v2.0.0-rc1
Pre-releaseZLint v2.0.0 RC-1
The ZMap team is proud to share the first v2.0.0 release candidate. This release contains fairly significant refactoring and testing/feedback would be most appreciated.
Breaking Changes
- The exported types from
lints
have been moved tolint
(e.g.lints.LintInterface
,lints.LintSource
,lints.LintStatus
,lints.LintResult
are nowlint.LintInterface
,lint.LintSource
,lint.LintStatus
,lint.LintResult
) - Lints are now separated in the source code tree under
lints/
by source. - The
lint.LintMap
exported map of registered lints was removed. Users should rely on the exported functions of theRegistry
returned bylint.GlobalRegistry()
instead. - The
zlint.LintCertificateFiltered
function was removed. The same behaviour can be achieved usingzlint.LintCertificateEx
(see below). - The
zlint.EncodeLintDescriptionsToJSON
function was removed. The same behaviour can be achieved by callingWriteJSON
on aRegistry
. - The
lint.Source
type was changed from anint
enum to astring
enum.
ZLint CMD Updates
The zlint command (cmd/zlint/main.go) was updated to add four new command line flags:
-list-lints-sources
- Prints a list of lint sources, one per line.-excludeSources
- Comma-separated list of lint sources to exclude.-includeSources
- Comma-separated list of lint sources to include.-nameFilter
- Regex used to match lint names to include (cannot be used at the same time as-excludeSources
or-includeSources
)
Two existing flags were renamed:
-include
is now-includeNames
-exclude
is now-excludeNames.
One flag was removed:
-list-lints-schema
was removed. ZSchema is deprecated for ZLint.
Library Updates
- A new
zlint.LintCertificateEx
function was introduced allowing customizing which lints are applied by providing an explicitRegistry
of lints. Lints can be excluded/included by source and name by filtering thelint.GlobalRegistry()
withlint.FilterOptions
.
New Lints
- New Mozilla PKI Policy Lints
n_mp_allowed_eku
e_mp_authority_key_identifier_correct
e_mp_exponent_cannot_be_one
e_mp_modulus_must_be_2048_bits_or_more
e_mp_modulus_must_be_divisible_by_8
Bug Fixes
- The
golang.org/crypto
dependency was updated to to 8b5121be2f68 to address CVE-2020-7919 - The
e_signature_algorithm_not_supported
lint was updated to return lint.Warn for RSA-PSS with SHA256, SHA384 or SHA512. - The
w_subject_contains_malformed_arpa_ip
lint was updated to clarify its citation/description.
Misc
- Updated TLD data (Current to 2020-01-30).
- README updates.
Full Changelog
24e7a0d README: Update, split out a CONTRIBUTING.md (#386)
79424f2 cmd/zlint: fix panic w/ deref of nil registry. (#385)
7741587 zlint: refactor lint reg., allow filtering lints used. (#372)
72fb7ad project: add goreleaser configuration. (#374)
8a37cc7 gTLD autopull: 2020-01-30T17:10:08Z (#375)
1107123 deps: update golang.org/crypto/cryptobyte to 8b5121be2f68. (#373)
77026f6 Add reference to RFC 6818 to clarify explicitText (#370)
c0407b6 lints: improve template_test.go (#367)
dbb54ce lints/mozilla: fix moz lint packages (#365)
cc90ed6 test: more comments in helpers.go (#366)
2cce203 lints: better test utils, avoid accessing lint.Lints directly (#364)
566701e Lints: add new lints for Mozilla Root Store Policy (adopted) (#353)
ea19827 README: fix crt.sh link target. (#349)
4a01d2e README: Link to company sites, not bugzilla bugs. (#348)
2c5688e README: Add Google Trust Services to list of users/integrations (#347)
b7425cb lints: add more context to w_subject_contains_malformed_arpa_ip
. (#345)
9bba7b7 lints: warn for RSA-PSS sigalg in cabf lint, not err. (#342)
359be75 gTLD autopull: 2020-01-06T16:47:48Z (#341)
86bcc67 Misc. cleanups, unit test for finding leftover template bits. (#340)
e3ad0f9 Split of lints into directories by source (#337)
0ab41f2 README: add note about small PRs (#339)
257d49d gTLD autopull: 2019-12-25T16:40:11Z (#338)
c74b45b CI: Add golangci-lint, enforce Go best practices (#335)
872e431 gTLD autopull: 2019-12-06T16:32:55Z (#334)