feat: Update Mozilla Cert Report URL; Allow Specify as CMD incase URL becomes invalid in Future

Author: joshw123

cmd/inspect.go

@@ -18,6 +18,7 @@ import (
 
 func newInspect(ctx context.Context) *cobra.Command {
 	var imgOpts *options.Image
+	var analyseOpts *options.Analyse
 
 	cmd := &cobra.Command{
 		Use:   "inspect [flags] image",
@@ -47,7 +48,7 @@ Partial certificates are also all printed for further inspection.
 				return err
 			}
 
-			analyser, err := analyse.NewAnalyser()
+			analyser, err := analyse.NewAnalyser(analyseOpts.MozillaRemovedCertsURL)
 			if err != nil {
 				return errors.Wrap(err, "failed to initialise analyser")
 			}
@@ -97,6 +98,7 @@ Partial certificates are also all printed for further inspection.
 	}
 
 	imgOpts = options.RegisterImage(cmd)
+	analyseOpts = options.RegisterAnalyse(cmd)
 	cmd.Args = cobra.MatchAll(cobra.ExactArgs(1), cobra.OnlyValidArgs)
 
 	return cmd

cmd/options/analyse.go

@@ -0,0 +1,15 @@
+package options
+
+import "github.com/spf13/cobra"
+
+// Analyse are options for configuring certificate analysis.
+type Analyse struct {
+	// MozillaRemovedCertsURL is the URL to fetch the Mozilla removed CA certificates list from.
+	MozillaRemovedCertsURL string `json:"mozilla_removed_certs_url"`
+}
+
+func RegisterAnalyse(cmd *cobra.Command) *Analyse {
+	var opts Analyse
+	cmd.PersistentFlags().StringVar(&opts.MozillaRemovedCertsURL, "mozilla-removed-certs-url", "https://ccadb.my.salesforce-sites.com/mozilla/RemovedCACertificateReportCSVFormat", "URL to fetch Mozilla's removed CA certificate list from.")
+	return &opts
+}

internal/analyse/analyse.go

@@ -38,19 +38,25 @@ type Analyser struct {
 
 // NewAnalyser creates a new Analyzer using the public Mozilla CA removed certificate list as part of
 // its checks. This method performs HTTP requests to retrieve that list. The request will be made with the given
-// context.
-func NewAnalyser() (*Analyser, error) {
-	rc, err := downloadMozillaRemovedCACertsList()
+// context. If mozillaRemovedCertsURL is empty, the default Mozilla URL will be used.
+func NewAnalyser(mozillaRemovedCertsURL string) (*Analyser, error) {
+	rc, err := downloadMozillaRemovedCACertsList(mozillaRemovedCertsURL)
 	if err != nil {
 		return nil, err
 	}
 	return &Analyser{RemovedCertificates: rc}, nil
 }
 
-func downloadMozillaRemovedCACertsList() ([]removedCertificate, error) {
-	const mozillaRemovedCACertificateReportURL = "https://ccadb-public.secure.force.com/mozilla/RemovedCACertificateReportCSVFormat"
+func downloadMozillaRemovedCACertsList(mozillaRemovedCertsURL string) ([]removedCertificate, error) {
+	const defaultMozillaRemovedCACertificateReportURL = "https://ccadb.my.salesforce-sites.com/mozilla/RemovedCACertificateReportCSVFormat"
 
-	resp, err := http.Get(mozillaRemovedCACertificateReportURL)
+	// Use default URL if none provided
+	url := mozillaRemovedCertsURL
+	if url == "" {
+		url = defaultMozillaRemovedCACertificateReportURL
+	}
+
+	resp, err := http.Get(url)
 	if err != nil {
 		return nil, err
 	}