letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Godeps: Bump zlint to bb32118 (#4045) 

The vendored copy of `github.com/zmap/zlint` is updated to bb32118 - the
tip of master at the time of writing.

This pulls in an updated `gtld_map.go` and a few new lints.

Unit tests are confirmed to pass:
```
$ go test ./...
ok    github.com/zmap/zlint (cached)
?     github.com/zmap/zlint/cmd/zlint [no test files]
?     github.com/zmap/zlint/cmd/zlint-gtld-update [no test files]
ok    github.com/zmap/zlint/lints (cached)
ok    github.com/zmap/zlint/util  (cached)
```
This commit is contained in:
Daniel McCarney 2019-02-11 13:47:29 -05:00 committed by Roland Bracewell Shoemaker
parent 9fda3fb77d
commit 29a7f96d18
11 changed files with 196 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Godeps/Godeps.json generated
View File

@ -350,15 +350,15 @@
},
{
"ImportPath": "github.com/zmap/zlint",
"Rev": "34b7be2e59081f4bbe6970785e021e6bf0741f2a"
"Rev": "bb32118ad3ab29c4d9a697aa1d8faa71c07e7500"
},
{
"ImportPath": "github.com/zmap/zlint/lints",
"Rev": "34b7be2e59081f4bbe6970785e021e6bf0741f2a"
"Rev": "bb32118ad3ab29c4d9a697aa1d8faa71c07e7500"
},
{
"ImportPath": "github.com/zmap/zlint/util",
"Rev": "34b7be2e59081f4bbe6970785e021e6bf0741f2a"
"Rev": "bb32118ad3ab29c4d9a697aa1d8faa71c07e7500"
},
{
"ImportPath": "golang.org/x/crypto/cryptobyte",

2
vendor/github.com/zmap/zlint/.travis.yml generated vendored
View File

@ -1,7 +1,7 @@
language: go
dist: trusty
go:
- 1.9
- "1.11"
before_install:
- go get ./...
- go get -t ./...

13
vendor/github.com/zmap/zlint/lints/lint_ext_cert_policy_explicit_text_too_long.go generated vendored
View File

@ -34,6 +34,8 @@ import (
type explicitTextTooLong struct{}
const tagBMPString int = 30
func (l *explicitTextTooLong) Initialize() error {
return nil
}
@ -50,7 +52,16 @@ func (l *explicitTextTooLong) CheckApplies(c *x509.Certificate) bool {
func (l *explicitTextTooLong) Execute(c *x509.Certificate) *LintResult {
for _, firstLvl := range c.ExplicitTexts {
for _, text := range firstLvl {
if len(text.Bytes) > 200 {
var runes string
// If the field is a BMPString, we need to parse the bytes out into
// UTF-16-BE runes in order to check their length accurately
// The `Bytes` attribute here is the raw representation of the userNotice
if text.Tag == tagBMPString {
runes, _ = util.ParseBMPString(text.Bytes)
} else {
runes = string(text.Bytes)
}
if len(runes) > 200 {
return &LintResult{Status: Error}
}
}

57
vendor/github.com/zmap/zlint/lints/lint_san_dns_name_duplicate.go generated vendored Normal file
View File

@ -0,0 +1,57 @@
/*
* ZLint Copyright 2017 Regents of the University of Michigan
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy
* of the License at http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
package lints
import (
"strings"
"github.com/zmap/zcrypto/x509"
"github.com/zmap/zlint/util"
)
type SANDNSDuplicate struct{}
func (l *SANDNSDuplicate) Initialize() error {
return nil
}
func (l *SANDNSDuplicate) CheckApplies(c *x509.Certificate) bool {
return util.IsExtInCert(c, util.SubjectAlternateNameOID)
}
func (l *SANDNSDuplicate) Execute(c *x509.Certificate) *LintResult {
checkedDNSNames := map[string]struct{}{}
for _, dns := range c.DNSNames {
normalizedDNSName := strings.ToLower(dns)
if _, isPresent := checkedDNSNames[normalizedDNSName]; isPresent {
return &LintResult{Status: Notice}
}
checkedDNSNames[normalizedDNSName] = struct{}{}
}
return &LintResult{Status: Pass}
}
func init() {
RegisterLint(&Lint{
Name: "n_san_dns_name_duplicate",
Description: "SAN DNSName contains duplicate values",
Citation: "awslabs certlint",
Source: AWSLabs,
EffectiveDate: util.ZeroDate,
Lint: &SANDNSDuplicate{},
})
}

