Tests 6.1.4 through 6.1.7 #42
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Introduced `NoteTrait` and `WithGroupIds` traits, extending functionality to handle notes and group IDs across CSAF structures. Updated relevant getter implementations for compatibility with these enhancements.
This adds a new validation function, `test_6_1_04_missing_definition_of_product_group_id`, to ensure all product group IDs used in notes, vulnerabilities, remediations, threats, and flags are defined in the product tree.
Introduce a new validation to detect multiple definitions of the same product group ID in CSAF documents. This ensures data integrity by identifying conflicts within the `product_tree` structure. Includes corresponding unit tests for CSAF 2.0 and 2.1 versions.
Extended the test to include a case where a product listed as fixed has a conflicting remediation category of "no_fix_planned". Ensures better coverage and accuracy in remediation validation logic.
Revised the date-time validation regex to exclude leap seconds, ensuring stricter compliance with RFC3339. Updated test cases and error messages to reflect the change and improve clarity for non-compliant date-time issues.
This commit introduces `test_6_1_06_contradicting_product_status` to verify that no product has contradictory status groups (e.g., affected vs. not affected). Includes error handling, tests, and updates to the module index.
Expanded `ContentTrait` and related implementations to include methods for accessing CVSS v2/v3/v4, EPSS, and JSON content paths. Updated CSAF 2.0 and 2.1 schema integrations with new fields and improved consistency in metrics handling.
Introduced a new validation test (test_6_1_07) to ensure no product is assigned the same type of vulnerability metric multiple times. This includes support for various metrics like CVSS and EPSS, with detailed error handling and unit tests for CSAF 2.1 compliance.
This update introduces `run_csaf20_tests` to validate CSAF 2.0 cases alongside CSAF 2.1. Common path prefixes are refactored for clarity and reuse, ensuring consistent test implementation across versions.
Replaced JSON schema reference and file name for CSAF v2.1. Introduced `additionalProperties: false` across the schema to ensure no extraneous fields are allowed. Added new fields such as `first_known_exploitation_dates`, `license_expression`, and others. Updated deserialization logic with `deny_unknown_fields` to improve validation rigor.
Introduced the `get_source` method in relevant traits and implementations to access the source of vulnerability metrics. Enhanced the duplicate metric validation logic to account for sources, updating error messages to reflect source details.
Added comments to enhance code clarity.
oxisto
approved these changes
Jun 4, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.