Comments (9)
Opened a new issue #184 for the ROLIE feed part of the issue.
from csaf_distribution.
One should also be able to provide a TLS client certificate to use for the TLP:AMBER and TLP:RED feeds.
from csaf_distribution.
Moved the client certificate part to #46.
from csaf_distribution.
Talked to @bernhardreiter, tested version: 0.9.2-10-g006f088
Tested output.
Unclear what "role" means.
No information from the publisher object present.
For provider-metadata.json, only info provided was whether it was found.
For security.txt, no path was provided.
No ROLIE feed information was provided.
Then, tried out the verbose option:
Now additional information was written into the log above the standard output:
Location of security.txt and provider-metadata.json:
2022/06/14 12:38:01 [GET]: https://localhost/.well-known/security.txt
2022/06/14 12:38:01 [GET]: https://localhost/.well-known/csaf/provider-metadata.json
No information about the other points.
Should the information about these files (as well as the other still missing information) be moved into the standard output or stay within the verbose option?
from csaf_distribution.
The output for check 9 related to the validity of the used provider-metadata.json
and --verbose
shows the URLs for all access attempts.
@tschmidtb51 Do you agree that this is enough for paths and validity for the provider-metadata.json
?
from csaf_distribution.
Let's discuss this on Friday.
from csaf_distribution.
Wished for is to print the publisher
and role
object values from the provider-metadata.json that is used. (Acceptable would be to have this as diagnostic output on the command line behind --verbose
. )
And give out the path of the provider-metadata.json
that is used.
from csaf_distribution.
If it is integrated into the standard output, I suggest the following location in the json:
{
"domains": [
{
"name": "any.domain.name.example",
"publisher": {
// Publisher details here
},
"role": "csaf_provider",
"requirements": [
// Test results here
]
}
]
}
from csaf_distribution.
I think, PR #238 has solved this.
from csaf_distribution.
Related Issues (20)
- Support client-based authorization via certificates HOT 2
- Add Config file for downloader and checker HOT 2
- Validation of documents and protocols
- Allow for all downloaded files to be stored within a singular folder HOT 2
- Make HTTP-Header redirects no longer be a reason for checker failure HOT 1
- Improve message in requirement 4 HOT 1
- Add option for all checks
- Checker: For Trusted Providers, make Requirements 11-14 or 15-17 mandatory. HOT 1
- Checker: ROLIE validation too late?
- Filter lpmd.Messages in checkProvidermetadata in processor.go
- Fix lax redirect interpretation in 9 (and 10)
- Differentiate between different ProviderMetadataloadmessages for csaf-checker HOT 1
- Make handling of config files symmetrical HOT 2
- Remove `--years` flag from checker. HOT 2
- Document known retrieval limitation
- Release new version (planned version number 3.0.0-beta.1)
- Document which regex syntax is used in ignore patterns HOT 1
- Decide how to handle plain passwords for PEM encoded certificates HOT 3
- Improve message on empty ROLIE feeds HOT 1
- Missing files in `changes.csv` are reported in 18
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from csaf_distribution.