4
vendor/github.com/zmap/zlint/lints/lint_subject_common_name_not_from_san.go generated vendored
View File

@ -22,6 +22,8 @@ contained in the Certificates subjectAltName extension (see Section 7.1.4.2.1
************************************************/
import (
"strings"
"github.com/zmap/zcrypto/x509"
"github.com/zmap/zlint/util"
)
@ -40,7 +42,7 @@ func (l *subjectCommonNameNotFromSAN) Execute(c *x509.Certificate) *LintResult {
cn := c.Subject.CommonName
for _, dn := range c.DNSNames {
if cn == dn {
if strings.EqualFold(cn, dn) {
return &LintResult{Status: Pass}
}
}

73
vendor/github.com/zmap/zlint/lints/lint_subject_dn_not_printable_characters.go generated vendored Normal file
View File

@ -0,0 +1,73 @@
/*
* ZLint Copyright 2017 Regents of the University of Michigan
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy
* of the License at http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
package lints
import (
"encoding/asn1"
"unicode/utf8"
"github.com/zmap/zcrypto/x509"
"github.com/zmap/zlint/util"
)
type subjectDNNotPrintableCharacters struct{}
func (l *subjectDNNotPrintableCharacters) Initialize() error {
return nil
}
func (l *subjectDNNotPrintableCharacters) CheckApplies(c *x509.Certificate) bool {
return true
}
func (l *subjectDNNotPrintableCharacters) Execute(c *x509.Certificate) *LintResult {
rdnSequence := util.RawRDNSequence{}
rest, err := asn1.Unmarshal(c.RawSubject, &rdnSequence)
if err != nil {
return &LintResult{Status: Fatal}
}
if len(rest) > 0 {
return &LintResult{Status: Fatal}
}
for _, attrTypeAndValueSet := range rdnSequence {
for _, attrTypeAndValue := range attrTypeAndValueSet {
bytes := attrTypeAndValue.Value.Bytes
for len(bytes) > 0 {
r, size := utf8.DecodeRune(bytes)
if r < 0x20 {
return &LintResult{Status: Error}
}
if r >= 0x7F && r <= 0x9F {
return &LintResult{Status: Error}
}
bytes = bytes[size:]
}
}
}
return &LintResult{Status: Pass}
}
func init() {
RegisterLint(&Lint{
Name: "e_subject_dn_not_printable_characters",
Description: "X520 Subject fields MUST only contain printable control characters",
Citation: "RFC 5280: Appendix A",
Source: RFC5280,
EffectiveDate: util.ZeroDate,
Lint: &subjectDNNotPrintableCharacters{},
})
}

7
vendor/github.com/zmap/zlint/template generated vendored
View File

@ -16,7 +16,6 @@ package lints
import (
"github.com/zmap/zcrypto/x509"
"github.com/zmap/zlint/util"
)
type SUBST struct{}
@ -29,17 +28,17 @@ func (l *SUBST) CheckApplies(c *x509.Certificate) bool {
// Add conditions for application here
}
func (l *SUBST) RunTest(c *x509.Certificate) (ResultStruct, error) {
func (l *SUBST) Execute(c *x509.Certificate) *LintResult {
// Add actual lint here
}
func init() {
registerLint(&Lint{
RegisterLint(&Lint{
Name: "SUBTEST",
Description: "Fill this in...",
Citation: "Fill this in...",
Source: UnknownLintSource,
EffectiveDate: "Change this...",
Test: &SUBST{},
Lint: &SUBST{},
})
}

