Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cleanup cert-id rules #386

Merged
merged 22 commits into from
Feb 6, 2024
Merged

Cleanup cert-id rules #386

merged 22 commits into from
Feb 6, 2024

Conversation

J08nY
Copy link
Member

@J08nY J08nY commented Feb 2, 2024
edited

The cert-id rules work, but are a mess. This PR will clean them up for presentation in the paper.

Before this, the regular cert_id regexes were used to extract
the cert_id from the report filename. However, the filenames often
do not use the same cert_id format, but contain all of the information
necessary to reconstruct the cert_id, but with different order for example.

This commit along with those before it introduce a new set of regular
expressions that better match the ones in the filenames. To extract
the correctly formatted canonical cert_id, the regexes are used to
obtain the parts of the cert_id (using named groups in regexes) and
those are then reconstructed into a canonical version of the cert_id
via one of the scheme-dependent functions.

@J08nY J08nY added the cc Related to CC certification label Feb 2, 2024
@codecov Codecov
Copy link

codecov bot commented Feb 2, 2024
edited

Codecov Report

Attention: 40 lines in your changes are missing coverage. Please review.

Comparison is base (be702d4) 69.36% compared to head (40d89ff) 68.54%.
Report is 13 commits behind head on main.

❗ Current head 40d89ff differs from pull request most recent head ec0162c. Consider uploading reports for the commit ec0162c to get more accurate results

Files Patch % Lines
src/sec_certs/sample/cc_certificate_id.py 85.99% 22 Missing ⚠️
src/sec_certs/sample/cc.py 8.34% 11 Missing ⚠️
src/sec_certs/sample/cc_scheme.py 73.92% 6 Missing ⚠️
src/sec_certs/configuration.py 83.34% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #386      +/-   ##
==========================================
- Coverage   69.36%   68.54%   -0.82%     
==========================================
  Files          62       62              
  Lines        7457     7535      +78     
==========================================
- Hits         5172     5164       -8     
- Misses       2285     2371      +86

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@J08nY
Cleanup ANSSI rules.
c380870
@J08nY
Improve BSI regexes.
67861ff
@J08nY
Improve US scheme rules.
c60fece
@J08nY
Improve Malaysian rules.
48876d5
@J08nY
Improve Japanese rules.
affffb9
@J08nY
Improve UK rules.
a096f7e
@J08nY
Improve Swedish rules.
3efe520
@J08nY
Improve Spanish rules.
22fad93
@J08nY
Improve Singaporean and Australian rules.
7d56381
@J08nY
Improve Italian rules.
5e852ac
@J08nY
Improve Korean rules.
4fbb063
@J08nY
Improve Indian rules.
520ce49
@J08nY
Improve Turkish rules.
1927e44
@J08nY
Improve Canadian rules.
d1b16b7
@J08nY
Add certificateId meta property.
b05b86c
@J08nY
Add filename cert id rules.
9ad30df
@J08nY
Move the meta -> str functions out of cert_id class.
8361397
@J08nY
Extract and reconstruct cert ids from filenames.
4e24bb2 
Before this, the regular cert_id regexes were used to extract
the cert_id from the report filename. However, the filenames often
do not use the same cert_id format, but contain all of the information
necessary to reconstruct the cert_id, but with different order for example.

This commit along with those before it introduce a new set of regular
expressions that better match the ones in the filenames. To extract
the correctly formatted canonical cert_id, the regexes are used to
obtain the parts of the cert_id (using named groups in regexes) and
those are then reconstructed into a canonical version of the cert_id
via one of the scheme-dependent functions.
@J08nY
Fix broken filename rules.
40d89ff
@J08nY
Add tests fot IT and SG canonicalization.
90a8cf9
@J08nY
Add more tests for cert_ids.
ec0162c
@J08nY J08nY merged commit 2fc72fc into main Feb 6, 2024
4 checks passed
@J08nY J08nY deleted the feat/cert-id-cleanup branch February 6, 2024 18:21
@J08nY
Copy link
Member Author

J08nY commented Feb 7, 2024

Now that this is merged and I did a full run I will use this PR for some insights/issues.

  • CA rule causes many false positives like 1 1 1 or 2021-02-13.
  • Some US ids are missed due to bad ? placement in regex.
  • The number of certificates without ID increased a bit, but I think that is due to us being overly eager before and actually matching stuff we should not have. Though a proper evaluation should be done.

@J08nY J08nY mentioned this pull request Feb 7, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
cc Related to CC certification
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@J08nY