Skip to content

Releases: zmap/zlint

v2.0.0

19 Feb 18:02
36d042e
Compare
Choose a tag to compare

ZLint v2.0.0

The ZMap team is proud to share a finalized v2.0.0 release. This release contains fairly significant refactoring and testing/feedback would be most appreciated.

Breaking Changes

  • The exported types from lints have been moved to lint (e.g. lints.LintInterface, lints.LintSource, lints.LintStatus, lints.LintResult are now lint.LintInterface, lint.LintSource, lint.LintStatus, lint.LintResult)
  • Lints are now separated in the source code tree under lints/ by source.
  • The lint.LintMap exported map of registered lints was removed. Users should rely on the exported functions of the Registry returned by lint.GlobalRegistry() instead.
  • The zlint.LintCertificateFiltered function was removed. The same behaviour can be achieved using zlint.LintCertificateEx (see below).
  • The zlint.EncodeLintDescriptionsToJSON function was removed. The same behaviour can be achieved by calling WriteJSON on a Registry.
  • The lint.Source type was changed from an int enum to a string enum.

ZLint CMD Updates

The zlint command (cmd/zlint/main.go) was updated to add four new command line flags:

  • -list-lints-sources - Prints a list of lint sources, one per line.
  • -excludeSources - Comma-separated list of lint sources to exclude.
  • -includeSources - Comma-separated list of lint sources to include.
  • -nameFilter - Regex used to match lint names to include (cannot be used at the same time as -excludeSources or -includeSources)

Two existing flags were renamed:

  • -include is now -includeNames
  • -exclude is now -excludeNames.

One flag was removed:

  • -list-lints-schema was removed. ZSchema is deprecated for ZLint.

Library Updates

  • A new zlint.LintCertificateEx function was introduced allowing customizing which lints are applied by providing an explicit Registry of lints. Lints can be excluded/included by source and name by filtering the lint.GlobalRegistry() with lint.FilterOptions.

New Lints

  • New Mozilla PKI Policy Lints
    • n_mp_allowed_eku
    • e_mp_authority_key_identifier_correct
    • e_mp_exponent_cannot_be_one
    • e_mp_modulus_must_be_2048_bits_or_more
    • e_mp_modulus_must_be_divisible_by_8

Bug Fixes

  • The golang.org/crypto dependency was updated to to 8b5121be2f68 to address CVE-2020-7919
  • The e_signature_algorithm_not_supported lint was updated to return lint.Warn for RSA-PSS with SHA256, SHA384 or SHA512.
  • The w_subject_contains_malformed_arpa_ip lint was updated to clarify its citation/description.

Misc

  • Updated TLD data (Current to 2020-01-30).
  • README updates.

Full Changelog

36d042e ci: try and fix goreleaser for v2 structure (round 2) (#406)
a03f722 ci: try and fix goreleaser for v2 structure (#405)
fd40f57 Fix v2 with go.mod (#398)
53441bd misc: update newLint.sh script and contributing guide. (#397)
24e7a0d README: Update, split out a CONTRIBUTING.md (#386)
79424f2 cmd/zlint: fix panic w/ deref of nil registry. (#385)
7741587 zlint: refactor lint reg., allow filtering lints used. (#372)
72fb7ad project: add goreleaser configuration. (#374)
8a37cc7 gTLD autopull: 2020-01-30T17:10:08Z (#375)
1107123 deps: update golang.org/crypto/cryptobyte to 8b5121be2f68. (#373)
77026f6 Add reference to RFC 6818 to clarify explicitText (#370)
c0407b6 lints: improve template_test.go (#367)
dbb54ce lints/mozilla: fix moz lint packages (#365)
cc90ed6 test: more comments in helpers.go (#366)
2cce203 lints: better test utils, avoid accessing lint.Lints directly (#364)
566701e Lints: add new lints for Mozilla Root Store Policy (adopted) (#353)
ea19827 README: fix crt.sh link target. (#349)
4a01d2e README: Link to company sites, not bugzilla bugs. (#348)
2c5688e README: Add Google Trust Services to list of users/integrations (#347)
b7425cb lints: add more context to w_subject_contains_malformed_arpa_ip. (#345)
9bba7b7 lints: warn for RSA-PSS sigalg in cabf lint, not err. (#342)
359be75 gTLD autopull: 2020-01-06T16:47:48Z (#341)
86bcc67 Misc. cleanups, unit test for finding leftover template bits. (#340)
e3ad0f9 Split of lints into directories by source (#337)
0ab41f2 README: add note about small PRs (#339)
257d49d gTLD autopull: 2019-12-25T16:40:11Z (#338)
c74b45b CI: Add golangci-lint, enforce Go best practices (#335)
872e431 gTLD autopull: 2019-12-06T16:32:55Z (#334)

v2.0.0-rc4

14 Feb 19:52
36d042e
Compare
Choose a tag to compare
v2.0.0-rc4 Pre-release
Pre-release

ZLint v2.0.0 RC-4

The ZMap team is proud to share a v2.0.0 release candidate. This release contains fairly significant refactoring and testing/feedback would be most appreciated.

