Added control mechanisms for implemenation references

[vbakke]

An extension of PR #29. This PR is controlling references, and reports:

• duplicate uuids in references
• duplicate urls in references
• duplicate names in references
• duplicate descriptions in references
• unused references (as INFO, not ERROR)
• referencing http links instead of https

I have identified and tidied some duplicates in implementations.yaml (such as juice-shop, owasp-juice-shop, zap, owasp-zap, etc).

I have left two duplicate URLs issues. I presume they were supposed to link to to different pages, as the two references are both referred from the same activity.

Live URLs?

If you include the runtime environment variable docker run -e TEST_REFERENCED_URLS=true ... the script will now also loop through all URLs in the implementations.yaml and test if they are still alive.

This is a bit more tricky, as websites such as https://thehackernews.com/ implement defenses against spiders. Therefore it this will report some false positives.

The current implementation reports any status not equal to 200. Including redirects such as 301 and 302.

Request for Comments

Please treat this as a Request-for-Comments, @wurstbrot. I'm open for discussion on several issues. For example:

• Is this a feature that is needed?
• 301 and 302 may indicate that a page has been moved (and the reference should be updated), or it may be a false alarm
• 403 and 404 may also be false alarms. Should we have a way to "acknowledge" an error, to avoid repetitive alerts? How then do we detect is this page later goes offline, in that case?