19
vendor/github.com/zmap/zlint/util/encodings.go generated vendored
View File

@ -17,9 +17,11 @@ package util
import (
"bytes"
"encoding/asn1"
"errors"
"regexp"
"strings"
"unicode"
"unicode/utf16"
"github.com/zmap/zcrypto/x509/pkix"
)
@ -115,3 +117,20 @@ var emptyASN1Sequence = []byte{0x30, 0x00}
func IsEmptyASN1Sequence(input []byte) bool {
return len(input) < 2 || bytes.Equal(input, emptyASN1Sequence)
}
// ParseBMPString returns a uint16 encoded string following the specification for a BMPString type
func ParseBMPString(bmpString []byte) (string, error) {
if len(bmpString)%2 != 0 {
return "", errors.New("odd-length BMP string")
}
// strip terminator if present
if l := len(bmpString); l >= 2 && bmpString[l-1] == 0 && bmpString[l-2] == 0 {
bmpString = bmpString[:l-2]
}
s := make([]uint16, 0, len(bmpString)/2)
for len(bmpString) > 0 {
s = append(s, uint16(bmpString[0])<<8+uint16(bmpString[1]))
bmpString = bmpString[2:]
}
return string(utf16.Decode(s)), nil
}

2
vendor/github.com/zmap/zlint/util/gtld.go generated vendored
View File

@ -71,7 +71,7 @@ func (p GTLDPeriod) Valid(when time.Time) error {
// HasValidTLD checks that a domain ends in a valid TLD that was delegated in
// the root DNS at the time specified.
func HasValidTLD(domain string, when time.Time) bool {
labels := strings.Split(domain, ".")
labels := strings.Split(strings.ToLower(domain), ".")
rightLabel := labels[len(labels)-1]
// if the rightmost label is not present in the tldMap, it isn't valid and
// never was.

16
vendor/github.com/zmap/zlint/util/gtld_map.go generated vendored
View File

@ -1,5 +1,5 @@
// Code generated by go generate; DO NOT EDIT.
// This file was generated by zlint-gtld-update at 2018-09-21 11:44
// This file was generated by zlint-gtld-update at 2019-02-04 10:01
/*
* ZLint Copyright 2018 Regents of the University of Michigan
@ -5876,7 +5876,7 @@ var tldMap = map[string]GTLDPeriod{
"spiegel": {
GTLD: "spiegel",
DelegationDate: "2014-07-18",
RemovalDate: "",
RemovalDate: "2018-12-15",
},
"sport": {
GTLD: "sport",
@ -5908,6 +5908,11 @@ var tldMap = map[string]GTLDPeriod{
DelegationDate: "2016-07-28",
RemovalDate: "",
},
"ss": {
GTLD: "ss",
DelegationDate: "1985-01-01",
RemovalDate: "",
},
"st": {
GTLD: "st",
DelegationDate: "1985-01-01",
@ -5946,7 +5951,7 @@ var tldMap = map[string]GTLDPeriod{
"statoil": {
GTLD: "statoil",
DelegationDate: "2015-06-19",
RemovalDate: "",
RemovalDate: "2018-10-03",
},
"stc": {
GTLD: "stc",
@ -7388,6 +7393,11 @@ var tldMap = map[string]GTLDPeriod{
DelegationDate: "2014-02-18",
RemovalDate: "",
},
"xn--mgbah1a3hjkrd": {
GTLD: "xn--mgbah1a3hjkrd",
DelegationDate: "1985-01-01",
RemovalDate: "",
},
"xn--mgbai9azgqp6j": {
GTLD: "xn--mgbai9azgqp6j",
DelegationDate: "1985-01-01",