CSAF release 0.20

MANIFEST

@@ -1,11 +1,21 @@
+bin/csaf-downloader
+bin/csaf-rolie
 bin/csaf-validator
 Changes
 INSTALL.md
+lib/App/CSAF/Downloader.pm
+lib/App/CSAF/ROLIE.pm
 lib/App/CSAF/Validator.pm
 lib/CSAF.pm
 lib/CSAF/Base.pm
 lib/CSAF/Builder.pm
 lib/CSAF/Document.pm
+lib/CSAF/Downloader.pm
+lib/CSAF/Indexer.pm
+lib/CSAF/Options/Common.pm
+lib/CSAF/Options/Downloader.pm
+lib/CSAF/Options/ROLIE.pm
+lib/CSAF/Options/Writer.pm
 lib/CSAF/Parser.pm
 lib/CSAF/Renderer.pm
 lib/CSAF/Renderer/Base.pm
@@ -14,8 +24,13 @@ lib/CSAF/Renderer/JSON.pm
 lib/CSAF/resources/cache/6616ab5b335e47cd27e701999bd8eb3a
 lib/CSAF/resources/cache/803157887dabfefc7425634a877ed27a
 lib/CSAF/resources/cache/ac1b12ae2d190a0c468b534b8a1b9bd2
+lib/CSAF/resources/cache/bb7795e241f5997c83fb4fc8fa278368
 lib/CSAF/resources/cache/efea8b3a7512905f5aa6affa56ea3a68
-lib/CSAF/resources/template/default.tt2
+lib/CSAF/resources/template/default.tt
+lib/CSAF/ROLIE/Entries.pm
+lib/CSAF/ROLIE/Entry.pm
+lib/CSAF/ROLIE/Feed.pm
+lib/CSAF/Schema.pm
 lib/CSAF/Type.pm
 lib/CSAF/Type/Acknowledgment.pm
 lib/CSAF/Type/Acknowledgments.pm
@@ -71,35 +86,35 @@ lib/CSAF/Type/Tracking.pm
 lib/CSAF/Type/Vulnerabilities.pm
 lib/CSAF/Type/Vulnerability.pm
 lib/CSAF/Util.pm
+lib/CSAF/Util/App.pm
 lib/CSAF/Util/CVSS.pm
 lib/CSAF/Util/CWE.pm
 lib/CSAF/Util/List.pm
+lib/CSAF/Util/Log.pm
+lib/CSAF/Util/Options.pm
 lib/CSAF/Validator.pm
 lib/CSAF/Validator/Base.pm
+lib/CSAF/Validator/InformativeTests.pm
 lib/CSAF/Validator/MandatoryTests.pm
 lib/CSAF/Validator/Message.pm
 lib/CSAF/Validator/OptionalTests.pm
 lib/CSAF/Validator/Schema.pm
 lib/CSAF/Writer.pm
 LICENSE
 Makefile.PL
-MANIFEST
+MANIFEST			This list of files
 README.md
 t/00-load.t
-t/10-mandatory-6.1.10.t
 t/10-mandatory-6.1.11.t
-t/10-mandatory-6.1.12.t
 t/10-mandatory-6.1.13.t
 t/10-mandatory-6.1.15.t
 t/10-mandatory-6.1.16.t
 t/10-mandatory-6.1.17.t
 t/10-mandatory-6.1.18.t
 t/10-mandatory-6.1.19.t
 t/10-mandatory-6.1.20.t
-t/10-mandatory-6.1.21.t
 t/10-mandatory-6.1.22.t
 t/10-mandatory-6.1.23.t
-t/10-mandatory-6.1.24.t
 t/10-mandatory-6.1.26.t
 t/10-mandatory-6.1.27.1.t
 t/10-mandatory-6.1.27.11.t
@@ -111,12 +126,8 @@ t/10-mandatory-6.1.27.6.t
 t/10-mandatory-6.1.27.7.t
 t/10-mandatory-6.1.27.8.t
 t/10-mandatory-6.1.28.t
-t/10-mandatory-6.1.3.t
 t/10-mandatory-6.1.30.t
 t/10-mandatory-6.1.31.t
-t/10-mandatory-6.1.32.t
-t/10-mandatory-6.1.33.t
-t/10-mandatory-6.1.4.t
 t/10-mandatory-6.1.6.t
 t/10-mandatory-6.1.7.t
 t/10-mandatory-6.1.8.t

