SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions
gocsaf/cmd/csaf_checker/main.go
Sascha L. Teichmann 0d17db0c59 Move options to separate file.
2023-07-19 23:39:52 +02:00

166 lines
3.7 KiB
Go
Raw Blame History

// This file is Free Software under the MIT License
// without warranty, see README.md and LICENSES/MIT.txt for details.
//
// SPDX-License-Identifier: MIT
//
// SPDX-FileCopyrightText: 2022 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
// Software-Engineering: 2022 Intevation GmbH <https://intevation.de>
// Package main implements the csaf_checker tool.
package main
import (
"bufio"
"crypto/tls"
_ "embed" // Used for embedding.
"encoding/json"
"errors"
"fmt"
"html/template"
"io"
"log"
"os"
"github.com/csaf-poc/csaf_distribution/v2/util"
"github.com/jessevdk/go-flags"
)
//go:embed tmpl/report.html
var reportHTML string
func errCheck(err error) {
if err != nil {
if flags.WroteHelp(err) {
os.Exit(0)
}
log.Fatalf("error: %v\n", err)
}
}
func (o *options) prepare() error {
// Load client certs.
switch hasCert, hasKey := o.ClientCert != nil, o.ClientKey != nil; {
case hasCert && !hasKey || !hasCert && hasKey:
return errors.New("both client-key and client-cert options must be set for the authentication")
case hasCert:
cert, err := tls.LoadX509KeyPair(*o.ClientCert, *o.ClientKey)
if err != nil {
return err
}
o.clientCerts = []tls.Certificate{cert}
}
return nil
}
// protectedAccess returns true if we have client certificates or
// extra http headers configured.
// This may be a wrong assumption, because the certs are not checked
// for their domain and custom headers may have other purposes.
func (o *options) protectedAccess() bool {
return len(o.clientCerts) > 0 || len(o.ExtraHeader) > 0
}
// writeJSON writes the JSON encoding of the given report to the given stream.
// It returns nil, otherwise an error.
func writeJSON(report *Report, w io.WriteCloser) error {
enc := json.NewEncoder(w)
enc.SetIndent("", " ")
err := enc.Encode(report)
if e := w.Close(); err != nil {
err = e
}
return err
}
// writeHTML writes the given report to the given writer, it uses the template
// in the "reportHTML" variable. It returns nil, otherwise an error.
func writeHTML(report *Report, w io.WriteCloser) error {
tmpl, err := template.New("Report HTML").Parse(reportHTML)
if err != nil {
w.Close()
return err
}
buf := bufio.NewWriter(w)
if err := tmpl.Execute(buf, report); err != nil {
w.Close()
return err
}
err = buf.Flush()
if e := w.Close(); err == nil {
err = e
}
return err
}
type nopCloser struct{ io.Writer }
func (nc *nopCloser) Close() error { return nil }
// writeReport defines where to write the report according to the "output" flag option.
// It calls also the "writeJSON" or "writeHTML" function according to the "format" flag option.
func writeReport(report *Report, opts *options) error {
var w io.WriteCloser
if opts.Output == "" {
w = &nopCloser{os.Stdout}
} else {
f, err := os.Create(opts.Output)
if err != nil {
return err
}
w = f
}
var writer func(*Report, io.WriteCloser) error
switch opts.Format {
case "json":
writer = writeJSON
default:
writer = writeHTML
}
return writer(report, w)
}
// run uses a processor to check all the given domains or direct urls
// and generates a report.
func run(opts *options, domains []string) (*Report, error) {
p, err := newProcessor(opts)
if err != nil {
return nil, err
}
defer p.close()
return p.run(domains)
}
func main() {
opts := new(options)
parser := flags.NewParser(opts, flags.Default)
parser.Usage = "[OPTIONS] domain..."
domains, err := parser.Parse()
errCheck(err)
if opts.Version {
fmt.Println(util.SemVersion)
return
}
errCheck(opts.prepare())
if len(domains) == 0 {
log.Println("No domain or direct url given.")
return
}
report, err := run(opts, domains)
errCheck(err)
errCheck(writeReport(report, opts))
}
View git blame Copy permalink