NAME

CSAF::Writer - Write and distributes CSAF documents

SYNOPSIS

use CSAF::Writer;

my $writer = CSAF::Writer->new(
    csaf      => $csaf,
    directory => '/var/www/html/advisories/csaf'
);

$writer->options->configure(
    create_gpg_signature => 1
    gpg_key              => '0123456789',
    gpg_passphrase       => 'MY_C00L_Passphrase!'
);

if ($writer->write) {
    say "CSAF document created";
}

DESCRIPTION

CSAF::Writer covers most of the requirements of "Distributing CSAF documents".

  • 7.1.2 Requirement 2: Filename

  • 7.1.11 Requirement 11: One folder per year

  • 7.1.12 Requirement 12: index.txt

  • 7.1.13 Requirement 13: changes.csv

  • 7.1.18 Requirement 18: Integrity

  • 7.1.19 Requirement 19: Signatures

https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html

METHODS

CSAF::Writer inherits all methods from CSAF::Base and implements the following new ones.

$writer->write ( $directory_path )

Write the CSAF document in the specified $directory and create this structure:

[ ROOT ]
   |
   |--> [ YEAR ]
   |       |--> CSAF document (.json)
   |       |--> SHA256 integrity file (.sha256)
   |       |--> SHA512 integrity file (.sha512)
   |       \--> GPG signature file (.asc)
   |
   |--> Index file (index.txt)
   \--> Changes file (changes.csv)

This directory structure is "ready" to be published through in webserver (Apache, NGINX and others) via "HTTPS".

$writer->write('/var/www/html/advisories/csaf');
$writer->options

Change the default options for CSAF::Options::Writer configurator.

$writer->options->configure(
    create_sha256_integrity => 0,
    create_gpg_signature    => 1,
    update_index            => 1,
    update_changes          => 1
);

if (my $passphrase = get_passphrase_from_stdin) {
    $writer->options->gpg_passphrase($passphrase);
}

SUPPORT

Bugs / Feature Requests

Please report any bugs or feature requests through the issue tracker at https://github.com/giterlizzi/perl-CSAF/issues. You will be notified automatically of any progress on your issue.

Source Code

This is open source software. The code repository is available for public review and contribution under the terms of the license.

https://github.com/giterlizzi/perl-CSAF

git clone https://github.com/giterlizzi/perl-CSAF.git

AUTHOR

  • Giuseppe Di Terlizzi <gdt@cpan.org>

LICENSE AND COPYRIGHT

This software is copyright (c) 2023-2024 by Giuseppe Di Terlizzi.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.