Compared to RC-1 this release candidate meets Go modules semantic versioning requirements. See PR #398 for more information.

Breaking Changes

  • The exported types from lints have been moved to lint (e.g. lints.LintInterface, lints.LintSource, lints.LintStatus, lints.LintResult are now lint.LintInterface, lint.LintSource, lint.LintStatus, lint.LintResult)
  • Lints are now separated in the source code tree under lints/ by source.
  • The lint.LintMap exported map of registered lints was removed. Users should rely on the exported functions of the Registry returned by lint.GlobalRegistry() instead.
  • The zlint.LintCertificateFiltered function was removed. The same behaviour can be achieved using zlint.LintCertificateEx (see below).
  • The zlint.EncodeLintDescriptionsToJSON function was removed. The same behaviour can be achieved by calling WriteJSON on a Registry.
  • The lint.Source type was changed from an int enum to a string enum.

ZLint CMD Updates

The zlint command (cmd/zlint/main.go) was updated to add four new command line flags:

  • -list-lints-sources - Prints a list of lint sources, one per line.
  • -excludeSources - Comma-separated list of lint sources to exclude.
  • -includeSources - Comma-separated list of lint sources to include.
  • -nameFilter - Regex used to match lint names to include (cannot be used at the same time as -excludeSources or -includeSources)

Two existing flags were renamed:

  • -include is now -includeNames
  • -exclude is now -excludeNames.

One flag was removed:

  • -list-lints-schema was removed. ZSchema is deprecated for ZLint.

Library Updates

  • A new zlint.LintCertificateEx function was introduced allowing customizing which lints are applied by providing an explicit Registry of lints. Lints can be excluded/included by source and name by filtering the lint.GlobalRegistry() with lint.FilterOptions.

New Lints

  • New Mozilla PKI Policy Lints
    • n_mp_allowed_eku
    • e_mp_authority_key_identifier_correct
    • e_mp_exponent_cannot_be_one
    • e_mp_modulus_must_be_2048_bits_or_more
    • e_mp_modulus_must_be_divisible_by_8

Bug Fixes

  • The golang.org/crypto dependency was updated to to 8b5121be2f68 to address CVE-2020-7919
  • The e_signature_algorithm_not_supported lint was updated to return lint.Warn for RSA-PSS with SHA256, SHA384 or SHA512.
  • The w_subject_contains_malformed_arpa_ip lint was updated to clarify its citation/description.

Misc

  • Updated TLD data (Current to 2020-01-30).
  • README updates.

Full Changelog

36d042e ci: try and fix goreleaser for v2 structure (round 2) (#406)
a03f722 ci: try and fix goreleaser for v2 structure (#405)
fd40f57 Fix v2 with go.mod (#398)
53441bd misc: update newLint.sh script and contributing guide. (#397)
24e7a0d README: Update, split out a CONTRIBUTING.md (#386)
79424f2 cmd/zlint: fix panic w/ deref of nil registry. (#385)
7741587 zlint: refactor lint reg., allow filtering lints used. (#372)
72fb7ad project: add goreleaser configuration. (#374)
8a37cc7 gTLD autopull: 2020-01-30T17:10:08Z (#375)
1107123 deps: update golang.org/crypto/cryptobyte to 8b5121be2f68. (#373)
77026f6 Add reference to RFC 6818 to clarify explicitText (#370)
c0407b6 lints: improve template_test.go (#367)
dbb54ce lints/mozilla: fix moz lint packages (#365)
cc90ed6 test: more comments in helpers.go (#366)
2cce203 lints: better test utils, avoid accessing lint.Lints directly (#364)
566701e Lints: add new lints for Mozilla Root Store Policy (adopted) (#353)
ea19827 README: fix crt.sh link target. (#349)
4a01d2e README: Link to company sites, not bugzilla bugs. (#348)
2c5688e README: Add Google Trust Services to list of users/integrations (#347)
b7425cb lints: add more context to w_subject_contains_malformed_arpa_ip. (#345)
9bba7b7 lints: warn for RSA-PSS sigalg in cabf lint, not err. (#342)
359be75 gTLD autopull: 2020-01-06T16:47:48Z (#341)
86bcc67 Misc. cleanups, unit test for finding leftover template bits. (#340)
e3ad0f9 Split of lints into directories by source (#337)
0ab41f2 README: add note about small PRs (#339)
257d49d gTLD autopull: 2019-12-25T16:40:11Z (#338)
c74b45b CI: Add golangci-lint, enforce Go best practices (#335)
872e431 gTLD autopull: 2019-12-06T16:32:55Z (#334)

v2.0.0-rc1

11 Feb 21:55
24e7a0d
Compare
Choose a tag to compare
v2.0.0-rc1 Pre-release
Pre-release

ZLint v2.0.0 RC-1

The ZMap team is proud to share the first v2.0.0 release candidate. This release contains fairly significant refactoring and testing/feedback would be most appreciated.

