From fd6bc059fd8840aa52aced0f42c02ff97d1f2d46 Mon Sep 17 00:00:00 2001 From: JanHoefelmeyer Date: Wed, 12 Jul 2023 10:27:02 +0200 Subject: [PATCH 1/3] Add info for Req 8-10 if direct url was given and as such no checks were performed. --- cmd/csaf_checker/processor.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/cmd/csaf_checker/processor.go b/cmd/csaf_checker/processor.go index 36a22a4d..1c96213a 100644 --- a/cmd/csaf_checker/processor.go +++ b/cmd/csaf_checker/processor.go @@ -340,6 +340,15 @@ func (p *processor) domainChecks(domain string) []func(*processor, string) error if !direct { checks = append(checks, (*processor).checkWellknownSecurityDNS) + } else { + p.badSecurity.use() + p.badSecurity.info( + "Performed no test of security.txt since the direct url of the provider-metadata.json was used.") + p.badWellknownMetadata.use() + p.badWellknownMetadata.info( + "Performed no test on whether the provider-metadata.json is available under the .well-known path since the direct url of the provider-metadata.json was used.") + p.badDNSPath.use() + p.badDNSPath.info("Performed no test on the contents of https://csaf.data.security.DOMAIN since direct url of provider-metadata.json was used") } checks = append(checks, From 4051e2877f8fc8952849625a98e1f186e3943639 Mon Sep 17 00:00:00 2001 From: JanHoefelmeyer <107021473+JanHoefelmeyer@users.noreply.github.com> Date: Thu, 13 Jul 2023 07:29:04 +0200 Subject: [PATCH 2/3] Update cmd/csaf_checker/processor.go Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- cmd/csaf_checker/processor.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/csaf_checker/processor.go b/cmd/csaf_checker/processor.go index 1c96213a..a977905d 100644 --- a/cmd/csaf_checker/processor.go +++ b/cmd/csaf_checker/processor.go @@ -348,7 +348,7 @@ func (p *processor) domainChecks(domain string) []func(*processor, string) error p.badWellknownMetadata.info( "Performed no test on whether the provider-metadata.json is available under the .well-known path since the direct url of the provider-metadata.json was used.") p.badDNSPath.use() - p.badDNSPath.info("Performed no test on the contents of https://csaf.data.security.DOMAIN since direct url of provider-metadata.json was used") + p.badDNSPath.info("Performed no test on the contents of https://csaf.data.security.DOMAIN since direct url of provider-metadata.json was used.") } checks = append(checks, From 1dc4cfc400c71c1cf764da61121f35d7a1f071a7 Mon Sep 17 00:00:00 2001 From: JanHoefelmeyer Date: Thu, 13 Jul 2023 12:49:53 +0200 Subject: [PATCH 3/3] Break overly long lines --- cmd/csaf_checker/processor.go | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/cmd/csaf_checker/processor.go b/cmd/csaf_checker/processor.go index a977905d..e03261e3 100644 --- a/cmd/csaf_checker/processor.go +++ b/cmd/csaf_checker/processor.go @@ -343,12 +343,17 @@ func (p *processor) domainChecks(domain string) []func(*processor, string) error } else { p.badSecurity.use() p.badSecurity.info( - "Performed no test of security.txt since the direct url of the provider-metadata.json was used.") + "Performed no test of security.txt " + + "since the direct url of the provider-metadata.json was used.") p.badWellknownMetadata.use() p.badWellknownMetadata.info( - "Performed no test on whether the provider-metadata.json is available under the .well-known path since the direct url of the provider-metadata.json was used.") + "Performed no test on whether the provider-metadata.json is available " + + "under the .well-known path " + + "since the direct url of the provider-metadata.json was used.") p.badDNSPath.use() - p.badDNSPath.info("Performed no test on the contents of https://csaf.data.security.DOMAIN since direct url of provider-metadata.json was used.") + p.badDNSPath.info( + "Performed no test on the contents of https://csaf.data.security.DOMAIN " + + "since the direct url of the provider-metadata.json was used.") } checks = append(checks,