diff options
author | Ben Burwell <ben@benburwell.com> | 2019-09-09 15:13:31 -0400 |
---|---|---|
committer | Ben Burwell <ben@benburwell.com> | 2019-09-09 15:13:31 -0400 |
commit | 2521534614c4422d865dde674c258eef9441336a (patch) | |
tree | 1b964605367103083152684f9598446c1866002e | |
parent | 231fe480a3a52ad228d9a7d3cda0a2fe1663a284 (diff) |
stub out monitor
-rw-r--r-- | main.go | 70 | ||||
-rw-r--r-- | sumdb/client.go | 73 |
2 files changed, 55 insertions, 88 deletions
@@ -2,6 +2,7 @@ package main import ( "log" + "sync" "time" "git.sr.ht/~benburwell/gosumdbaudit/sumdb" @@ -18,23 +19,62 @@ func main() { pollInterval: 10 * time.Second, }, } + var wg sync.WaitGroup + wg.Add(len(dbs)) for _, db := range dbs { - client := sumdb.NewClient(db) - // lines, err := client.Lookup("golang.org/x/text", "v0.3.0") - lines, err := client.Lookup("github.com/influxdata/influxdb", "v0.0.0-20190908081120-80e3efa37a3a") - if err != nil { - log.Printf("could not lookup: %v", err) - } else { - for _, line := range lines { - log.Printf("got: %s", line) + go func(db *database) { + defer wg.Done() + if err := monitor(db); err != nil { + log.Printf("AUDIT FAILED: %s", err.Error()) + return } - } - // log.Printf("config: %s", string(db.config["sum.golang.org/latest"])) - // if err := d.monitor(); err != nil { - // log.Printf("AUDIT FAIL (%s): %s", d.host, err.Error()) - // } - // if err := audit(d); err != nil { - // log.Printf("AUDIT FAIL (%s): %s", d.host, err.Error()) + }(db) + } + wg.Wait() +} + +func monitor(db *database) error { + log.Printf("starting monitor for %s", db.host) + + client := sumdb.NewClient(db) + + lines, err := client.Lookup("golang.org/x/text", "v0.3.0") + if err != nil { + return err + } + log.Printf("got lines: %s", lines) + + // fetch & verify current STH + // latest, err := client.Latest() + // if err != nil { + // return err + // } + + // fetch all entries in the tree according to the STH + // entries := client.Entries(nil, latest) + + // confirm the tree made from the entries produces the same hash as the STH + // IF NOT: the server has signed invalid data + + // prev := latest + for { + // await a new STH + // prev = latest + time.Sleep(db.pollInterval) + log.Printf("checking %s for new STH...", db.host) + // awaitNewSTH() + + // latest, err := client.Latest() + // if err != nil { + // return err // } + + // fetch all NEW entries between prev and latest + // if unavailable for an extended period, this should be viewed as misbehavior + // entries := client.Entries(prev, latest) + + // fetch a consistency proof for the new STH with the previous STH + // verify consistency proof + // verify the new entries generate the corresponding elements in the consistency proof } } diff --git a/sumdb/client.go b/sumdb/client.go index 70dd56f..e4552ae 100644 --- a/sumdb/client.go +++ b/sumdb/client.go @@ -8,7 +8,6 @@ import ( "bytes" "errors" "fmt" - "path" "strings" "sync" "sync/atomic" @@ -172,84 +171,12 @@ func (c *Client) SetTileHeight(height int) { c.tileHeight = height } -// SetGONOSUMDB sets the list of comma-separated GONOSUMDB patterns for the Client. -// For any module path matching one of the patterns, -// Lookup will return ErrGONOSUMDB. -// SetGONOSUMDB can be called at most once, -// and if so it must be called before the first call to Lookup. -func (c *Client) SetGONOSUMDB(list string) { - if atomic.LoadUint32(&c.didLookup) != 0 { - panic("SetGONOSUMDB used after Lookup") - } - if c.nosumdb != "" { - panic("multiple calls to SetGONOSUMDB") - } - c.nosumdb = list -} - -// ErrGONOSUMDB is returned by Lookup for paths that match -// a pattern listed in the GONOSUMDB list (set by SetGONOSUMDB, -// usually from the environment variable). -var ErrGONOSUMDB = errors.New("skipped (listed in GONOSUMDB)") - -func (c *Client) skip(target string) bool { - return globsMatchPath(c.nosumdb, target) -} - -// globsMatchPath reports whether any path prefix of target -// matches one of the glob patterns (as defined by path.Match) -// in the comma-separated globs list. -// It ignores any empty or malformed patterns in the list. -func globsMatchPath(globs, target string) bool { - for globs != "" { - // Extract next non-empty glob in comma-separated list. - var glob string - if i := strings.Index(globs, ","); i >= 0 { - glob, globs = globs[:i], globs[i+1:] - } else { - glob, globs = globs, "" - } - if glob == "" { - continue - } - - // A glob with N+1 path elements (N slashes) needs to be matched - // against the first N+1 path elements of target, - // which end just before the N+1'th slash. - n := strings.Count(glob, "/") - prefix := target - // Walk target, counting slashes, truncating at the N+1'th slash. - for i := 0; i < len(target); i++ { - if target[i] == '/' { - if n == 0 { - prefix = target[:i] - break - } - n-- - } - } - if n > 0 { - // Not enough prefix elements. - continue - } - matched, _ := path.Match(glob, prefix) - if matched { - return true - } - } - return false -} - // Lookup returns the go.sum lines for the given module path and version. // The version may end in a /go.mod suffix, in which case Lookup returns // the go.sum lines for the module's go.mod-only hash. func (c *Client) Lookup(path, vers string) (lines []string, err error) { atomic.StoreUint32(&c.didLookup, 1) - if c.skip(path) { - return nil, ErrGONOSUMDB - } - defer func() { if err != nil { err = fmt.Errorf("%s@%s: %v", path, vers, err) |