Breaking Changes

  • The exported types from lints have been moved to lint (e.g. lints.LintInterface, lints.LintSource, lints.LintStatus, lints.LintResult are now lint.LintInterface, lint.LintSource, lint.LintStatus, lint.LintResult)
  • Lints are now separated in the source code tree under lints/ by source.
  • The lint.LintMap exported map of registered lints was removed. Users should rely on the exported functions of the Registry returned by lint.GlobalRegistry() instead.
  • The zlint.LintCertificateFiltered function was removed. The same behaviour can be achieved using zlint.LintCertificateEx (see below).
  • The zlint.EncodeLintDescriptionsToJSON function was removed. The same behaviour can be achieved by calling WriteJSON on a Registry.
  • The lint.Source type was changed from an int enum to a string enum.

ZLint CMD Updates

The zlint command (cmd/zlint/main.go) was updated to add four new command line flags:

  • -list-lints-sources - Prints a list of lint sources, one per line.
  • -excludeSources - Comma-separated list of lint sources to exclude.
  • -includeSources - Comma-separated list of lint sources to include.
  • -nameFilter - Regex used to match lint names to include (cannot be used at the same time as -excludeSources or -includeSources)

Two existing flags were renamed:

  • -include is now -includeNames
  • -exclude is now -excludeNames.

One flag was removed:

  • -list-lints-schema was removed. ZSchema is deprecated for ZLint.

Library Updates

  • A new zlint.LintCertificateEx function was introduced allowing customizing which lints are applied by providing an explicit Registry of lints. Lints can be excluded/included by source and name by filtering the lint.GlobalRegistry() with lint.FilterOptions.

New Lints

  • New Mozilla PKI Policy Lints
    • n_mp_allowed_eku
    • e_mp_authority_key_identifier_correct
    • e_mp_exponent_cannot_be_one
    • e_mp_modulus_must_be_2048_bits_or_more
    • e_mp_modulus_must_be_divisible_by_8

Bug Fixes

  • The golang.org/crypto dependency was updated to to 8b5121be2f68 to address CVE-2020-7919
  • The e_signature_algorithm_not_supported lint was updated to return lint.Warn for RSA-PSS with SHA256, SHA384 or SHA512.
  • The w_subject_contains_malformed_arpa_ip lint was updated to clarify its citation/description.

Misc

  • Updated TLD data (Current to 2020-01-30).
  • README updates.

Full Changelog

24e7a0d README: Update, split out a CONTRIBUTING.md (#386)
79424f2 cmd/zlint: fix panic w/ deref of nil registry. (#385)
7741587 zlint: refactor lint reg., allow filtering lints used. (#372)
72fb7ad project: add goreleaser configuration. (#374)
8a37cc7 gTLD autopull: 2020-01-30T17:10:08Z (#375)
1107123 deps: update golang.org/crypto/cryptobyte to 8b5121be2f68. (#373)
77026f6 Add reference to RFC 6818 to clarify explicitText (#370)
c0407b6 lints: improve template_test.go (#367)
dbb54ce lints/mozilla: fix moz lint packages (#365)
cc90ed6 test: more comments in helpers.go (#366)
2cce203 lints: better test utils, avoid accessing lint.Lints directly (#364)
566701e Lints: add new lints for Mozilla Root Store Policy (adopted) (#353)
ea19827 README: fix crt.sh link target. (#349)
4a01d2e README: Link to company sites, not bugzilla bugs. (#348)
2c5688e README: Add Google Trust Services to list of users/integrations (#347)
b7425cb lints: add more context to w_subject_contains_malformed_arpa_ip. (#345)
9bba7b7 lints: warn for RSA-PSS sigalg in cabf lint, not err. (#342)
359be75 gTLD autopull: 2020-01-06T16:47:48Z (#341)
86bcc67 Misc. cleanups, unit test for finding leftover template bits. (#340)
e3ad0f9 Split of lints into directories by source (#337)
0ab41f2 README: add note about small PRs (#339)
257d49d gTLD autopull: 2019-12-25T16:40:11Z (#338)
c74b45b CI: Add golangci-lint, enforce Go best practices (#335)
872e431 gTLD autopull: 2019-12-06T16:32:55Z (#334)

ZLint 1.1.0

05 Dec 15:19
@cpu cpu
Compare
Choose a tag to compare

New lints:

  • w_extra_subject_common_names - emits Warn result for multiple subj. CNs.

Misc:

  • updated gTLD map data (current to 2019-12-02)
  • large cert corpus integration tests

ZLint 1.0.2

26 Sep 18:56
Compare
Choose a tag to compare

Bugfixes:

  • lints: fixed e_qcstatem_qclimitvalue_valid lint to use correct OID for EtsiQcsQcLimitValue

ZLint 1.0.1

24 Aug 13:34
@cpu cpu
Compare
Choose a tag to compare

Bugfixes:

  • lints: fixed e_subject_printable_string_badalpha lint to allow for single quotes.

ZLint v1.0.0

19 Aug 19:48
@cpu cpu
dc635f9
Compare
Choose a tag to compare

Initial semantically versioned release of ZLint.