lint

package
v2.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 9, 2020 License: Apache-2.0 Imports: 11 Imported by: 4

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// StatusLabelToLintStatus is used to work backwards from
	// a LintStatus.String() to the LintStatus. This is used by
	// LintStatus.Unmarshal.
	StatusLabelToLintStatus = map[string]LintStatus{
		Reserved.String(): Reserved,
		NA.String():       NA,
		NE.String():       NE,
		Pass.String():     Pass,
		Notice.String():   Notice,
		Warn.String():     Warn,
		Error.String():    Error,
		Fatal.String():    Fatal,
	}
)

Functions

func NewRegistry 

func NewRegistry() *registryImpl

NewRegistry constructs a Registry implementation that can be used to register lints.

func RegisterLint 

func RegisterLint(l *Lint)

RegisterLint must be called once for each lint to be executed. Normally, RegisterLint is called from the Go init() function of a lint implementation.

RegsterLint will call l.Lint's Initialize() function as part of the registration process.

IMPORTANT: RegisterLint will panic if given a nil lint, or a lint with a nil Lint pointer, or if the lint's Initialize function errors, or if the lint name matches a previously registered lint's name. These conditions all indicate a bug that should be addressed by a developer.

Types

type FilterOptions 

type FilterOptions struct {
	// NameFilter is a regexp used to filter lints by their name. It is mutually
	// exclusive with IncludeNames and ExcludeNames.
	NameFilter *regexp.Regexp
	// IncludeNames is a case sensitive list of lint names to include in the
	// registry being filtered.
	IncludeNames []string
	// ExcludeNames is a case sensitive list of lint names to exclude from the
	// registry being filtered.
	ExcludeNames []string
	// IncludeSource is a SourceList of LintSource's to be included in the
	// registry being filtered.
	IncludeSources SourceList
	// ExcludeSources is a SourceList of LintSources's to be excluded in the
	// registry being filtered.
	ExcludeSources SourceList
}

FilterOptions is a struct used by Registry.Filter to create a sub registry containing only lints that meet the filter options specified.

Source based exclusion/inclusion is evaluated before Lint name based exclusion/inclusion. In both cases exclusion is processed before inclusion.

Only one of NameFilter or IncludeNames/ExcludeNames can be provided at a time.

func (FilterOptions) Empty 

func (opts FilterOptions) Empty() bool

Empty returns true if the FilterOptions is empty and does not specify any elements to filter by.

type Lint 

type Lint struct {

	// Name is a lowercase underscore-separated string describing what a given
	// Lint checks. If Name beings with "w", the lint MUST NOT return Error, only
	// Warn. If Name beings with "e", the Lint MUST NOT return Warn, only Error.
	Name string `json:"name,omitempty"`

	// A human-readable description of what the Lint checks. Usually copied
	// directly from the CA/B Baseline Requirements or RFC 5280.
	Description string `json:"description,omitempty"`

	// The source of the check, e.g. "BRs: 6.1.6" or "RFC 5280: 4.1.2.6".
	Citation string `json:"citation,omitempty"`

	// Programmatic source of the check, BRs, RFC5280, or ZLint
	Source LintSource `json:"source"`

	// Lints automatically returns NE for all certificates where CheckApplies() is
	// true but with NotBefore < EffectiveDate. This check is bypassed if
	// EffectiveDate is zero.
	EffectiveDate time.Time `json:"-"`

	// The implementation of the lint logic.
	Lint LintInterface `json:"-"`
}

A Lint struct represents a single lint, e.g. "e_basic_constraints_not_critical". It contains an implementation of LintInterface.

func (*Lint) CheckEffective 

func (l *Lint) CheckEffective(c *x509.Certificate) bool

CheckEffective returns true if c was issued on or after the EffectiveDate. If EffectiveDate is zero, CheckEffective always returns true.

func (*Lint) Execute 

func (l *Lint) Execute(cert *x509.Certificate) *LintResult

Execute runs the lint against a certificate. For lints that are sourced from the CA/B Forum Baseline Requirements, we first determine if they are within the purview of the BRs. See LintInterface for details about the other methods called. The ordering is as follows:

CheckApplies() CheckEffective() Execute()

type LintInterface 

type LintInterface interface {
	// Initialize runs once per-lint. It is called during RegisterLint().
	Initialize() error

	// CheckApplies runs once per certificate. It returns true if the Lint should
	// run on the given certificate. If CheckApplies returns false, the Lint
	// result is automatically set to NA without calling CheckEffective() or
	// Run().
	CheckApplies(c *x509.Certificate) bool

