feat: adapt code to match ssvc v2

christopher-exx · christopher-exx · commit b0bb6b0b9d9e · 2025-10-15T10:27:21.000+02:00
diff --git a/csaf_2_1/mandatoryTests/mandatoryTest_6_1_46.js b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_46.js
@@ -1,5 +1,5 @@
 import Ajv from 'ajv/dist/jtd.js'
-import csafAjv from '../../lib/shared/csafAjv.js'
+import csafAjv from '../csafAjv.js'
 
 const ajv = new Ajv()
 
@@ -23,7 +23,7 @@ const inputSchema = /** @type {const} */ ({
                 content: {
                   additionalProperties: true,
                   optionalProperties: {
-                    ssvc_v1: {
+                    ssvc_v2: {
                       additionalProperties: true,
                       properties: {},
                     },
@@ -40,8 +40,8 @@ const inputSchema = /** @type {const} */ ({
 
 const validateInput = ajv.compile(inputSchema)
 
-const validate_ssvc_v1 = csafAjv.compile({
-  $ref: 'https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json',
+const validate_ssvc_v2 = csafAjv.compile({
+  $ref: 'https://certcc.github.io/SSVC/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json',
 })
 
 /**
@@ -66,13 +66,13 @@ export function mandatoryTest_6_1_46(doc) {
 
   doc.vulnerabilities?.forEach((vulnerability, vulnerabilityIndex) => {
     vulnerability.metrics?.forEach((metric, metricIndex) => {
-      if (metric.content?.ssvc_v1) {
-        const valid = validate_ssvc_v1(metric.content.ssvc_v1)
+      if (metric.content?.ssvc_v2) {
+        const valid = validate_ssvc_v2(metric.content.ssvc_v2)
         if (!valid) {
           ctx.isValid = false
-          for (const err of validate_ssvc_v1.errors ?? []) {
+          for (const err of validate_ssvc_v2.errors ?? []) {
             ctx.errors.push({
-              instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/ssvc_v1${err.instancePath}`,
+              instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/ssvc_v2${err.instancePath}`,
               message: err.message ?? '',
             })
           }
diff --git a/tests/csaf_2_1/mandatoryTest_6_1_46.js b/tests/csaf_2_1/mandatoryTest_6_1_46.js
@@ -10,9 +10,20 @@ const failingInputSchemaTestWithEmptyVulnerability6_1_46 = {
       metrics: [
         {
           content: {
-            ssvc_v1: {
-              id: 'CVE-1900-0001',
-              schemaVersion: '1-0-1',
+            ssvc_v2: {
+              schemaVersion: '2.0.0',
+              selections: [
+                {
+                  key: 'MI',
+                  namespace: 'ssvc',
+                  values: [
+                    {
+                      key: 'N',
+                    },
+                  ],
+                  version: '1.0.0',
+                },
+              ],
               timestamp: '2024-01-24T10:00:00.000Z',
             },
           },
