WIP: Add requirement tests

gocsaf · Dec 4, 2024 · 5b6af7a · 5b6af7a
1 parent a51964b
commit 5b6af7a
Show file tree

Hide file tree

Showing 3 changed files with 112 additions and 10 deletions.
diff --git a/cmd/csaf_checker/processor_test.go b/cmd/csaf_checker/processor_test.go
@@ -9,55 +9,150 @@
 package main
 
 import (
+	"fmt"
 	"net/http/httptest"
+	"reflect"
 	"testing"
 
 	"github.com/gocsaf/csaf/v3/internal/testutil"
 	"github.com/gocsaf/csaf/v3/util"
 )
 
+func getBaseRequirements(url string) []Requirement {
+	return []Requirement{
+		{
+			Num:         1,
+			Description: "Valid CSAF documents",
+			Messages:    []Message{{Type: 1, Text: "No remote validator configured"}, {Type: 0, Text: "All advisories validated fine against the schema."}},
+		}, {
+			Num:         2,
+			Description: "Filename",
+			Messages:    []Message{{Type: 0, Text: "All found filenames are conforming."}}},
+		{
+			Num:         3,
+			Description: "TLS",
+			Messages:    []Message{{Type: 0, Text: "All tested URLs were HTTPS."}}},
+		{
+			Num:         4,
+			Description: "TLP:WHITE",
+			Messages:    []Message{{Type: 0, Text: "All advisories labeled TLP:WHITE were freely accessible."}}},
+		{
+			Num:         5,
+			Description: "TLP:AMBER and TLP:RED",
+			Messages: []Message{
+				{Type: 0, Text: "No advisories labeled TLP:AMBER or TLP:RED tested for accessibility."}}},
+		{
+			Num:         6,
+			Description: "Redirects",
+			Messages:    []Message{{Type: 0, Text: "No redirections found."}}},
+		{
+			Num:         7,
+			Description: "provider-metadata.json",
+			Messages:    []Message{{Type: 0, Text: "Found good provider metadata."}}},
+		{
+			Num:         8,
+			Description: "security.txt",
+			Messages:    []Message{{Type: 0, Text: "Performed no test of security.txt since the direct url of the provider-metadata.json was used."}}},
+		{
+			Num:         9,
+			Description: "/.well-known/csaf/provider-metadata.json",
+			Messages:    []Message{{Type: 0, Text: "Performed no test on whether the provider-metadata.json is available under the .well-known path since the direct url of the provider-metadata.json was used."}}},
+		{
+			Num:         10,
+			Description: "DNS path",
+			Messages:    []Message{{Type: 0, Text: "Performed no test on the contents of https://csaf.data.security.DOMAIN since the direct url of the provider-metadata.json was used."}}},
+		{
+			Num:         11,
+			Description: "One folder per year",
+			Messages:    []Message{{Type: 2, Text: fmt.Sprintf("No year folder found in %s/white/avendor-advisory-0004.json", url)}}},
+		{
+			Num:         12,
+			Description: "index.txt",
+			Messages:    []Message{{Type: 0, Text: fmt.Sprintf("Found %s/white/index.txt", url)}}},
+		{
+			Num:         13,
+			Description: "changes.csv",
+			Messages:    []Message{{Type: 0, Text: fmt.Sprintf("Found %s/white/changes.csv", url)}}},
+		{
+			Num:         14,
+			Description: "Directory listings",
+			Messages:    []Message{{Type: 0, Text: "All directory listings are valid."}}},
+		{
+			Num:         15,
+			Description: "ROLIE feed",
+			Messages:    []Message{{Type: 2, Text: "ROLIE feed based distribution was not used."}}},
+		{
+			Num:         16,
+			Description: "ROLIE service document",
+			Messages:    []Message{{Type: 1, Text: "No ROLIE service document found."}}},
+		{
+			Num:         17,
+			Description: "ROLIE category document",
+			Messages:    []Message{{Type: 1, Text: "No ROLIE category document found."}}},
+		{
+			Num:         18,
+			Description: "Integrity",
+			Messages:    []Message{{Type: 0, Text: "All checksums match."}}},
+		{
+			Num:         19,
+			Description: "Signatures",
+			Messages:    []Message{{Type: 0, Text: "All signatures verified."}}},
+		{
+			Num:         20,
+			Description: "Public OpenPGP Key",
+			Messages:    []Message{{Type: 0, Text: "1 public OpenPGP key(s) loaded."}}},
+	}
+}
+
 func TestShaMarking(t *testing.T) {
 	tests := []struct {
 		name              string
 		directoryProvider bool
 		enableSha256      bool
 		enableSha512      bool
+		expected          func(string) []Requirement
 	}{
 		{
 			name:              "deliver sha256 and sha512",
 			directoryProvider: false,
 			enableSha256:      true,
 			enableSha512:      true,
+			expected:          getBaseRequirements,
 		},
 		{
 			name:              "only deliver sha256",
 			directoryProvider: false,
 			enableSha256:      true,
 			enableSha512:      false,
+			expected:          getBaseRequirements,
 		},
 		{
 			name:              "only deliver sha512",
 			directoryProvider: false,
 			enableSha256:      false,
 			enableSha512:      true,
+			expected:          getBaseRequirements,
 		},
 		{
 			name:              "only deliver sha256 and sha512, directory provider",
 			directoryProvider: true,
 			enableSha256:      true,
 			enableSha512:      true,
+			expected:          getBaseRequirements,
 		},
 		{
 			name:              "only deliver sha256, directory provider",
 			directoryProvider: true,
 			enableSha256:      true,
 			enableSha512:      false,
+			expected:          getBaseRequirements,
 		},
 		{
 			name:              "only deliver sha512, directory provider",
 			directoryProvider: true,
 			enableSha256:      false,
 			enableSha512:      true,
+			expected:          getBaseRequirements,
 		},
 	}
 
