happyDomain/checker-caa
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: happyDomain:master
Branches Tags
happyDomain:master
happyDomain:v0.2.2
happyDomain:v0.2.1
happyDomain:v0.2.0
happyDomain:v0.1.0
..
compare: happyDomain:v0.2.1
Branches Tags
happyDomain:master
happyDomain:v0.2.2
happyDomain:v0.2.1
happyDomain:v0.2.0
happyDomain:v0.1.0

No commits in common. "master" and "v0.2.1" have entirely different histories.
master ... v0.2.1

3 changed files with 8 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

2
checker/collect.go
View file

@ -4,6 +4,7 @@ import (
"context" "context"
"encoding/json" "encoding/json"
"fmt" "fmt"
"time"
sdk "git.happydns.org/checker-sdk-go/checker" sdk "git.happydns.org/checker-sdk-go/checker"
) )
@ -63,6 +64,7 @@ func (p *caaProvider) Collect(ctx context.Context, opts sdk.CheckerOptions) (any
return &CAAData{ return &CAAData{
Domain: domain, Domain: domain,
Records: records, Records: records,
RunAt: time.Now().UTC().Format(time.RFC3339),
}, nil }, nil
} }

13
checker/rule.go
View file

@ -31,7 +31,6 @@ type issuerAgg struct {
code string code string
msg string msg string
endpoints map[string]bool endpoints map[string]bool
count int // number of certificates observed from this issuer
} }
type allowList struct { type allowList struct {
@ -153,7 +152,6 @@ func (r *caaRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, opts
cur = &issuerAgg{sample: p, endpoints: map[string]bool{}} cur = &issuerAgg{sample: p, endpoints: map[string]bool{}}
agg[k] = cur agg[k] = cur
} }
cur.count++
if severityRank(severity) >= severityRank(cur.severity) { if severityRank(severity) >= severityRank(cur.severity) {
cur.severity = severity cur.severity = severity
cur.code = code cur.code = code
@ -235,23 +233,22 @@ func (r *caaRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, opts
endpoints = append(endpoints, ep) endpoints = append(endpoints, ep)
} }
sort.Strings(endpoints) sort.Strings(endpoints)
meta := map[string]any{"endpoints": endpoints, "cert_count": a.count} meta := map[string]any{"endpoints": endpoints}
certSuffix := fmt.Sprintf(" (%d certificate(s) checked)", a.count)
switch a.severity { switch a.severity {
case SeverityCrit: case SeverityCrit:
out = append(out, sdk.CheckState{ out = append(out, sdk.CheckState{
Status: sdk.StatusCrit, Message: a.msg + certSuffix, Code: a.code, Status: sdk.StatusCrit, Message: a.msg, Code: a.code,
Subject: subject, Meta: meta, Subject: subject, Meta: meta,
}) })
case SeverityWarn: case SeverityWarn:
out = append(out, sdk.CheckState{ out = append(out, sdk.CheckState{
Status: sdk.StatusWarn, Message: a.msg + certSuffix, Code: a.code, Status: sdk.StatusWarn, Message: a.msg, Code: a.code,
Subject: subject, Meta: meta, Subject: subject, Meta: meta,
}) })
case SeverityInfo: case SeverityInfo:
out = append(out, sdk.CheckState{ out = append(out, sdk.CheckState{
Status: sdk.StatusInfo, Message: a.msg + certSuffix, Code: a.code, Status: sdk.StatusInfo, Message: a.msg, Code: a.code,
Subject: subject, Meta: meta, Subject: subject, Meta: meta,
}) })
default: default:
@ -260,7 +257,7 @@ func (r *caaRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, opts
msg = "Certificate observed; no CAA records published" msg = "Certificate observed; no CAA records published"
} }
out = append(out, sdk.CheckState{ out = append(out, sdk.CheckState{
Status: sdk.StatusOK, Message: msg + certSuffix, Code: CodeOK, Status: sdk.StatusOK, Message: msg, Code: CodeOK,
Subject: subject, Meta: meta, Subject: subject, Meta: meta,
}) })
} }

1
checker/types.go
View file

@ -40,6 +40,7 @@ const (
type CAAData struct { type CAAData struct {
Domain string `json:"domain,omitempty"` Domain string `json:"domain,omitempty"`
Records []CAARecord `json:"records,omitempty"` Records []CAARecord `json:"records,omitempty"`
RunAt string `json:"run_at,omitempty"`
} }
type CAARecord struct { type CAARecord struct {