Makefile.PL

@@ -22,14 +22,19 @@ WriteMakefile(
         'File::Basename'        => '0',    # CORE
         'File::Path'            => '0',    # CORE
         'File::Spec::Functions' => '0',    # CORE
+        'GnuPG::Interface'      => '0',
+        'LWP::UserAgent'        => '0',
         'JSON::Validator'       => '0',
         'List::MoreUtils'       => '0',
         'List::Util'            => '0',    # CORE
+        'Log::Any'              => '0',
         'Moo'                   => '0',
+        'Parallel::ForkManager' => '0',
+        'Template'              => '0',
         'Tie::File'             => '0',    # CORE
         'Time::Piece'           => '0',    # CORE
         'URI::PackageURL'       => '0',
-        'Template'              => '0',
+        'YAML::XS'              => '0',
     },
     META_MERGE => {
         'meta-spec' => {version => 2},

bin/csaf-downloader

@@ -0,0 +1,77 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+use utf8;
+
+use App::CSAF::Downloader;
+
+exit App::CSAF::Downloader->run(@ARGV) unless caller();
+
+1;
+
+__END__
+=encoding utf-8
+
+=head1 NAME
+
+csaf-downloader - CSAF Downloader
+
+=head1 SYNOPSIS
+
+    csaf-downloader --url URL
+    csaf-downloader --config FILE
+    csaf-downloader [--help|--man|--version]
+
+    Options:
+      -u, --url=URL                "provider-metadata.json", "index.txt" or ROLIE feed URL
+      -k, --insecure                Skip TLS verification
+          --parallel-downloads=NUM  Number of parallel downloads (default: 10)
+
+          --validate=[type]         Validate CSAF document (type: schema, mandatory, optional, informative)
+          --signature-check         Enable GPG signature chec
+          --integrity-check         Enable SHA-(256|512) integrity check
+
+          --include=REGEXP          Include file
+          --exclude=REGEXP          Exclude file
+
+      -v, --verbose                 Verbose
+
+          --config=FILE             Configuration file
+
+          --help                    Brief help message
+          --man                     Full documentation
+          --version                 Print version
+
+=head1 DESCRIPTION
+
+C<csaf-downloader> CSAF Downloader
+
+=head1 EXAMPLES
+
+Download using C<index.txt> file
+
+    $ csaf-downloader -u https://security.acme.tld/advisories/csaf/index.txt
+
+Download using C<provider-metadata.json> with ROLIE feed document:
+
+    $ csaf-downloader -u https://psirt.domain.tld/advisories/csaf/provider-metadata.json
+
+Download using ROLIE feed document:
+
+    $ csaf-downloader -u https://psirt.domain.tld/advisories/csaf/feed-tlp-white.json
+
+=head1 SEE ALSO
+
+L<csaf-rolie>
+
+=head1 AUTHOR
+
+L<Giuseppe Di Terlizzi|https://metacpan.org/author/gdt>
+
+=head1 COPYRIGHT AND LICENSE
+
+Copyright © 2023-2024 L<Giuseppe Di Terlizzi|https://metacpan.org/author/gdt>
+
+You may use and distribute this module according to the same terms
+that Perl is distributed under.

