zlint icon indicating copy to clipboard operation
zlint copied to clipboard
verified publisher icon zmap

Adding support for linting profiles

Open christopher-henderson opened this issue 4 years ago • 1 comments

What is a Profile

A profile derives from the conversation in #583 wherein we would like to have curated lists of lints that, collectively, refer to a particular requirement from, say, the CABF.

The solution put forth in this PR is that a profile is essentially an alias for a comma separated list of lints submitted via -includeNames, however with some extra metadata attached (such as where did this profile come from).

Profile Implementation

A profile does not appear to have any behavior of it's own. Rather, it is simply a declaration of lints that are logically grouped together by an external requirement. As such, we can borrow infrastructure from our lints that is similar, however much simpler.

I believe that something as simple as the following should suffice.


package profiles

import "github.com/zmap/zlint/v3/lint"

func init() {
	lint.RegisterProfile(lint.Profile{
		Name:        "my_new_profile",
		Description: "In general, CAs should do all the things correctly and not do the wrong things",
		Citation:    "That one post I saw on Reddit said that this list was legit",
		Source:      lint.MyTrustWorthyUncle,
		LintNames: []string{
			"e_ca_common_name_missing",
			"e_ca_key_usage_missing",
		},
	})
}

I'm not sure if profiles should have a CheckApplies? One would think that is inherited from individual lints aggregated within the profile.

Running a Profile

Let's say that the_profile_in_question is comprised of the lints a, b, c, d.

./zlint -profile=the_profile_in_question

Is the equivalent to running

./zlint -includeNames="a,b,c,d"

A new CLI flag has been added that lists each profile as line-delimited JSON (much in the same way one prints out available lints).

$ ./zlint list-profiles
{"name":"whatever","lints":["e_ca_common_name_missing","e_ca_key_usage_missing"]}
{"name":"yooodaw","description":"Fill this in...","citation":"Fill this in...","source":"Unknown","lints":[]}
{"name":"yooodaws","description":"Fill this in...","citation":"Fill this in...","source":"Unknown","lints":[]}

Adding a New Profile

The convenience script newProfile.sh <profile_name> has been added that acts in much the same way as newLint.sh does.

Documentation has been added to CONTRIBUTING.md

(resolves #595 )

christopher-henderson avatar May 01 '21 17:05 christopher-henderson

@cpu

Do you have thoughts on the first profile to include?

The first candidates come from @sleevi's work at https://github.com/sleevi/cabforum-docs/pull/36.

  1. Keep this branch around until concrete profiles are published.
    • It would be nice to have something ready on day zero, not entirely necessary from what I can see.
  2. Merge empty and add profiles once they're published.
    • Awkward, like you have pointed out. Plus the framework may need tweeks once we have something concrete to work with

I'm somewhat partial to #1 as I think it makes sense to have code ready to go, but not necessarily have dead code in master.

christopher-henderson avatar May 15 '21 17:05 christopher-henderson