…cuments (#19)

Introduced consistent trait-based access to CSAF components like products, branches, relationships, and vulnerabilities. This improves modularity, type safety, and simplifies code extensibility for both versions. Tests were adjusted to validate the updated structure.

* Fixed loader tests to use CSAF 2.1 schema

* Fixed loader tests for CSAF 2.1

Separated validations into individual modules for better modularity. Enhanced ValidationError structure for detailed error reporting, including message and instance path. Updated test cases and references to use the refactored structure.

Introduces a new validation test (6.1.36) to ensure product status groups do not conflict with associated remediation categories. Refactors parts of test 6.1.35 to improve exclusivity checks and avoid redundancy. Adds utility methods to aggregate product IDs across product status categories.

* Switch date-time handling to strings and add RFC3339 validation.

Replaced `chrono::DateTime` with plain simple `String` for all date-time fields to enable format checking. Introduced a new RFC3339 format validation test to ensure compliance and prevent invalid date-time strings. Updated related schemas and test cases accordingly.

* Refactor getter methods to return references and iterators

Updated getter methods across the CSAF library to return references and iterator-based types instead of cloning data. This improves performance and reduces unnecessary allocations while maintaining compatibility with existing functionality.

Upgraded multiple dependencies in `Cargo.lock` and streamlined versioning in `Cargo.toml` by relaxing semver constraints. Additionally, fixed a missing newline in `mod.rs` to align with formatting conventions.

* Add new CSAF validation rules and optimize test structure

Introduced additional validation rules (6.1.37 - 6.1.42) for CSAF 2.1, including checks for sharing group names, TLP consistency, and PURLs. Refactored test structure to use a centralized helper function for streamlined testing and reduced redundancy.

* Enhance datetime validation with chrono-based parsing checks

Added a chrono-based plausibility check to ensure RFC3339 date-time strings are valid beyond regex matching. This improvement catches invalid cases like out-of-range dates, providing more accurate validation error messages.

* Refactor product tree traversal and validation logic

Introduced a unified product tree traversal API via `visit_all_products` and `visit_branches_rec`, simplifying branch recursion and validation. Replaced specific `gather_product_definitions` and custom traversal functions with reusable logic, ensuring consistency and reducing code duplication. Additionally, improved modularity by renaming traits and refining parameterized implementations for better clarity.

* Refactor test helper for multi-version CSAF support

Introduced a generic `run_csaf_tests` function to handle CSAF 2.0 and 2.1 test cases, reducing code duplication. Updated `test_helper` and validation tests to use the new approach, improving maintainability and clarity.

* Add validation for circular product ID definitions (6.1.03)

Introduce a new module `test_6_1_03` to validate circular product ID references in CSAF documents. This includes a `find_cycle` function to detect cycles and corresponding validation logic with test cases ensuring correctness.

* Fixed tests for test 6.1.48

Adjust validation error messages for SSVC decision points. Includes changes to error messages regarding unknown decision points and the order of values.

* Update CSAF schema 2.1, add support for handling notes

Introduced `NoteTrait` and `WithGroupIds` traits, extending functionality to handle notes and group IDs across CSAF structures. Updated relevant getter implementations for compatibility with these enhancements.

* Add validation for undefined product_group_id in CSAF documents

This adds a new validation function, `test_6_1_04_missing_definition_of_product_group_id`, to ensure all product group IDs used in notes, vulnerabilities, remediations, threats, and flags are defined in the product tree.

* Add validation for duplicate product group IDs (test_6_1_05)

Introduce a new validation to detect multiple definitions of the same product group ID in CSAF documents. This ensures data integrity by identifying conflicts within the `product_tree` structure. Includes corresponding unit tests for CSAF 2.0 and 2.1 versions.

* Add validation for conflicting remediation, minor cleanup

Extended the test to include a case where a product listed as fixed has a conflicting remediation category of "no_fix_planned". Ensures better coverage and accuracy in remediation validation logic.

* Update RFC3339 regex to disallow leap seconds

Revised the date-time validation regex to exclude leap seconds, ensuring stricter compliance with RFC3339. Updated test cases and error messages to reflect the change and improve clarity for non-compliant date-time issues.

* Add validation for conflicting product status groups.

This commit introduces `test_6_1_06_contradicting_product_status` to verify that no product has contradictory status groups (e.g., affected vs. not affected). Includes error handling, tests, and updates to the module index.

* Add support for accessing CVSS, EPSS, and content paths in traits

Expanded `ContentTrait` and related implementations to include methods for accessing CVSS v2/v3/v4, EPSS, and JSON content paths. Updated CSAF 2.0 and 2.1 schema integrations with new fields and improved consistency in metrics handling.

* Add validation for duplicate vulnerability metrics check

Introduced a new validation test (test_6_1_07) to ensure no product is assigned the same type of vulnerability metric multiple times. This includes support for various metrics like CVSS and EPSS, with detailed error handling and unit tests for CSAF 2.1 compliance.

* Add support for CSAF 2.0 tests in test_6_1_07 validation.

This update introduces `run_csaf20_tests` to validate CSAF 2.0 cases alongside CSAF 2.1. Common path prefixes are refactored for clarity and reuse, ensuring consistent test implementation across versions.

* Update CSAF schema enforcing stricter validation rules

Replaced JSON schema reference and file name for CSAF v2.1. Introduced `additionalProperties: false` across the schema to ensure no extraneous fields are allowed. Added new fields such as `first_known_exploitation_dates`, `license_expression`, and others. Updated deserialization logic with `deny_unknown_fields` to improve validation rigor.

* Add `get_source` method to traits and fixed validation 6.1.7

Introduced the `get_source` method in relevant traits and implementations to access the source of vulnerability metrics. Enhanced the duplicate metric validation logic to account for sources, updating error messages to reflect source details.