Skip to content

Test 6.1.35: Add validation for contradicting remediations in CSAF documents #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Mar 3, 2025
Merged

Test 6.1.35: Add validation for contradicting remediations in CSAF documents #19

merged 8 commits into from
Mar 3, 2025

Conversation

milux
Copy link
Collaborator

@milux milux commented Feb 26, 2025

Introduced test "6.1.35" to validate and detect contradicting remediation categories for the same product. Added traits and implementations to abstract remediation and vulnerability handling for easier extensibility across CSAF versions. Updated test infrastructure and presets to include the new validation logic.

@milux milux requested a review from oxisto February 26, 2025 15:45
@milux
Copy link
Collaborator Author

milux commented Feb 26, 2025
edited
Loading

The Spec states that "This takes indirect relations through product groups into account.".
I'm not sure how this is to be understood/implemented.
The current state of this test doesn't perform any product group resolution.

@milux
Add validation for contradicting remediations in CSAF documents
7735f81 
Introduced test "6.1.35" to validate and detect contradicting remediation categories for the same product. Added traits and implementations to abstract remediation and vulnerability handling for easier extensibility across CSAF versions. Updated test infrastructure and presets to include the new validation logic.
@milux milux force-pushed the feature/test-6-1-35-contradicting-remediations branch from 933148b to 7735f81 Compare February 26, 2025 15:53
@milux milux marked this pull request as draft February 26, 2025 16:46
@milux
Copy link
Collaborator Author

milux commented Feb 26, 2025
edited
Loading

My implementation currently considers all pairs of different categories as error, but this is invalid. Converting back to draft for now.

milux added 3 commits February 26, 2025 18:00
@milux
Update dependencies and CSAF 2.1 schema, extend 6.1.35 test
0019112 
Refactor test case logic to handle multiple scenarios and update validation schema. Adjust remediation categories and align dependencies to more flexible version ranges to enhance maintainability.
@milux
Refactor remediations validation to handle product groups.
4fa1774 
Updated the remediation validation logic to account for product groups and associations using the new `get_all_product_ids` method. Added helper functions and traits to resolve product IDs from groups, ensuring accurate detection of contradicting remediations. Enhanced test cases to cover these changes and updated data structures for improved clarity.
@milux
Switch from HashSet to BTreeSet for consistent ordering
65ce4a4 
Replaced HashSet with BTreeSet across multiple modules to ensure deterministic iteration order and sorted outputs. Updated function signatures, implementations, and imports accordingly to align with this change.
@milux milux marked this pull request as ready for review February 27, 2025 12:43
oxisto
oxisto reviewed Feb 27, 2025
View reviewed changes
Copy link
Collaborator

@oxisto oxisto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In general this needs more documentation, especially how the trait magic works and please do the update / schema regen in a separate PR so we can focus on the code here which is non-trivial.

@oxisto oxisto linked an issue Feb 27, 2025 that may be closed by this pull request
Implement test 6.1.35 #11
Closed
tschmidtb51
tschmidtb51 reviewed Feb 27, 2025
View reviewed changes
Copy link

@tschmidtb51 tschmidtb51 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please also state the test number in the PR, if it is trying to implement a test.

@tschmidtb51 tschmidtb51 marked this pull request as draft February 27, 2025 21:34
@tschmidtb51
Copy link

Just converting back to draft to male it easier for me to review things.

@oxisto oxisto changed the title Add validation for contradicting remediations in CSAF documents Test 6.1.35: Add validation for contradicting remediations in CSAF documents Feb 27, 2025
@milux
Copy link
Collaborator Author

milux commented Feb 28, 2025

... and please do the update / schema regen in a separate PR...

Then we are lacking test cases and especially remediation categories.
We would have to do the schema update first than. Fun. -.-

@oxisto
Copy link
Collaborator

oxisto commented Feb 28, 2025

... and please do the update / schema regen in a separate PR...

Then we are lacking test cases and especially remediation categories. We would have to do the schema update first than. Fun. -.-

ok then let's keep it in this file and hopefully the next tests will be easier.

@milux
Copy link
Collaborator Author

milux commented Feb 28, 2025

ok then let's keep it in this file and hopefully the next tests will be easier.

Most certainly, because I had to do all the hard lifting here... 😂

milux added 4 commits February 28, 2025 13:50
@milux
Reverted deps update
5a7f9c7
@milux
Refactor remediation trait to streamline product ID handling.
cd62f28 
Moved `get_all_product_ids` implementation from `getter_implementations.rs` to `getter_traits.rs` for better modularity and reuse. Removed redundant imports and optimized closures for clarity and consistency in all related modules.
@milux
Add detailed documentation for CSAF-related traits and methods
57107ae 
Detailed explanations and doc comments were added to traits and methods to clarify their roles in the CSAF document structure. This improves code readability and provides guidance on key functionalities, such as remediation category normalization and product resolution mechanisms.
@milux
Refactor remediation category mapping for CSAF 2.0 to 2.1.
767a3de 
Replaced string-based conversion of remediation categories with direct enum matching. This ensures stronger type safety, improves performance, and eliminates potential runtime panics from invalid string parsing.
@milux milux marked this pull request as ready for review February 28, 2025 14:11
@milux milux requested review from oxisto and tschmidtb51 February 28, 2025 14:11
tschmidtb51
tschmidtb51 reviewed Feb 28, 2025
View reviewed changes
Copy link

@tschmidtb51 tschmidtb51 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor comments, other than that LGTM

@oxisto oxisto merged commit 0cf71f4 into main Mar 3, 2025
5 checks passed
@oxisto oxisto deleted the feature/test-6-1-35-contradicting-remediations branch March 3, 2025 20:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tschmidtb51 tschmidtb51 tschmidtb51 left review comments

@oxisto oxisto oxisto approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Implement test 6.1.35
3 participants
@milux @tschmidtb51 @oxisto