Skip to content

Commit 1970166

Browse files
rainer-exxcellentrainer-exxcellent
committed
feat(CSAF2.1): #451 add informative test 6.3.18
1 parent 3ba89c6 commit 1970166

File tree

5 files changed

+86
-1
lines changed

5 files changed

+86
-1
lines changed

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -480,6 +480,7 @@ export const informativeTest_6_3_9: DocumentTest
480480
export const informativeTest_6_3_10: DocumentTest
481481
export const informativeTest_6_3_11: DocumentTest
482482
export const informativeTest_6_3_12: DocumentTest
483+
export const informativeTest_6_3_18: DocumentTest
483484
```
484485
485486
[(back to top)](#bsi-csaf-validator-lib)

csaf_2_1/informativeTests.js

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,3 +12,4 @@ export { informativeTest_6_3_1 } from './informativeTests/informativeTest_6_3_1.
1212
export { informativeTest_6_3_2 } from './informativeTests/informativeTest_6_3_2.js'
1313
export { informativeTest_6_3_4 } from './informativeTests/informativeTest_6_3_4.js'
1414
export { informativeTest_6_3_12 } from './informativeTests/informativeTest_6_3_12.js'
15+
export { informativeTest_6_3_18 } from './informativeTests/informativeTest_6_3_18.js'

csaf_2_1/informativeTests/informativeTest_6_3_18.js

Lines changed: 76 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,76 @@
1+
import Ajv from 'ajv/dist/jtd.js'
2+
3+
const ajv = new Ajv()
4+
5+
/**
6+
* @typedef {object} MetricContent
7+
* @property {string} [qualitative_severity_rating]
8+
*/
9+
10+
/**
11+
* @typedef {object} Metric
12+
* @property {MetricContent} [content]
13+
* @property {Array<string>} [products]
14+
*/
15+
16+
const inputSchema = /** @type {const} */ ({
17+
additionalProperties: true,
18+
properties: {
19+
vulnerabilities: {
20+
elements: {
21+
additionalProperties: true,
22+
optionalProperties: {
23+
metrics: {
24+
elements: {
25+
additionalProperties: true,
26+
optionalProperties: {
27+
content: {
28+
additionalProperties: true,
29+
optionalProperties: {
30+
qualitative_severity_rating: {
31+
type: 'string',
32+
},
33+
},
34+
},
35+
},
36+
},
37+
},
38+
},
39+
},
40+
},
41+
},
42+
})
43+
44+
const validateInput = ajv.compile(inputSchema)
45+
46+
/**
47+
* For each item in metrics it MUST be tested that it does not use the qualitative severity rating.
48+
* @param {any} doc
49+
* @returns
50+
*/
51+
export function informativeTest_6_3_18(doc) {
52+
const ctx = {
53+
infos: /** @type {Array<{ message: string; instancePath: string }>} */ ([]),
54+
}
55+
56+
if (!validateInput(doc)) {
57+
return ctx
58+
}
59+
60+
const vulnerabilities = doc.vulnerabilities
61+
62+
vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => {
63+
/** @type {Array<Metric> | undefined} */
64+
const metrics = vulnerability.metrics
65+
metrics?.forEach((metric, metricIndex) => {
66+
if (metric?.content?.qualitative_severity_rating) {
67+
ctx.infos.push({
68+
instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/qualitative_severity_rating`,
69+
message: `qualitative_severity_rating object is present`,
70+
})
71+
}
72+
})
73+
})
74+
75+
return ctx
76+
}

tests/csaf_2_1/informativeTest_6_3_18.js

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
import assert from 'node:assert'
2+
import { informativeTest_6_3_18 } from '../../csaf_2_1/informativeTests.js'
3+
4+
describe('informativeTest_6_3_18', function () {
5+
it('only runs on relevant documents', function () {
6+
assert.equal(informativeTest_6_3_18({ document: 'mydoc' }).infos.length, 0)
7+
})
8+
})

tests/csaf_2_1/oasis.js

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,6 @@ const excluded = [
6262
'6.3.15',
6363
'6.3.16',
6464
'6.3.17',
65-
'6.3.18',
6665
]
6766

6867
/** @typedef {import('../../lib/shared/types.js').DocumentTest} DocumentTest */

0 commit comments

Comments
 (0)