Merge pull request #276 from secvisogram/feat/199-Informative-Tests_CSAF2_1_6.3.4

rainer-exxcellent · web-flow · commit dac133ebaeb7 · 2025-06-02T12:49:12.000+02:00
Feat/199 informative tests csaf 2.1 6.3.4
diff --git a/csaf_2_1/informativeTests.js b/csaf_2_1/informativeTests.js
@@ -1,7 +1,6 @@
 export {
   informativeTest_6_3_2,
   informativeTest_6_3_3,
-  informativeTest_6_3_4,
   informativeTest_6_3_5,
   informativeTest_6_3_6,
   informativeTest_6_3_7,
@@ -11,3 +10,4 @@ export {
   informativeTest_6_3_11,
 } from '../informativeTests.js'
 export { informativeTest_6_3_1 } from './informativeTests/informativeTest_6_3_1.js'
+export { informativeTest_6_3_4 } from './informativeTests/informativeTest_6_3_4.js'
diff --git a/csaf_2_1/informativeTests/informativeTest_6_3_4.js b/csaf_2_1/informativeTests/informativeTest_6_3_4.js
@@ -0,0 +1,50 @@
+import Ajv from 'ajv/dist/jtd.js'
+
+const ajv = new Ajv()
+
+const inputSchema = /** @type {const} */ ({
+  additionalProperties: true,
+  properties: {
+    vulnerabilities: {
+      elements: {
+        additionalProperties: true,
+        optionalProperties: {
+          cwes: {
+            elements: {
+              additionalProperties: true,
+              properties: {},
+            },
+          },
+        },
+      },
+    },
+  },
+})
+
+const validateInput = ajv.compile(inputSchema)
+
+/**
+ * It MUST be tested that at least one CWE is given.
+ * @param {unknown} doc
+ * @returns
+ */
+export function informativeTest_6_3_4(doc) {
+  const ctx = {
+    infos: /** @type {Array<{ message: string; instancePath: string }>} */ ([]),
+  }
+
+  if (!validateInput(doc)) {
+    return ctx
+  }
+
+  doc.vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => {
+    if (!vulnerability?.cwes?.length) {
+      ctx.infos.push({
+        instancePath: `/vulnerabilities/${vulnerabilityIndex}`,
+        message: 'missing cwe',
+      })
+    }
+  })
+
+  return ctx
+}
diff --git a/tests/csaf_2_1/informativeTest_6_3_4.js b/tests/csaf_2_1/informativeTest_6_3_4.js
@@ -0,0 +1,8 @@
+import assert from 'node:assert'
+import { informativeTest_6_3_4 } from '../../csaf_2_1/informativeTests.js'
+
+describe('informativeTest_6_3_4', function () {
+  it('only runs on relevant documents', function () {
+    assert.equal(informativeTest_6_3_4({ document: 'mydoc' }).infos.length, 0)
+  })
+})
diff --git a/tests/csaf_2_1/oasis.js b/tests/csaf_2_1/oasis.js
@@ -58,7 +58,6 @@ const excluded = [
   '6.2.39.2',
   '6.2.40',
   '6.3.2',
-  '6.3.4',
   '6.3.14',
   '6.3.15',
   '6.3.12',
