Describe the bug
In the CC processing pipelines, the HTML and CSV certificates are merged. This merging detects when something is mismatched between two certs with shared digest. However, there is currently a false positive based on the security_level field. For one side the field is set() (empty set) and for the other it is {""} (set with empty string). This gets reported for most certificates, so something is likely wrong with the security level parsing.
2023-09-21 12:07:52,490 - sec_certs.sample.certificate - WARNING - When merging certificates with dgst fcc7abb7b11d12d4, the following mismatch occured: Attribute=security_level, self[security_level]={''}, other[security_level]=set()
2023-09-21 12:07:52,490 - sec_certs.sample.certificate - WARNING - When merging certificates with dgst 8298c7814b3b2860, the following mismatch occured: Attribute=security_level, self[security_level]={''}, other[security_level]=set()
2023-09-21 12:07:52,490 - sec_certs.sample.certificate - WARNING - When merging certificates with dgst 979e00ac7d3e229c, the following mismatch occured: Attribute=security_level, self[security_level]={''}, other[security_level]=set()
To Reproduce
Run sec-certs cc build.
Desktop (please complete the following information):
Commit 30f74756fa8f87c42f897fa381700784a1e2dec2
Run time 21.09.2023
J08nY
commented
3 weeks ago
Describe the bug In the CC processing pipelines, the HTML and CSV certificates are merged. This merging detects when something is mismatched between two certs with shared digest. However, there is currently a false positive based on the
security_levelfield. For one side the field isset()(empty set) and for the other it is{""}(set with empty string). This gets reported for most certificates, so something is likely wrong with the security level parsing.To Reproduce Run
sec-certs cc build.Desktop (please complete the following information): Commit 30f74756fa8f87c42f897fa381700784a1e2dec2 Run time 21.09.2023