search

gocsaf / csaf

Tools to download or provide CSAF (Common Security Advisory Framework) documents.
https://csaf.io
42 stars 25 forks source link

Add extra http header support to downloader and checker. #314

Closed s-l-teichmann closed 1 year ago

s-l-teichmann commented 1 year ago

resolves #303

Adds -H key:value command line options to checker and downloader to use these key/value pairs as additional header fields in outgoing HTTP calls.

bernhardreiter commented 1 year ago

Doing a test by enabling debug logging on the nginx server (in a typical integration test setup).

In /etc/nginx/nginx.conf:

error_log /var/log/nginx/error.log debug;

then restart nginx and watch for headers in the log:

tail -f /var/log/nginx/error.log | grep "http header:"

Doing requests like:

./bin-linux-amd64/csaf_checker --help --insecure localhost --header "X-Auth:Captain Future" -H "y-aPI-KEY: no way" --header "no:way way"
./bin-linux-amd64/csaf_checker --help --insecure localhost --header="X-Wing-Fighter:Greg" -H "API-key: key"

lead to results in the log like

2023/01/26 15:27:04 [debug] 49897#49897: *49 http header: "No: way way"
2023/01/26 15:27:04 [debug] 49897#49897: *49 http header: "X-Auth: Captain Future"
2023/01/26 15:27:04 [debug] 49897#49897: *49 http header: "Y-Api-Key: no way"
[..]
2023/01/26 15:28:37 [debug] 49897#49897: *51 http header: "Api-Key: key"
2023/01/26 15:28:37 [debug] 49897#49897: *51 http header: "X-Wing-Fighter: Greg"
2023/01/26 15:28:37 [debug] 49897#49897: *51 http header: "Accept-Encoding: gzip"