SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 05:40:11 +01:00
Code Issues Releases Activity Actions
1132 commits 13 branches 34 tags 8.5 MiB
Commit graph

68 commits

Author SHA1 Message Date
koplas
fc3837d655
Make json parsing more strict
Some checks are pending
Go / build (push) Waiting to run
Details
Go / run_modver (push) Blocked by required conditions
Details
2025-07-02 17:06:25 +02:00
koplas
1098c6add0 Use correct base URL
Some checks failed
Go / build (push) Has been cancelled
Details
Go / run_modver (push) Has been cancelled
Details
2025-06-20 16:37:37 +02:00
koplas
6ac97810d0
Use JoinPath 
This avoids issues where parts of the URL are discarded.
 2025-06-19 15:11:45 +02:00
koplas
2c5ef1fd5f
Avoid memory leak 
Move `resp.Body.Close()` before check of status code.

Reported by @mgoetzegb here: https://github.com/gocsaf/csaf/pull/625#issuecomment-2744067770
 2025-03-24 13:32:43 +01:00
Sascha L. Teichmann
5437d8127a Store downloader in context 2025-03-17 09:10:03 +01:00
Sascha L. Teichmann
a7821265ca Move advisory downloading to download context method 2025-03-17 08:57:05 +01:00
koplas
1d1c5698da
Merge branch 'main' into sha-handling 2025-03-05 09:41:29 +01:00
koplas
9275a37a9f Format 2025-01-08 08:50:30 +01:00
koplas
b8a5fa72d5 Fix nil check in downloader 2025-01-08 08:49:42 +01:00
ncsc-ie-devs
1daaed2c51
ensure HTTP requests use proxy env vars (#597) 
* fix: ensure HTTP requests use proxy env vars

Updated all instances of `http.Transport` to include the `Proxy` field set to `http.ProxyFromEnvironment`. This ensures that the application respects proxy configuration defined by the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables.

### Changes:
- Modified `http.Transport` initialization across the codebase to use:
  ```go
  Proxy: http.ProxyFromEnvironment
  ```
- Ensured TLS configurations remain intact by preserving `TLSClientConfig`.

### Why:
- Previously, HTTP requests bypassed proxy settings due to missing configuration in the transport layer.
- This fix enables compatibility with proxied environments, aligning with standard Go behavior.

### Impact:
- All HTTP and HTTPS traffic now adheres to proxy settings.
- Domains listed in `NO_PROXY` bypass the proxy as expected.

### Verification:
- Tested with proxy environment variables set (`HTTP_PROXY`, `HTTPS_PROXY`).
- Verified requests route through the proxy and `NO_PROXY` works as intended.

* reformat with fmt

---------

Co-authored-by: Cormac Doherty <cormac.doherty@ncsc.gov.ie>
 2024-12-02 11:42:54 +01:00
koplas
a5f4b10c4e
Merge branch 'main' into sha-handling 2024-11-27 12:39:14 +01:00
koplas
ffb4eff933
Merge unittest into sha-handling 
commit 990c74a1a6
Merge: 86d7ce1 7824f3b
Author: koplas <pschwabauer@intevation.de>
Date:   Fri Nov 22 16:58:46 2024 +0100

    Merge branch 'sha-handling' into unittest

commit 86d7ce13dc
Merge: a6807d2 79b8900
Author: koplas <pschwabauer@intevation.de>
Date:   Fri Nov 22 16:54:45 2024 +0100

    Merge branch 'sha-handling' into unittest

commit 79b89009dd
Author: koplas <pschwabauer@intevation.de>
Date:   Fri Nov 22 16:31:56 2024 +0100

    Improve hash fetching and logging

commit a6807d24d6
Merge: ddb5518 d18d2c3
Author: koplas <pschwabauer@intevation.de>
Date:   Fri Nov 22 16:51:55 2024 +0100

    Merge branch 'sha-handling' into unittest

commit d18d2c3bf1
Author: koplas <pschwabauer@intevation.de>
Date:   Fri Nov 22 16:31:56 2024 +0100

    Improve hash fetching and logging

commit ddb5518c6d
Author: koplas <54645365+koplas@users.noreply.github.com>
Date:   Tue Sep 17 10:45:25 2024 +0200

