Skip to content

CSAF Tests 6.1.43 to 6.1.49 #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 17 commits into from
Apr 30, 2025
Merged

CSAF Tests 6.1.43 to 6.1.49 #39

merged 17 commits into from
Apr 30, 2025

Conversation

milux
Copy link
Collaborator

@milux milux commented Apr 7, 2025

Add remaining mandatory tests.

@milux milux force-pushed the feature/tests-6-1-43-to-49 branch 7 times, most recently from 9155d6e to c334a86 Compare April 15, 2025 16:47
milux added 10 commits April 16, 2025 09:10
@milux
Add test_6_1_43 to validate model numbers for unescaped stars
9b40dcf 
Introduces a new validation function `test_6_1_43` to ensure model numbers in the CSAF document do not contain multiple unescaped asterisks. Includes corresponding unit tests to verify compliance with the requirement.
@milux
Add validation for multiple unescaped stars in serial numbers
74383c1 
Introduce a new rule, test_6_1_44, to enforce restrictions on serial numbers in the CSAF document. The validation ensures serial numbers do not contain multiple unescaped asterisks and includes corresponding unit tests for compliance.
@milux
Implement test 6.1.45, replace 'release_date' with 'disclosure_date'
7846c9a 
Updated the schema and related code, aligning with standard conventions. Added a new validation (test_6_1_45) to ensure disclosure dates are consistent with revision history. Adjusted logic, getters, and test cases accordingly.
@milux
Add SSVC 1.0.1 schema and build integration
64be9c7 
This commit introduces the SSVC 1.0.1 schema definition, including JSON schema validation and data structure implementation. It integrates the new schema into the build system and ensures that the datetime handling is configurable when processing schemas.
@milux
Add test 6.1.46 (validation for SSVC objects in vulnerabilities)
3eeb77a 
Introduced a validation function `test_6_1_46_invalid_ssvc` to ensure proper SSVC object structure in vulnerabilities' metrics. Updated schemas, traits, and implementations to support SSVC content validation.
@milux
Add SSVC validation for inconsistent IDs (test 6.1.47)
232514b 
Implemented a new validation function, `test_6_1_47_inconsistent_ssvc_id`, to ensure SSVC IDs in the document adhere to expected constraints. This includes checks against the document ID, CVE, and vulnerability IDs. Updated necessary traits and getter implementations to support this functionality.
@milux
Improved comments
75045b1
@milux
Pulled fixed test (csaf submodule)
f56bd0d
@milux
Add SSVC decision point validation and schema support
0c0d65d 
Introduce validation for SSVC decision points in CSAF documents, ensuring correctness and order of values. Added the corresponding schema definition for decision points for better type safety and compliance. Refactored to use `LazyLock` for cleaner regex handling.
@milux
Refactor SSVC decision point handling for reuse and clarity
a8623e1 
Moved SSVC decision point initialization to a helper module for better modularity and reuse. Simplified `test_6_1_48` logic by leveraging the centralized `CSAF_SSVC_DECISION_POINTS` and `DP_VAL_LOOKUP` structures.
@milux milux force-pushed the feature/tests-6-1-43-to-49 branch from 32f5de2 to a8623e1 Compare April 16, 2025 07:17
@milux
Copy link
Collaborator Author

milux commented Apr 16, 2025

Closes #30
Closes #31
Closes #32
Closes #33
Closes #34
Closes #35
Closes #36

milux added 2 commits April 16, 2025 10:34
@milux
Update SSVC decision point handling to include namespaces
fc985fc 
The decision point keys now incorporate a namespace component along with name and version, ensuring more precise identification and preventing potential conflicts. Adjusted related validation messages and logic to reflect the updated structure.
@milux
Add validation test for SSVC timestamp consistency
032d017 
Implement test 6.1.49 to ensure that SSVC timestamps are earlier or equal to the newest revision date for documents with "final" or "interim" status.
@milux milux force-pushed the feature/tests-6-1-43-to-49 branch from b07165c to 032d017 Compare April 16, 2025 10:22
@milux milux marked this pull request as ready for review April 16, 2025 10:27
@milux
Copy link
Collaborator Author

milux commented Apr 16, 2025

Fix für die fehlerhaften Test-JSONs ist in Arbeit: oasis-tcs/csaf#946

@milux milux requested a review from oxisto April 16, 2025 10:30
@milux milux force-pushed the feature/tests-6-1-43-to-49 branch from 3ce5df2 to 6b09ee9 Compare April 16, 2025 12:38
@milux
Add namespace validation for SSVC decision points
e306c8f 
Introduce a `REGISTERED_SSVC_NAMESPACES` static set to track valid namespaces for SSVC. This ensures that unregistered namespaces are skipped during validation in `test_6_1_48_ssvc_decision_points`.
@milux milux force-pushed the feature/tests-6-1-43-to-49 branch from 6b09ee9 to e306c8f Compare April 16, 2025 12:40
@oxisto oxisto self-assigned this Apr 23, 2025
oxisto
oxisto previously approved these changes Apr 25, 2025
View reviewed changes
@oxisto oxisto enabled auto-merge (squash) April 25, 2025 20:19
@oxisto
Copy link
Collaborator

oxisto commented Apr 30, 2025

Ignoring test case 3.1.37 until oasis-tcs/csaf#963 is settled.

@oxisto oxisto merged commit 02006fe into main Apr 30, 2025
5 checks passed
@oxisto oxisto deleted the feature/tests-6-1-43-to-49 branch April 30, 2025 15:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oxisto oxisto oxisto approved these changes

Assignees

@oxisto oxisto

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@milux @oxisto