From 2fed6b096f33469f71e7f0d375d24a51e3757403 Mon Sep 17 00:00:00 2001
From: rschneider <97682836+rainer-exxcellent@users.noreply.github.com>
Date: Wed, 17 Sep 2025 14:27:01 +0200
Subject: [PATCH] feat(CSAF2.1): #451 add informative test 6.3.18

---
 README.md                                     |  1 +
 csaf_2_1/informativeTests.js                  |  1 +
 .../informativeTest_6_3_18.js                 | 76 +++++++++++++++++++
 tests/csaf_2_1/informativeTest_6_3_18.js      |  8 ++
 tests/csaf_2_1/oasis.js                       |  1 -
 5 files changed, 86 insertions(+), 1 deletion(-)
 create mode 100644 csaf_2_1/informativeTests/informativeTest_6_3_18.js
 create mode 100644 tests/csaf_2_1/informativeTest_6_3_18.js

diff --git a/README.md b/README.md
index 6f4f9297..af7aa577 100644
--- a/README.md
+++ b/README.md
@@ -480,6 +480,7 @@ export const informativeTest_6_3_9: DocumentTest
 export const informativeTest_6_3_10: DocumentTest
 export const informativeTest_6_3_11: DocumentTest
 export const informativeTest_6_3_12: DocumentTest
+export const informativeTest_6_3_18: DocumentTest
 ```
 
 [(back to top)](#bsi-csaf-validator-lib)
diff --git a/csaf_2_1/informativeTests.js b/csaf_2_1/informativeTests.js
index b3142316..0ecb389f 100644
--- a/csaf_2_1/informativeTests.js
+++ b/csaf_2_1/informativeTests.js
@@ -12,3 +12,4 @@ export { informativeTest_6_3_1 } from './informativeTests/informativeTest_6_3_1.
 export { informativeTest_6_3_2 } from './informativeTests/informativeTest_6_3_2.js'
 export { informativeTest_6_3_4 } from './informativeTests/informativeTest_6_3_4.js'
 export { informativeTest_6_3_12 } from './informativeTests/informativeTest_6_3_12.js'
+export { informativeTest_6_3_18 } from './informativeTests/informativeTest_6_3_18.js'
diff --git a/csaf_2_1/informativeTests/informativeTest_6_3_18.js b/csaf_2_1/informativeTests/informativeTest_6_3_18.js
new file mode 100644
index 00000000..c7e55a18
--- /dev/null
+++ b/csaf_2_1/informativeTests/informativeTest_6_3_18.js
@@ -0,0 +1,76 @@
+import Ajv from 'ajv/dist/jtd.js'
+
+const ajv = new Ajv()
+
+/**
+ * @typedef {object} MetricContent
+ * @property {string} [qualitative_severity_rating]
+ */
+
+/**
+ * @typedef {object} Metric
+ * @property {MetricContent} [content]
+ * @property {Array<string>} [products]
+ */
+
+const inputSchema = /** @type {const} */ ({
+  additionalProperties: true,
+  properties: {
+    vulnerabilities: {
+      elements: {
+        additionalProperties: true,
+        optionalProperties: {
+          metrics: {
+            elements: {
+              additionalProperties: true,
+              optionalProperties: {
+                content: {
+                  additionalProperties: true,
+                  optionalProperties: {
+                    qualitative_severity_rating: {
+                      type: 'string',
+                    },
+                  },
+                },
+              },
+            },
+          },
+        },
+      },
+    },
+  },
+})
+
+const validateInput = ajv.compile(inputSchema)
+
+/**
+ * For each item in the list of metrics, it MUST be tested that a cvss_v4 object is present.
+ * @param {any} doc
+ * @returns
+ */
+export function informativeTest_6_3_18(doc) {
+  const ctx = {
+    infos: /** @type {Array<{ message: string; instancePath: string }>} */ ([]),
+  }
+
+  if (!validateInput(doc)) {
+    return ctx
+  }
+
+  const vulnerabilities = doc.vulnerabilities
+
+  vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => {
+    /** @type {Array<Metric> | undefined} */
+    const metrics = vulnerability.metrics
+    metrics?.forEach((metric, metricIndex) => {
+      if (metric?.content?.qualitative_severity_rating) {
+        ctx.infos.push({
+          instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/qualitative_severity_rating`,
+          message: `qualitative_severity_rating object is present`,
+        })
+      }
+    })
+  })
+
+  return ctx
+}
diff --git a/tests/csaf_2_1/informativeTest_6_3_18.js b/tests/csaf_2_1/informativeTest_6_3_18.js
new file mode 100644
index 00000000..a8b42fad
--- /dev/null
+++ b/tests/csaf_2_1/informativeTest_6_3_18.js
@@ -0,0 +1,8 @@
+import assert from 'node:assert'
+import { informativeTest_6_3_18 } from '../../csaf_2_1/informativeTests.js'
+
+describe('informativeTest_6_3_18', function () {
+  it('only runs on relevant documents', function () {
+    assert.equal(informativeTest_6_3_18({ document: 'mydoc' }).infos.length, 0)
+  })
+})
diff --git a/tests/csaf_2_1/oasis.js b/tests/csaf_2_1/oasis.js
index 0e9d2e60..7ab4d6f2 100644
--- a/tests/csaf_2_1/oasis.js
+++ b/tests/csaf_2_1/oasis.js
@@ -65,7 +65,6 @@ const excluded = [
   '6.3.15',
   '6.3.16',
   '6.3.17',
-  '6.3.18',
 ]
 
 /** @typedef {import('../../lib/shared/types.js').DocumentTest} DocumentTest */