search

gocsaf / csaf

Tools to download or provide CSAF (Common Security Advisory Framework) documents.
https://csaf.io
42 stars 25 forks source link

Missleading report, if path to provider-metadata.json is wrong security.txt #261

Closed mfd2007 closed 2 years ago

mfd2007 commented 2 years ago

"version": "0.9.5-1-g490fe4a",

If the CSAF entry in security.txt points to a wrong/not available path, the following error is returned:

{
          "num": 7,
          "description": "provider-metadata.json",
          "messages": [
            {
              "type": 1,
              "text": "\"https://csaf-provider-1.csaf/.well-known/csaf/provider-metadata.json\" not found."
            },
            {
              "type": 1,
              "text": "https://csaf-provider-1.csaf/.well-known/security.txt failed to load."
            },
            {
              "type": 1,
              "text": "\"https://csaf.data.security.csaf-provider-1.csaf\" not found."
            },
            {
              "type": 2,
              "text": "No valid provider-metadata.json found."
            },
            {
              "type": 2,
              "text": "STOPPING here - cannot perform other checks."
            }
          ]
        },

My expectation would be that the address, that is referenced in the security.txt, is also logged as not available.

s-l-teichmann commented 2 years ago

This could already be addressed by PR #260 here.

mfd2007 commented 2 years ago

Yes, is already fixed (my fault).