Skip to content

Commit

Permalink
Merge pull request #770 from tschmidtb51/tracking-id-not-in-title
Browse files Browse the repository at this point in the history 
Document Tracking ID not in Title
  • Loading branch information
@tschmidtb51
tschmidtb51 authored Aug 23, 2024
2 parents 6f66569 + 9da0572 commit cf3677f
Show file tree
Hide file tree
Showing 10 changed files with 253 additions and 1 deletion.
2 changes: 2 additions & 0 deletions csaf_2.1/prose/edit/src/conformance.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -536,6 +536,8 @@ Secondly, the program fulfills the following for all items of:
* `/document/publisher/category`: If the value is `other`, the CSAF 2.0 to CSAF 2.1 converter SHOULD output a warning that some parties have
been regrouped into the new value `multiplier`. An option to suppress this warning MUST exist. In addition, an option SHOULD be provided to
set the value to `multiplier`.
* `/document/title`: If the value contains the `/document/tracking/id`, the CSAF 2.0 to CSAF 2.1 converter MUST remove the `/document/tracking/id`
from the `/document/title`. In addition, separating characters including but not limited to whitespace, colon, dash and brackets MUST be removed.
* `/vulnerabilities[]/cwes[]`: The CSAF 2.0 to CSAF 2.1 converter MUST determine the CWE specification version the given CWE was selected from by
using the latest version that matches the `id` and `name` exactly and was published prior to the value of `/document/tracking/current_release_date`
of the source document. If no such version exist, the first matching version published after the value of `/document/tracking/current_release_date`
Expand Down
26 changes: 26 additions & 0 deletions csaf_2.1/prose/edit/src/tests-02-optional.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -679,3 +679,29 @@ The relevant path for this test is:
```
> The first and second revision have the same timestamp.
### Document Tracking ID in Title
It MUST be tested that the `/document/title` does not contain the `/document/tracking/id`.
The relevant path for this test is:
```
/document/title
```
*Example 1 (which fails the test):*
```
"title": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-22-01: Optional test: Document Tracking ID in Title (failing example 1)",
"tracking": {
// ...
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-22-01",
// ...
}
```
> The document title contains the document tracking id.
> A tool MAY remove the document tracking id from the document title.
> It SHOULD also remove any separating characters including whitespace, colon, dash and brackets.
32 changes: 32 additions & 0 deletions csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-22-01.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
{
"$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json",
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"distribution": {
"tlp": {
"label": "CLEAR"
}
},
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-22-01: Optional test: Document Tracking ID in Title (failing example 1)",
"tracking": {
"current_release_date": "2024-01-21T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-22-01",
"initial_release_date": "2024-01-21T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-21T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
}
}
32 changes: 32 additions & 0 deletions csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-22-02.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
{
"$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json",
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"distribution": {
"tlp": {
"label": "CLEAR"
}
},
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "Optional test: Document Tracking ID in Title (failing example 2) (OASIS_CSAF_TC-CSAF_2.1-2024-6-2-22-02)",
"tracking": {
"current_release_date": "2024-01-21T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-22-02",
"initial_release_date": "2024-01-21T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-21T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
}
}
32 changes: 32 additions & 0 deletions csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-22-03.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
{
"$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json",
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"distribution": {
"tlp": {
"label": "CLEAR"
}
},
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "Optional test: Document Tracking ID in Title (failing example 3) - OASIS_CSAF_TC-CSAF_2.1-2024-6-2-22-03",
"tracking": {
"current_release_date": "2024-01-21T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-22-03",
"initial_release_date": "2024-01-21T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-21T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
}
}
32 changes: 32 additions & 0 deletions csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-22-04.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
{
"$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json",
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"distribution": {
"tlp": {
"label": "CLEAR"
}
},
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-22-04 - Optional test: Document Tracking ID in Title (failing example 4)",
"tracking": {
"current_release_date": "2024-01-21T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-22-04",
"initial_release_date": "2024-01-21T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-21T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
}
}
32 changes: 32 additions & 0 deletions csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-22-11.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
{
"$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json",
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"distribution": {
"tlp": {
"label": "CLEAR"
}
},
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "Optional test: Document Tracking ID in Title (valid example 1)",
"tracking": {
"current_release_date": "2024-01-21T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-22-11",
"initial_release_date": "2024-01-21T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-21T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
}
}
32 changes: 32 additions & 0 deletions csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-22-12.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
{
"$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json",
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"distribution": {
"tlp": {
"label": "CLEAR"
}
},
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "Optional test: Document Tracking ID in Title (valid example 2) - different than OASIS_CSAF_TC-CSAF_2.1-2024-6-2-22-11",
"tracking": {
"current_release_date": "2024-01-21T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-22-12",
"initial_release_date": "2024-01-21T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-21T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
}
}
32 changes: 32 additions & 0 deletions csaf_2.1/test/validator/data/testcases.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1447,6 +1447,38 @@
}
]
},
{
"id": "6.2.22",
"group": "optional",
"failures": [
{
"name": "optional/oasis_csaf_tc-csaf_2_1-2024-6-2-22-01.json",
"valid": true
},
{
"name": "optional/oasis_csaf_tc-csaf_2_1-2024-6-2-22-02.json",
"valid": true
},
{
"name": "optional/oasis_csaf_tc-csaf_2_1-2024-6-2-22-03.json",
"valid": true
},
{
"name": "optional/oasis_csaf_tc-csaf_2_1-2024-6-2-22-04.json",
"valid": true
}
],
"valid": [
{
"name": "optional/oasis_csaf_tc-csaf_2_1-2024-6-2-22-11.json",
"valid": true
},
{
"name": "optional/oasis_csaf_tc-csaf_2_1-2024-6-2-22-12.json",
"valid": true
}
]
},
{
"id": "6.3.1",
"group": "informative",
Expand Down
2 changes: 1 addition & 1 deletion csaf_2.1/test/validator/testcases_json_schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@
"title": "Number of the test",
"description": "Contains the section number of the test in the specification.",
"type": "string",
"pattern": "^6\\.(([1-3]\\.[1-9])|([12]\\.1[0-9])|(3\\.1[0-2])|([12]\\.2[0-1])|(1\\.2[2-68-9])|(1\\.27\\.([1-9]|10|11))|(1\\.3[0-4]))$"
"pattern": "^6\\.(([1-3]\\.[1-9])|([12]\\.1[0-9])|(3\\.1[0-2])|([12]\\.2[0-2])|(1\\.2[3-68-9])|(1\\.27\\.([1-9]|10|11))|(1\\.3[0-4]))$"
},
"valid": {
"title": "List of valid examples",
Expand Down

0 comments on commit cf3677f

Please sign in to comment.