CaliDog / Axeman

Axeman is a utility to retrieve certificates from Certificate Transparency Lists (CTLs)
MIT License
218 stars 71 forks source link

Axeman also includes non-website certs (Code signing) and does not escape them. #12

Open smiba opened 4 years ago

smiba commented 4 years ago

Hi,

While running a custom wrapper around axeman that inserts records into a custom database format, I've found out that every now and then a special certificate comes along, example being this certificate (id 17395 on ct.googleapis.com/logs/argon2022) being a Code Signing certificate given to "SOOSAN INT CO., Ltd"

This gives multiple issues, not only does axeman not properly escape the "," character in this name but it also ends up in the all_domains field. Although the last might be wanted behaviour, the non escaped "," character isn't.

smiba commented 4 years ago

Please ignore commit, as this is meant for issue 13

smiba commented 4 years ago

Escaping fields is one thing, but still splitting domains on a space (' ') character will cause issues with code signing certs, as common name these will usually have the company name which most of the time contain spaces.

My current fix is to use a different character for splitting, but I'm not sure if this wouldn't break importing this into google or databases. Need some feedback on this

(For example, I use '|' instead of ' ', but there might be an even better character thats not allowed in the common name field?): "\"" + '|'.join(cert_data['leaf_cert']['all_domains']).replace("\"", "\"\"") + "\"",