@@ -92,11 +187,18 @@ func TestShaMarking(t *testing.T) {
 			}
 			p.client = client
 
-			// TODO check result of processor
-			_, err = p.run([]string{serverURL + "/provider-metadata.json"})
+			report, err := p.run([]string{serverURL + "/provider-metadata.json"})
 			if err != nil {
 				t.Errorf("SHA marking %v: Expected no error, got: %v", test.name, err)
 			}
+			expected := test.expected(serverURL)
+			for i, got := range report.Domains[0].Requirements {
+				want := expected[i]
+				if !reflect.DeepEqual(*got, want) {
+					t.Errorf("SHA marking %v: Expected %v, got %v", test.name, want, *got)
+				}
+			}
+
 			p.close()
 		})
 	}

diff --git a/testdata/simple-rolie-provider/service.json b/testdata/simple-rolie-provider/service.json
@@ -6,7 +6,7 @@
         "collection": [
           {
             "title": "CSAF feed (TLP:WHITE)",
-            "href": "/white/white-feed.json",
+            "href": "{{.URL}}/white/white-feed.json",
             "categories": {
               "category": [
                 {

diff --git a/testdata/simple-rolie-provider/white/white-feed.json b/testdata/simple-rolie-provider/white/white-feed.json
@@ -5,11 +5,11 @@
     "link": [
       {
         "rel": "self",
-        "href": "/white/csaf-feed-tlp-white.json"
+        "href": "{{.URL}}/white/csaf-feed-tlp-white.json"
       },
       {
         "rel": "service",
-        "href": "/service.json"
+        "href": "{{.URL}}/service.json"
       }
     ],
     "category": [
@@ -26,30 +26,30 @@
         "link": [
           {
             "rel": "self",
-            "href": "/white/avendor-advisory-0004.json"
+            "href": "{{.URL}}/white/avendor-advisory-0004.json"
           },
           {{if .EnableSha256}}
           {
             "rel": "hash",
-            "href": "/white/avendor-advisory-0004.json.sha256"
+            "href": "{{.URL}}/white/avendor-advisory-0004.json.sha256"
           },
           {{end}}
           {{if .EnableSha512}}
           {
             "rel": "hash",
-            "href": "/white/avendor-advisory-0004.json.sha512"
+            "href": "{{.URL}}/white/avendor-advisory-0004.json.sha512"
           },
           {{end}}
           {
             "rel": "signature",
-            "href": "/white/avendor-advisory-0004.json.asc"
+            "href": "{{.URL}}/white/avendor-advisory-0004.json.asc"
           }
         ],
         "published": "2020-01-01T00:00:00Z",
         "updated": "2020-01-01T00:00:00Z",
         "content": {
           "type": "application/json",
-          "src": "/avendor-advisory-0004.json"
+          "src": "{{.URL}}/avendor-advisory-0004.json"
         },
         "format": {
           "schema": "https://docs.oasis-open.org/csaf/csaf/v2.0/csaf_json_schema.json",