search

zmap / zlint

X.509 Certificate Linter focused on Web PKI standards and requirements.
https://zmap.io
Apache License 2.0
363 stars 109 forks source link

Metalint for checking against the deprecaetd lint.RegisterLint function #775

Closed christopher-henderson closed 11 months ago

christopher-henderson commented 11 months ago

This addresses the conversation in #765 regarding enforcing the deprecation of lint.RegisterLint via our own code linter.

@aaomidi I took your general idea from #770 and ported into the repo's custom code linter that was built just for this purpose. Thank you for the working code sample!

Given the sample input file...

package cabf_ev

/*
 * ZLint Copyright 2023 Regents of the University of Michigan
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy
 * of the License at http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * permissions and limitations under the License.
 */

import (
    "github.com/zmap/zcrypto/x509"
    "github.com/zmap/zlint/v3/lint"
    "github.com/zmap/zlint/v3/util"
)

type evNoBiz struct{}

func init() {
    lint.RegisterLint(&lint.Lint{
        Name:          "e_ev_business_category_missing",
        Description:   "EV certificates must include businessCategory in subject",
        Citation:      "EVGs: 9.2.3",
        Source:        lint.CABFEVGuidelines,
        EffectiveDate: util.ZeroDate,
        Lint:          NewEvNoBiz,
    })
}

func NewEvNoBiz() lint.LintInterface {
    return &evNoBiz{}
}

func (l *evNoBiz) CheckApplies(c *x509.Certificate) bool {
    return util.IsEV(c.PolicyIdentifiers) && util.IsSubscriberCert(c)
}

func (l *evNoBiz) Execute(c *x509.Certificate) *lint.LintResult {
    if util.TypeInName(&c.Subject, util.BusinessOID) {
        return &lint.LintResult{Status: lint.Pass}
    } else {
        return &lint.LintResult{Status: lint.Error}
    }
}

CICD will print the output...

Found 1 linting errors
--------------------
Linting Error

lint.RegisterLint is deprecated and should not be used. Please use the register function specific to your lint classification (I.E. lint.RegisterCertificateLint for certificate lints and lint.RegisterRevocationListLint for CRL lints).

File /home/chris/projects/zlint/v3/lints/cabf_br/lint_ca_common_name_missing.go, line 26

lint.RegisterLint

For more information, please see the following citations.
    https://github.com/zmap/zlint/issues/765

exit status 1