	// Execute() is the body of the lint. It is called for every certificate for
	// which CheckApplies() returns true.
	Execute(c *x509.Certificate) *LintResult
}

LintInterface is implemented by each Lint.

type LintResult 

type LintResult struct {
	Status  LintStatus `json:"result"`
	Details string     `json:"details,omitempty"`
}

LintResult contains a LintStatus, and an optional human-readable description. The output of a lint is a LintResult.

type LintSource 

type LintSource string

LintSource is a type representing a known lint source that lints cite requirements from. 

const (
	UnknownLintSource        LintSource = "Unknown"
	RFC5280                  LintSource = "RFC5280"
	RFC5480                  LintSource = "RFC5480"
	RFC5891                  LintSource = "RFC5891"
	CABFBaselineRequirements LintSource = "CABF_BR"
	CABFEVGuidelines         LintSource = "CABF_EV"
	MozillaRootStorePolicy   LintSource = "Mozilla"
	AppleCTPolicy            LintSource = "Apple"
	ZLint                    LintSource = "ZLint"
	AWSLabs                  LintSource = "AWSLabs"
	EtsiEsi                  LintSource = "ETSI_ESI"
)

func (*LintSource) FromString 

func (s *LintSource) FromString(src string)

FromString sets the LintSource value based on the source string provided (case sensitive). If the src string does not match any of the known LintSource's then s is set to the UnknownLintSource.

func (*LintSource) UnmarshalJSON 

func (s *LintSource) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface. It ensures that the unmarshaled value is a known LintSource.

type LintStatus 

type LintStatus int

LintStatus is an enum returned by lints inside of a LintResult. 

const (
	// Unused / unset LintStatus
	Reserved LintStatus = 0

	// Not Applicable
	NA LintStatus = 1

	// Not Effective
	NE LintStatus = 2

	Pass   LintStatus = 3
	Notice LintStatus = 4
	Warn   LintStatus = 5
	Error  LintStatus = 6
	Fatal  LintStatus = 7
)

Known LintStatus values

func (LintStatus) MarshalJSON 

func (e LintStatus) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface.

func (LintStatus) String 

func (e LintStatus) String() string

String returns the canonical representation of a LintStatus as a string.

func (*LintStatus) UnmarshalJSON 

func (e *LintStatus) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface.

type Registry 

type Registry interface {
	// Names returns a list of all of the lint names that have been registered
	// in string sorted order.
	Names() []string
	// Sources returns a SourceList of registered LintSources. The list is not
	// sorted but can be sorted by the caller with sort.Sort() if required.
	Sources() SourceList
	// ByName returns a pointer to the registered lint with the given name, or nil
	// if there is no such lint registered in the registry.
	ByName(name string) *Lint
	// BySource returns a list of registered lints that have the same LintSource as
	// provided (or nil if there were no such lints in the registry).
	BySource(s LintSource) []*Lint
	// Filter returns a new Registry containing only lints that match the
	// FilterOptions criteria.
	Filter(opts FilterOptions) (Registry, error)
	// WriteJSON writes a description of each registered lint as
	// a JSON object, one object per line, to the provided writer.
	WriteJSON(w io.Writer)
}

Registry is an interface describing a collection of registered lints. A Registry instance can be given to zlint.LintCertificateEx() to control what lints are run for a given certificate.

Typically users will interact with the global Registry returned by GlobalRegistry(), or a filtered Registry created by applying FilterOptions to the GlobalRegistry()'s Filter function.

func GlobalRegistry 

func GlobalRegistry() Registry

GlobalRegistry is the Registry used by RegisterLint and contains all of the lints that are loaded.

If you want to run only a subset of the globally registered lints use GloablRegistry().Filter with FilterOptions to create a filtered Registry.

type SourceList 

type SourceList []LintSource

SourceList is a slice of LintSources that can be sorted.

func (*SourceList) FromString 

func (l *SourceList) FromString(raw string) error

FromString populates a SourceList (replacing any existing content) with the comma separated list of sources provided in raw. If any of the comma separated values are not known LintSource's an error is returned.

func (SourceList) Len 

func (l SourceList) Len() int

Len returns the length of the list.

func (SourceList) Less 

func (l SourceList) Less(i, j int) bool

Less compares the LintSources at index i and j lexicographically.

func (SourceList) Swap 

func (l SourceList) Swap(i, j int)

Swap swaps the LintSource at index i and j in the list.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.