    Extend SHA marking tests

commit 13c94f4fa0
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 20:46:31 2024 +0200

    Use temp directory for downloads

commit 1819b4896b
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 20:37:55 2024 +0200

    Fix rolie feed

commit 989e3667ba
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 20:23:22 2024 +0200

    Fix provider-metadata.json

commit 714735d74a
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 20:08:21 2024 +0200

    Implement provider handler

commit d488e39947
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 16:26:37 2024 +0200

    Add info about gpg key

commit a9bf9da130
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 16:12:49 2024 +0200

    Rename directory testdata

commit 6ca6dfee25
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 16:01:41 2024 +0200

    Add initial downloader tests

commit 20bee797c6
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 15:58:31 2024 +0200

    Fix: Remove unecessary error print

commit 8e4e508073
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 14:50:48 2024 +0200

    Extend links test

commit 3ba29f94de
Author: koplas <pschwabauer@intevation.de>
Date:   Mon Sep 16 14:11:14 2024 +0200

    Add initial directory feed testdata

commit dee55aafd9
Author: koplas <54645365+koplas@users.noreply.github.com>
Date:   Mon Sep 16 10:47:32 2024 +0200

    Add initial testdata

commit cd9338ae72
Author: koplas <54645365+koplas@users.noreply.github.com>
Date:   Thu Sep 12 15:54:42 2024 +0200

    Add initial download unittests
 2024-11-27 12:15:21 +01:00
koplas
7824f3b48d Improve hash fetching and logging 2024-11-22 16:56:58 +01:00
Bernhard Reiter
e8706e5eb9 feat: perform go path repo move 
* Change the go module path
   from github.com/csaf-poc/csaf_distribution to github.com/gocsaf/csaf.
 * Rename archive for release tarballs.
 * Adjust testing scripts and documentation.
 2024-11-04 13:20:47 +01:00
JanHoefelmeyer
464e88b530
Merge pull request #571 from csaf-poc/fingerprint-no-breaking 
Improve PGP fingerprint handling
 2024-09-09 11:51:09 +02:00
koplas
37c9eaf346
Add CLI flags to specify what hash is preferred 2024-09-09 10:35:41 +02:00
koplas
c2e24f7bbb Remove check for empty fingerprint 
The schema validation already catches this error and this check will
never run.
 2024-09-06 18:21:25 +02:00
koplas
9037574d96
Improve PGP fingerprint handling 
Warn if no fingerprint is specified and give more details, if
fingerprint comparison fails.

Closes #555
 2024-08-08 12:42:19 +02:00
koplas
be2e4e7424
Improve hash path handling of directory feeds 2024-07-31 11:42:45 +02:00
koplas
0ab851a874
Use a default user agent 2024-07-31 10:16:08 +02:00
koplas
a131b0fb4b
Improve SHA* marking 2024-07-25 15:39:40 +02:00
Marius Goetze
bcf4d2f64a fix error message 
The error message had a trailing `:` which suggest that there are some details which were truncated. However the details are already printed before in the log.
 2024-07-16 12:00:09 +02:00
Marius Goetze
1e531de82d fix: don't require debug level to print error details on failed loading of provider metadata json 2024-07-15 14:22:15 +02:00
Sascha L. Teichmann
5c6736b178
Remove data races in downloader caused by shared use of json path eval. (#547) 2024-06-24 11:57:38 +02:00
Bernhard Herzog
617deb4c17
Merge pull request #530 from oxisto/slog 
Added support for structured logging in `csaf_aggregator`
 2024-04-25 13:13:11 +02:00
Immanuel Kunz
c704275a38
Merge branch 'csaf-poc:main' into main 2024-04-25 09:42:51 +02:00
Kunz, Immanuel
005e661479 add config flag to use enumerate-only 2024-04-23 20:24:18 +02:00
Kunz, Immanuel
457d519990 minor updates to Enumerate method, integrate enumerate in cmd downloader 2024-04-23 19:09:22 +02:00
Christian Banse
9b1480ae3d Bumped Go version to Go 1.21. Using log/slog instead of golang.org/x/exp/slog 2024-04-23 15:37:43 +02:00
Kunz, Immanuel
d64aa20cee first draft for downloader using enumerate 2024-04-22 17:53:45 +02:00
JanHoefelmeyer
39a29e39f1 Change Licenses from MIT to Apache 2.0 2024-04-22 13:11:30 +02:00
Sascha L. Teichmann
91ab7f6b1c
Chance supported minimal Go version back to 1.20 (#514) 2023-11-28 10:37:16 +01:00
Sascha L. Teichmann
6f8870154c Break overly long line. Fix typo in comment. 2023-11-20 21:13:24 +01:00
JanHoefelmeyer
a413852627 Downloader: Only add tlp label to path if no custom directory is configured. Refactor accordingly 2023-11-20 11:05:57 +01:00
Sascha L. Teichmann
8f6e6ee8bb improve logging output 2023-10-17 18:52:38 +02:00
Bernhard Reiter
3923dc7044
fix: improve logging for downloader and aggregator 
* use full name for printing out the used logfile for the downloader.
 * for debug or verbose, log the timeintervall that will be used
   for downloader and aggregator. (The checker has this as part
   of its output already.)
 2023-10-17 11:33:03 +02:00
Sascha L. Teichmann
7a8cdb6d19
Lift distribution from v2 to v3. (#467) 
* v2 -> v3

