Skip to content

feat: add mandatory test 6.1.47 #351

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

feat: add mandatory test 6.1.47 #351

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
79960a0
feat: add mandatory test 6.1.47
christopher-exx Jun 24, 2025
5aaa8c7
docs: update readme
christopher-exx Jun 24, 2025
51ab601
refactor: change string literals in error messages
christopher-exx Jun 24, 2025
87bd245
feat: change ssvc_v1 property to optionalProperty in inputSchema
christopher-exx Jun 24, 2025
d6d9be1
refactor: split error messages and concatenate them to avoid line bre…
christopher-exx Jun 25, 2025
b2c8054
feat: add test for input schema
christopher-exx Jun 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -327,7 +327,6 @@ The following tests are not yet implemented and therefore missing:
- Mandatory Test 6.1.44
- Mandatory Test 6.1.45
- Mandatory Test 6.1.46
- Mandatory Test 6.1.47
- Mandatory Test 6.1.48
- Mandatory Test 6.1.49
- Mandatory Test 6.1.50
Expand Down Expand Up @@ -435,6 +434,7 @@ export const mandatoryTest_6_1_38: DocumentTest
export const mandatoryTest_6_1_39: DocumentTest
export const mandatoryTest_6_1_40: DocumentTest
export const mandatoryTest_6_1_41: DocumentTest
export const mandatoryTest_6_1_47: DocumentTest
```

[(back to top)](#bsi-csaf-validator-lib)
Expand Down
1 change: 1 addition & 0 deletions csaf_2_1/mandatoryTests.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,3 +49,4 @@ export { mandatoryTest_6_1_38 } from './mandatoryTests/mandatoryTests_6_1_38.js'
export { mandatoryTest_6_1_39 } from './mandatoryTests/mandatoryTest_6_1_39.js'
export { mandatoryTest_6_1_40 } from './mandatoryTests/mandatoryTest_6_1_40.js'
export { mandatoryTest_6_1_41 } from './mandatoryTests/mandatoryTest_6_1_41.js'
export { mandatoryTest_6_1_47 } from './mandatoryTests/mandatoryTest_6_1_47.js'
107 changes: 107 additions & 0 deletions csaf_2_1/mandatoryTests/mandatoryTest_6_1_47.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,107 @@
import Ajv from 'ajv/dist/jtd.js'

const ajv = new Ajv()

/*
This is the jtd schema that needs to match the input document so that the
test is activated. If this schema doesn't match it normally means that the input
document does not validate against the csaf json schema or optional fields that
the test checks are not present.
*/
const inputSchema = /** @type {const} */ ({
additionalProperties: true,
properties: {
document: {
additionalProperties: true,
properties: {
tracking: {
additionalProperties: true,
properties: {
id: { type: 'string' },
},
},
},
},
vulnerabilities: {
elements: {
additionalProperties: true,
optionalProperties: {
cve: { type: 'string' },
ids: {
elements: {
additionalProperties: true,
optionalProperties: {
text: { type: 'string' },
},
},
},
metrics: {
elements: {
additionalProperties: true,
optionalProperties: {
content: {
additionalProperties: true,
properties: {
ssvc_v1: {
additionalProperties: true,
properties: {
id: { type: 'string' },
},
},
},
},
},
},
},
},
},
},
},
})

const validateInput = ajv.compile(inputSchema)

/**
* This implements the mandatory test 6.1.47 of the CSAF 2.1 standard.
*
* @param {any} doc
*/
export function mandatoryTest_6_1_47(doc) {
const ctx = {
errors:
/** @type {Array<{ instancePath: string; message: string }>} */ ([]),
isValid: true,
}

if (!validateInput(doc)) {
return ctx
}

doc.vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => {
vulnerability.metrics?.forEach((metric, metricIndex) => {
const ssvcId = metric.content?.ssvc_v1.id
if (ssvcId === doc.document.tracking.id) {
if (doc.vulnerabilities.length > 1) {
ctx.isValid = false
ctx.errors.push({
instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/ssvc_v1/id`,
message:
'the ssvc id equals the `document/tracking/id` even the csaf document has multiple vulnerabilities',
})
}
} else {
const idTexts = vulnerability.ids?.map((id) => id.text)
if (ssvcId !== vulnerability.cve && !idTexts?.includes(ssvcId)) {
ctx.isValid = false
ctx.errors.push({
instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/ssvc_v1/id`,
message:
'the ssvc id does neither match the `cve` nor it matches the `text` of any item in the `ids` array',
})
}
}
})
})

return ctx
}
8 changes: 8 additions & 0 deletions tests/csaf_2_1/mandatoryTest_6_1_47.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
import assert from 'node:assert/strict'
import { mandatoryTest_6_1_47 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_47.js'

describe('mandatoryTest_6_1_47', function () {
it('only runs on relevant documents', function () {
assert.equal(mandatoryTest_6_1_47({ document: 'mydoc' }).isValid, true)
})
})
1 change: 0 additions & 1 deletion tests/csaf_2_1/oasis.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@ const excluded = [
'6.1.44',
'6.1.45',
'6.1.46',
'6.1.47',
'6.1.48',
'6.1.49',
'6.1.50',
Expand Down