Skip to content

v2.0.0

Choose a tag to compare

View all tags
@zlintbot zlintbot released this 19 Feb 18:02
· 392 commits to master since this release
v2.0.0
36d042e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

ZLint v2.0.0

The ZMap team is proud to share a finalized v2.0.0 release. This release contains fairly significant refactoring and testing/feedback would be most appreciated.

Breaking Changes

  • The exported types from lints have been moved to lint (e.g. lints.LintInterface, lints.LintSource, lints.LintStatus, lints.LintResult are now lint.LintInterface, lint.LintSource, lint.LintStatus, lint.LintResult)
  • Lints are now separated in the source code tree under lints/ by source.
  • The lint.LintMap exported map of registered lints was removed. Users should rely on the exported functions of the Registry returned by lint.GlobalRegistry() instead.
  • The zlint.LintCertificateFiltered function was removed. The same behaviour can be achieved using zlint.LintCertificateEx (see below).
  • The zlint.EncodeLintDescriptionsToJSON function was removed. The same behaviour can be achieved by calling WriteJSON on a Registry.
  • The lint.Source type was changed from an int enum to a string enum.

ZLint CMD Updates

The zlint command (cmd/zlint/main.go) was updated to add four new command line flags:

  • -list-lints-sources - Prints a list of lint sources, one per line.
  • -excludeSources - Comma-separated list of lint sources to exclude.
  • -includeSources - Comma-separated list of lint sources to include.
  • -nameFilter - Regex used to match lint names to include (cannot be used at the same time as -excludeSources or -includeSources)

Two existing flags were renamed:

  • -include is now -includeNames
  • -exclude is now -excludeNames.

One flag was removed:

  • -list-lints-schema was removed. ZSchema is deprecated for ZLint.

Library Updates

  • A new zlint.LintCertificateEx function was introduced allowing customizing which lints are applied by providing an explicit Registry of lints. Lints can be excluded/included by source and name by filtering the lint.GlobalRegistry() with lint.FilterOptions.

New Lints

  • New Mozilla PKI Policy Lints
    • n_mp_allowed_eku
    • e_mp_authority_key_identifier_correct
    • e_mp_exponent_cannot_be_one
    • e_mp_modulus_must_be_2048_bits_or_more
    • e_mp_modulus_must_be_divisible_by_8

Bug Fixes

  • The golang.org/crypto dependency was updated to to 8b5121be2f68 to address CVE-2020-7919
  • The e_signature_algorithm_not_supported lint was updated to return lint.Warn for RSA-PSS with SHA256, SHA384 or SHA512.
  • The w_subject_contains_malformed_arpa_ip lint was updated to clarify its citation/description.

Misc

  • Updated TLD data (Current to 2020-01-30).
  • README updates.

Full Changelog

36d042e ci: try and fix goreleaser for v2 structure (round 2) (#406)
a03f722 ci: try and fix goreleaser for v2 structure (#405)
fd40f57 Fix v2 with go.mod (#398)
53441bd misc: update newLint.sh script and contributing guide. (#397)
24e7a0d README: Update, split out a CONTRIBUTING.md (#386)
79424f2 cmd/zlint: fix panic w/ deref of nil registry. (#385)
7741587 zlint: refactor lint reg., allow filtering lints used. (#372)
72fb7ad project: add goreleaser configuration. (#374)
8a37cc7 gTLD autopull: 2020-01-30T17:10:08Z (#375)
1107123 deps: update golang.org/crypto/cryptobyte to 8b5121be2f68. (#373)
77026f6 Add reference to RFC 6818 to clarify explicitText (#370)
c0407b6 lints: improve template_test.go (#367)
dbb54ce lints/mozilla: fix moz lint packages (#365)
cc90ed6 test: more comments in helpers.go (#366)
2cce203 lints: better test utils, avoid accessing lint.Lints directly (#364)
566701e Lints: add new lints for Mozilla Root Store Policy (adopted) (#353)
ea19827 README: fix crt.sh link target. (#349)
4a01d2e README: Link to company sites, not bugzilla bugs. (#348)
2c5688e README: Add Google Trust Services to list of users/integrations (#347)
b7425cb lints: add more context to w_subject_contains_malformed_arpa_ip. (#345)
9bba7b7 lints: warn for RSA-PSS sigalg in cabf lint, not err. (#342)
359be75 gTLD autopull: 2020-01-06T16:47:48Z (#341)
86bcc67 Misc. cleanups, unit test for finding leftover template bits. (#340)
e3ad0f9 Split of lints into directories by source (#337)
0ab41f2 README: add note about small PRs (#339)
257d49d gTLD autopull: 2019-12-25T16:40:11Z (#338)
c74b45b CI: Add golangci-lint, enforce Go best practices (#335)
872e431 gTLD autopull: 2019-12-06T16:32:55Z (#334)

Assets 7
Loading