* Increase version within Makefile

---------

Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
 2023-09-27 15:46:57 +02:00
Sascha L. Teichmann
7cd076d4f8
Downloader: Remove verbose flag (#464) 
* Remove verbose flag from downloader.

* Do structured http logging in forwarder, too.

* Use structured logging to separate http traffic of downloader from forwarder.
 2023-09-27 11:30:24 +02:00
cintek
49da14d47f
feat: log redirects (#458) 
* feat: log redirects

* improved logging and renamed function
 2023-09-26 10:03:09 +02:00
Sascha L. Teichmann
5459f10d39
Downloader: Add structured logging, fails storing and statistics 
* add  forwarding support in downloader

* Raise needed Go version to 1.21+ so slog can be used.

* Introduce validation mode flag (strict, unsafe)

* Add structured logging and place log into the download folder.

* Improve some code comment (bernhardreiter)

* Add counting stats to downloader.
 2023-08-28 15:03:01 +02:00
Sascha L. Teichmann
e0475791ff
Downloader: Add forwarding to HTTP endpoint (#442) 
* started with forwarding support in downloader

* Add missing files.

* Add missing files.

* Raise needed Go version

* More Go version bumping.

* Fix forwarding

* Go 1.21+ needed

* Make terminating forwarder more robust.

* Better var naming

* Remove dead code. Improve commentary.

* Prepare validation status adjustment.

* Move validations to functions to make them executable in a loop.

* Introduce validation mode flag (strict, unsafe)
 2023-08-25 10:31:27 +02:00
Sascha L. Teichmann
f31ee53c27 Add client certificate support to the downloader 2023-08-02 21:16:32 +02:00
Sascha L. Teichmann
8aa31984df Add docs and fix output. 2023-08-01 09:54:43 +02:00
Sascha L. Teichmann
2864176111 Add ignore patterns to downloader. 2023-08-01 01:46:58 +02:00
Sascha L. Teichmann
383b0ca77b Add an option to downloader to store advisories into a given folder. 2023-07-31 17:19:38 +02:00
Sascha L. Teichmann
0ad4ed9e36 Expose logging as field in AdvisoryFileProcessor to shrink constructor signature. 2023-07-26 03:31:00 +02:00
Sascha L. Teichmann
de0599ebe3 Add time interval filtering to downloader. 2023-07-26 03:22:33 +02:00
Sascha L. Teichmann
8630e8bac2
Add support for config files in downloader. (#404) 
* Add support for config files in downloader.

* Add no-ini for the version flag, too.

* Add config file options in doc to downloader.
 2023-07-19 10:49:17 +02:00
Bernhard E. Reiter
cf49c7e414
Fix go.mod and internal dependencies (#371) 
* Use a "/v2" in the module path to match the git version tag which
   lead with a 2. Change all mention of the module as dependency
   internally as well.
 2023-06-05 10:24:35 +02:00
Bernhard Herzog
02d476360b
Merge pull request #366 from csaf-poc/cleanup_provider_metadata_loading 
Prepare infrastructure for role based reporting
 2023-05-16 17:53:18 +02:00