search

gocsaf / csaf

Tools to download or provide CSAF (Common Security Advisory Framework) documents.
https://csaf.io
41 stars 24 forks source link

Improve message in requirement 4 #402

Open tschmidtb51 opened 1 year ago

tschmidtb51 commented 1 year ago

We should separate the different cases in the report message:

  1. We didn't had credentials and there was no access protected feed listed. (=> unlikely that a TLP:WHITE was hidden)
  2. We didn't had credentials and there was at least one access protected feed listed.
  3. We had credentials and didn't found an access-protected TLP:WHITE CSAF document.
JanHoefelmeyer commented 1 year ago

After thinking about it:

About 2: I don't think we should consider feeds or advisories we were not able to access. There is already a warning and adding a "They might have been TLP:WHITE" seems redundant. They might've also had other faults we would have to report as well then. We shouldn't make assumptions about advisories we cannot access.

Similarly, there is little difference between 1. and 3.: We did not find access-protected TLP:WHITE feeds. The user should know whether they used credentials or not. And if they used the wrong credentials, it either doesn't matter for TLP:WHITE (no access-protected feeds) or is already tracked (if the server returns a forbidden).

As such, the current implementation seems to suffice.