diff --git a/README.md b/README.md index f9a60d1b..4235875f 100644 --- a/README.md +++ b/README.md @@ -345,10 +345,6 @@ The following tests are not yet implemented and therefore missing: - Recommeded Test 6.2.24 - Recommeded Test 6.2.25 - Recommeded Test 6.2.26 -- Recommeded Test 6.2.27 -- Recommeded Test 6.2.28 -- Recommeded Test 6.2.29 -- Recommeded Test 6.2.30 - Recommeded Test 6.2.31 - Recommeded Test 6.2.32 - Recommeded Test 6.2.33 @@ -463,6 +459,10 @@ export const recommendedTest_6_2_18: DocumentTest export const recommendedTest_6_2_19: DocumentTest export const recommendedTest_6_2_20: DocumentTest export const recommendedTest_6_2_22: DocumentTest +export const recommendedTest_6_2_27: DocumentTest +export const recommendedTest_6_2_28: DocumentTest +export const recommendedTest_6_2_29: DocumentTest +export const recommendedTest_6_2_30: DocumentTest ``` [(back to top)](#bsi-csaf-validator-lib) diff --git a/csaf_2_1/recommendedTests.js b/csaf_2_1/recommendedTests.js index 641832bb..403a50c8 100644 --- a/csaf_2_1/recommendedTests.js +++ b/csaf_2_1/recommendedTests.js @@ -30,4 +30,5 @@ export { recommendedTest_6_2_22 } from './recommendedTests/recommendedTest_6_2_2 export { recommendedTest_6_2_27 } from './recommendedTests/recommendedTest_6_2_27.js' export { recommendedTest_6_2_28 } from './recommendedTests/recommendedTest_6_2_28.js' export { recommendedTest_6_2_29 } from './recommendedTests/recommendedTest_6_2_29.js' +export { recommendedTest_6_2_30 } from './recommendedTests/recommendedTest_6_2_30.js' export { recommendedTest_6_2_38 } from './recommendedTests/recommendedTest_6_2_38.js' diff --git a/csaf_2_1/recommendedTests/recommendedTest_6_2_30.js b/csaf_2_1/recommendedTests/recommendedTest_6_2_30.js new file mode 100644 index 00000000..98fe9370 --- /dev/null +++ b/csaf_2_1/recommendedTests/recommendedTest_6_2_30.js @@ -0,0 +1,64 @@ +import Ajv from 'ajv/dist/jtd.js' + +const ajv = new Ajv() + +/* + This is the jtd schema that needs to match the input document so that the + test is activated. If this schema doesn't match it normally means that the input + document does not validate against the csaf json schema or optional fields that + the test checks are not present. + */ +const inputSchema = /** @type {const} */ ({ + additionalProperties: true, + properties: { + document: { + additionalProperties: true, + properties: { + distribution: { + additionalProperties: true, + properties: { + sharing_group: { + additionalProperties: true, + properties: {}, + }, + tlp: { + additionalProperties: true, + properties: { + label: { type: 'string' }, + }, + }, + }, + }, + }, + }, + }, +}) +const validateInput = ajv.compile(inputSchema) + +/** + * This implements the optional test 6.2.30 of the CSAF 2.1 standard. + * @param {any} doc + */ +export function recommendedTest_6_2_30(doc) { + const ctx = { + warnings: + /** @type {Array<{ instancePath: string; message: string }>} */ ([]), + } + + if (!validateInput(doc)) { + return ctx + } + + // Check for sharing_group usage when TLP is CLEAR + if ( + doc.document.distribution.tlp.label === 'CLEAR' && + doc.document.distribution.sharing_group + ) { + ctx.warnings.push({ + instancePath: '/document/distribution/sharing_group', + message: `TLP:CLEAR documents should not use a 'sharing_group'`, + }) + } + + return ctx +} diff --git a/tests/csaf_2_1/oasis.js b/tests/csaf_2_1/oasis.js index ed81ff09..fb5fcba8 100644 --- a/tests/csaf_2_1/oasis.js +++ b/tests/csaf_2_1/oasis.js @@ -49,7 +49,6 @@ const excluded = [ '6.2.24', '6.2.25', '6.2.26', - '6.2.30', '6.2.31', '6.2.32', '6.2.33', diff --git a/tests/csaf_2_1/recommendedTest_6_2_30.js b/tests/csaf_2_1/recommendedTest_6_2_30.js new file mode 100644 index 00000000..4eb87212 --- /dev/null +++ b/tests/csaf_2_1/recommendedTest_6_2_30.js @@ -0,0 +1,11 @@ +import assert from 'node:assert' +import { recommendedTest_6_2_30 } from '../../csaf_2_1/recommendedTests.js' + +describe('recommendedTest_6_2_30', function () { + it('only runs on relevant documents', function () { + assert.equal( + recommendedTest_6_2_30({ vulnerabilities: 'mydoc' }).warnings.length, + 0 + ) + }) +})