bin/csaf-rolie

@@ -0,0 +1,132 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+use utf8;
+
+use App::CSAF::ROLIE;
+
+exit App::CSAF::ROLIE->run(@ARGV) unless caller();
+
+1;
+
+__END__
+=encoding utf-8
+
+=head1 NAME
+
+csaf-rolie - Build ROLIE (Resource-Oriented Lightweight Information Exchange) feed
+
+=head1 SYNOPSIS
+
+    csaf-rolie --csaf DIRECTORY [--tlp-label STRING|--feed-id STRING|--feed-title STRING|--base-url URL|--output PATH]
+    csaf-rolie [--help|--man|-v]
+
+    Options:
+      -c, --conf PATH     YAML config path
+      -d, --csaf DIR      CSAF documents directory
+          --output PATH   Feed output file path (default {csaf}/{feed-id}.json)
+          --tlp-label     TLP (Traffic Light Protocol) label (default "WHITE")
+          --base-url      Feed base URL (default "https://psirt.domain.tld/advisories/csaf")
+          --feed-id       Feed ID (default "csaf-feed-tlp-{tlp-label}")
+          --feed-title    Feed title (default "CSAF feed (TLP:{tlp-label})")
+          --stdout        Write ROLIE feed in STDOUT
+          --verbose       Print verbose messages
+          --test          Test the configuration and exit
+          --help          Brief help message
+          --man           Full documentation
+      -v, --version       Print version
+
+
+=head1 DESCRIPTION
+
+C<csaf-rolie> build a ROLIE (Resource-Oriented Lightweight Information Exchange)
+feed using the CSAF documents.
+
+L<https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html>
+
+The Resource Oriented Lightweight Information Exchange (ROLIE) is standard (RFC-8322)
+for exchanging security automation information between two machines, or between
+a machine and a human operator.
+
+L<https://tools.ietf.org/html/rfc8322>
+
+
+=head1 EXAMPLES
+
+=head2 Create a new ROLIE feed
+
+    $ csaf-rolie --csaf /var/www/html/advisories/csaf \
+                 --base-url https://security.acme.tld/advisories/csaf \
+                 --feed-title "ACME CSAF feed (TLP:WHITE)" \
+                 --verbose
+
+    CSAF directory : /var/www/html/advisories/csaf
+    TLP label      : WHITE
+    Base URL       : https://security.acme.tld/advisories/csaf
+    Feed ID        : csaf-feed-tlp-white
+    Feed title     : CSAF feed (TLP:WHITE)
+    Feed filename  : csaf-feed-tlp-white.json
+    Output file    : /var/www/html/advisories/csaf/csaf-feed-tlp-white.json
+
+    [*] Add ACMESA-2024:0001 in ROLIE feed
+    [*] Add ACMESA-2024:1337 in ROLIE feed
+
+    [...]
+
+    ROLIE feed saved in /var/www/html/advisories/csaf/csaf-feed-tlp-white.json
+
+
+=head2 Create a new ROLIE feed using a config file
+
+Available config items:
+
+=over
+
+=item C<csaf> CSAF documents directory
+
+=item C<output> Feed output file path (default {csaf}/{feed-id}.json)
+
+=item C<tlp-label> TLP (Traffic Light Protocol) label (default "WHITE")
+
+=item C<base-url> Feed base URL (default "https://psirt.domain.tld/advisories/csaf")
+
+=item C<feed-id> Feed ID (default "csaf-feed-tlp-{tlp-label}")
+
+=item C<feed-title> Feed title (default "CSAF feed (TLP:{tlp-label})")
+
+=back
+
+
+ROLIE config file (F<rolie.conf>):
+
+    ---
+    csaf: /var/www/html/advisories/csaf
+    base_url: https://security.acme.tld/advisories/csaf
+    tlp_label: WHITE
+    feed_id: acme-csaf-feed-tlp-white
+    feed_title: ACME CSAF feed (TLP:WHITE)
+
+Use F<rolie.conf> with C<csaf-rolie> command:
+
+    $ csaf-rolie --config /etc/csaf/rolie.conf
+
+Schedule the refresh of ROLIE feed in L<crontab>:
+
+    */2 * * * * csaf-rolie --config /etc/csaf/rolie.conf 2> /dev/null
+
+=head1 SEE ALSO
+
+L<csaf-validator>
+
+
+=head1 AUTHOR
+
+L<Giuseppe Di Terlizzi|https://metacpan.org/author/gdt>
+
+=head1 COPYRIGHT AND LICENSE
+
+Copyright © 2023-2024 L<Giuseppe Di Terlizzi|https://metacpan.org/author/gdt>
+
+You may use and distribute this module according to the same terms
+that Perl is distributed under.

bin/csaf-validator

@@ -26,7 +26,7 @@ csaf-validator - CSAF Validator
       -f, --file PATH   CSAF document path
           --help        Brief help message
           --man         Full documentation
-          -v            Print version
+      -v, --version     Print version
 
 =head1 DESCRIPTION
 
@@ -41,6 +41,10 @@ C<csaf-validator> CSAF Validator
     $ cat csaf-document.json | csaf-validator
     [error] /product_tree/branches/0/branches/0/branches/name: Version Range in Product Version (6.1.31 - mandatory)
 
+=head1 SEE ALSO
+
+L<csaf-rolie>
+
 =head1 AUTHOR
 
 L<Giuseppe Di Terlizzi|https://metacpan.org/author/gdt>
@@ -50,4 +54,4 @@ L<Giuseppe Di Terlizzi|https://metacpan.org/author/gdt>
 Copyright © 2023-2024 L<Giuseppe Di Terlizzi|https://metacpan.org/author/gdt>
 
 You may use and distribute this module according to the same terms
-that Perl is distributed under.
+that Perl is distributed under.