Merge pull request #367 from secvisogram/feat/363-csaf-2.1_recommended_test_6.2.43

rainer-exxcellent · web-flow · commit 3ba89c688685 · 2025-10-17T13:15:17.000+02:00
feat(CSAF2.1): #197 add recommended test 6.2.43
diff --git a/README.md b/README.md
@@ -349,7 +349,6 @@ The following tests are not yet implemented and therefore missing:
 - Recommended Test 6.2.40
 - Recommended Test 6.2.41
 - Recommended Test 6.2.42
-- Recommended Test 6.2.43
 - Recommended Test 6.2.44
 - Recommended Test 6.2.45
 - Recommended Test 6.2.46
@@ -461,6 +460,7 @@ export const recommendedTest_6_2_18: DocumentTest
 export const recommendedTest_6_2_22: DocumentTest
 export const recommendedTest_6_2_23: DocumentTest
 export const recommendedTest_6_2_25: DocumentTest
+export const recommendedTest_6_2_43: DocumentTest
 ```
 
 [(back to top)](#bsi-csaf-validator-lib)
diff --git a/csaf_2_1/recommendedTests.js b/csaf_2_1/recommendedTests.js
@@ -33,3 +33,4 @@ export { recommendedTest_6_2_27 } from './recommendedTests/recommendedTest_6_2_2
 export { recommendedTest_6_2_28 } from './recommendedTests/recommendedTest_6_2_28.js'
 export { recommendedTest_6_2_29 } from './recommendedTests/recommendedTest_6_2_29.js'
 export { recommendedTest_6_2_38 } from './recommendedTests/recommendedTest_6_2_38.js'
+export { recommendedTest_6_2_43 } from './recommendedTests/recommendedTest_6_2_43.js'
diff --git a/csaf_2_1/recommendedTests/recommendedTest_6_2_43.js b/csaf_2_1/recommendedTests/recommendedTest_6_2_43.js
@@ -0,0 +1,49 @@
+import Ajv from 'ajv/dist/jtd.js'
+const ajv = new Ajv()
+
+/*
+  This is the jtd schema that needs to match the input document so that the
+  test is activated. If this schema doesn't match, it normally means that the input
+  document does not validate against the csaf JSON schema or optional fields that
+  the test checks are not present.
+ */
+const inputSchema = /** @type {const} */ ({
+  additionalProperties: true,
+  properties: {
+    document: {
+      additionalProperties: true,
+      properties: {
+        license_expression: {
+          type: 'string',
+        },
+      },
+    },
+  },
+})
+
+const validateSchema = ajv.compile(inputSchema)
+
+/**
+ * It MUST be tested that the license expression is present and set
+ *
+ * @param {unknown} doc
+ */
+export function recommendedTest_6_2_43(doc) {
+  /*
+      The `ctx` variable holds the state that is accumulated during the test run and is
+      finally returned by the function.
+     */
+  const ctx = {
+    warnings:
+      /** @type {Array<{ instancePath: string; message: string }>} */ ([]),
+  }
+
+  if (!validateSchema(doc)) {
+    ctx.warnings.push({
+      message: 'License expression is not set',
+      instancePath: '/document/license_expression',
+    })
+  }
+
+  return ctx
+}
diff --git a/tests/csaf_2_1/oasis.js b/tests/csaf_2_1/oasis.js
@@ -52,7 +52,6 @@ const excluded = [
   '6.2.40',
   '6.2.41',
   '6.2.42',
-  '6.2.43',
   '6.2.44',
   '6.2.45',
   '6.2.46',
diff --git a/tests/csaf_2_1/recommendedTest_6_2_43.js b/tests/csaf_2_1/recommendedTest_6_2_43.js
@@ -0,0 +1,11 @@
+import assert from 'node:assert'
+import { recommendedTest_6_2_43 } from '../../csaf_2_1/recommendedTests.js'
+
+describe('recommendedTest_6_2_43', function () {
+  it('only runs on relevant documents', function () {
+    assert.equal(
+      recommendedTest_6_2_43({ vulnerabilities: 'mydoc' }).warnings.length,
+      1
+    )
+  })
+})
