We should build a more sophisticated parser that takes no/little assumptions about the shape and location of certificates in an image file system. This will make the tool more robust, and give users a higher degree of confidence of the correctness of the results.

Certs come it different forms- either as '.pem'/'.crt' files, echos in bash scripts, and even hard coded strings in binaries.

The parser should approach parsing files in a "sliding window" strategy, by reading a stream of bytes from the file and attempting to match that against what a certificate looks like; accounting for different encodings (base64, DER/PEM, PKCS#x), as well as string escaping (namely new lines ('/n' '/r').

Is this the same as #1, or just an implemntation detail theirof?

I'm going to consider this a duplicate of #1

The issue comment is still relevant. Will copy it across there.