-
Notifications
You must be signed in to change notification settings - Fork 15
Conversation
…e NotAfter to (NotBefore + offset)
Whoops, it looks that the tests aren't passing due to a need to update a few of the golden files. I've added a commit to correct that, but the tests seem to still be using the old versions. When I run this locally on my machine it's passing for me now: Any ideas? |
Codecov Report
@@ Coverage Diff @@
## master #20 +/- ##
=======================================
Coverage 33.81% 33.81%
=======================================
Files 1 1
Lines 278 278
=======================================
Hits 94 94
Misses 169 169
Partials 15 15 Continue to review full report at Codecov.
|
I've had some more time to look into why travisci tests are failing by setting up and experimenting with my own travisci environment. The test cases are working now (See https://travis-ci.org/bryanpitcher/certlint/builds/469648573 ), here is what I had to do:
I was surprised to see that go doesn't seem to have imports relative to the local repo, which causes trouble for forked repos. However, I'm relatively new to go, and so maybe there is a better way to achieve this testing for forked repos without having to switch the full package name out. I suppose the other option would be to rename the internal test directory to something else so that it's not flagged as an internal package. Note: I've only switched the package name out on my 'travisci' branch so that my travisci tests would pass. I haven't switched it out on master. I suspect this is also why the tests appear to be using the old golden files (it's using them from the globalsign repo vs my forked repo).
This code uses a new-style typedef first introduced in go 1.9. I suspect it may be time to remove support for 1.8 given that dependencies are starting to do so. So, I've updated the .travis.yml to remove the 1.8 test and to add a newer go:1.11 test
In the go source repo, the function matchArgTypeInternal in src/cmd/vendor/golang.org/x/tools/go/analysis/passes/printf/types.go attempts to determine if the input type is a formatter by calling the isFormatter function defined in cmd/vendor/golang.org/x/tools/go/analysis/passes/printf/printf.go. That function requires that the fmt package has been imported in the current context of the source file being vetted in order to return true. So, one workaround is to import fmt in checks/certificate/serialnumber/serialnumber.go. In order to prevent an error regarding an unused package, I've used it once in the source file to Sprintf a String. |
Hi @bryanpitcher thanks very much for your contribution. All looks good to me. |
@tadukurow Thanks, I was starting to wonder if this project would be maintained going forward and I'm happy to see it is. I've merged in your updates in #22 to this pull request. I re-wrote history on my forked repo to make the commit sequence a bit cleaner since we had both edited the travisci config, and it should be good for a merge at this point. |
@bryanpitcher thanks for the updates. Actually this repo will be archived shortly, but wanted to get your PR in before doing so. |
Hi, thanks for providing the community with your excellent linting tool - a lot of people have benefited from this.
Please consider merging this pull request. There are a couple commits I've made to improve validity checking.
The first is to correct a typo on a variable comparison that resulted in the validity checks always passing previously. Now the comparisons are for NotAfter > (NotBefore + offset)
The second is to take into account recent BR and EV guidelines on allowed validity duration. This was a little tricky to determine all the rules based on different issuance dates that reflected different CAB guidance over time. I've reviewed the guidelines and relevant ballot and I think the updated checks have it covered. Specifically: