12:03:03 +01:00
Sascha L. Teichmann
2fb2dfda78 Moved commonly use file operations to separate package. 2021-12-09 11:55:22 +01:00
Sascha L. Teichmann
8c64e03507 Added JSON schema validation for provider metadata. 2021-12-08 20:00:57 +01:00
Sascha L. Teichmann
46f6e6c746 Calm golint about blank import. 2021-12-04 17:53:22 +01:00
Sascha L. Teichmann
3420ceb415 Use github.com/santhosh-tekuri/jsonschema for JSON schema validation. 2021-12-04 17:14:33 +01:00
Sascha L. Teichmann
a96597206e Hook into the JSON schema loader to load needed schemas from embedding. 2021-12-03 03:53:06 +01:00
Sascha L. Teichmann
8c272fef2a Replaced JSON schema library with a MIT licenensed one. 2021-12-03 02:28:16 +01:00
Sascha L. Teichmann
78f0b2db0b Validate CSAF documents against JSON schema. 2021-12-02 23:38:09 +01:00
Sascha L. Teichmann
f77bb5f1a8 Added default publisher if not configured. Warning if uploads don't have the same publisher as in metadata. 2021-12-02 10:51:25 +01:00
Sascha L. Teichmann
e5a6a8e2da Fixed TLP model conversion. Fixed wrong .well-known path 2021-12-02 01:36:57 +01:00
Sascha L. Teichmann
bd8846baa6 Fixed stupid calling mistakes in new WriteTo methods. 2021-12-02 00:41:43 +01:00
Sascha L. Teichmann
22c7da1ed1 use io.WriterTo instead of custom save interface ti serialize metadata and rolie. 2021-12-02 00:24:27 +01:00
Sascha L. Teichmann
5276cea0a0 Simplified code. 2021-12-01 23:57:47 +01:00
Sascha L. Teichmann
70eb8875a4 Read publisher from config. 2021-12-01 19:27:46 +01:00
Sascha L. Teichmann
04fb8f7e75 Fix golint warnings. 2021-11-25 18:21:23 +01:00
Sascha L. Teichmann
b82882eb09 Write feed URLs in provider metadata. 2021-11-17 11:47:09 +01:00
Sascha L. Teichmann
1d0d8a6d03 Write a first version of the ROLIE feed. 2021-11-17 02:16:55 +01:00
Sascha L. Teichmann
e08c90ee8a Added some models for ROLIE. 2021-11-16 20:51:34 +01:00
Sascha L. Teichmann
fed66c4e27 Added files from the first prototype. 2021-11-16 13:58:54 +01:00