diff --git a/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-02.json b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-02.json new file mode 100644 index 000000000..b7ff86f21 --- /dev/null +++ b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-02.json @@ -0,0 +1,50 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (failing example 2)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-08-02", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5 + } + } + ] + } + ] +} diff --git a/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-03.json b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-03.json new file mode 100644 index 000000000..c97d21998 --- /dev/null +++ b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-03.json @@ -0,0 +1,49 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (failing example 3)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-08-03", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v2": { + "vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C", + "baseScore": 6.5 + } + } + ] + } + ] +} diff --git a/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-11.json b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-11.json new file mode 100644 index 000000000..9c8d493e0 --- /dev/null +++ b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-11.json @@ -0,0 +1,51 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (valid example 1)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-08-11", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + } + ] + } + ] +} diff --git a/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-12.json b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-12.json new file mode 100644 index 000000000..53dc8face --- /dev/null +++ b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-12.json @@ -0,0 +1,51 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (valid example 2)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-08-12", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + } + ] + } + ] +} diff --git a/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-13.json b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-13.json new file mode 100644 index 000000000..089b9cb1d --- /dev/null +++ b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-13.json @@ -0,0 +1,50 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (valid example 3)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-08-13", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C", + "baseScore": 6.5 + } + } + ] + } + ] +} diff --git a/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-14.json b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-14.json new file mode 100644 index 000000000..89c0bbc30 --- /dev/null +++ b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-14.json @@ -0,0 +1,44 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (valid example 4)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-08-14", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "notes": [ + { + "category": "summary", + "text": "A vulnerability without CVSS passes the test as well." + } + ] + } + ] +} diff --git a/csaf_2.0/test/validator/data/testcases.json b/csaf_2.0/test/validator/data/testcases.json index f626f2c2f..7c066987a 100644 --- a/csaf_2.0/test/validator/data/testcases.json +++ b/csaf_2.0/test/validator/data/testcases.json @@ -127,6 +127,32 @@ { "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-01.json", "valid": false + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-02.json", + "valid": false + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-03.json", + "valid": false + } + ], + "valid": [ + { + "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-11.json", + "valid": true + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-12.json", + "valid": true + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-13.json", + "valid": true + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-14.json", + "valid": true } ] }, @@ -1371,4 +1397,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/csaf_2.0/test/validator/run_tests.sh b/csaf_2.0/test/validator/run_tests.sh index 980362ecc..3f306806d 100755 --- a/csaf_2.0/test/validator/run_tests.sh +++ b/csaf_2.0/test/validator/run_tests.sh @@ -1,7 +1,7 @@ #!/bin/bash STRICT_BUILD=csaf_2.0/build -ORIG_SCHEMA=csaf_2.0/json_schema/csaf_json_schema.json +ORIG_SCHEMA=csaf_2.0/json_schema/csaf_json_schema.json CSAF_STRICT_SCHEMA=${STRICT_BUILD}/csaf_strict_schema.json CVSS_20_STRICT_SCHEMA=csaf_2.0/referenced_schema/first/cvss-v2.0_strict.json CVSS_30_STRICT_SCHEMA=csaf_2.0/referenced_schema/first/cvss-v3.0_strict.json @@ -9,7 +9,7 @@ CVSS_31_STRICT_SCHEMA=csaf_2.0/referenced_schema/first/cvss-v3.1_strict.json VALIDATOR=csaf_2.0/test/validator.py STRICT_GENERATOR=csaf_2.0/test/generate_strict_schema.py TESTPATH=csaf_2.0/test/validator/data/$1/*.json -EXCLUDE=oasis_csaf_tc-csaf_2_0-2021-6-1-08-01.json +EXCLUDE='oasis_csaf_tc-csaf_2_0-2021-6-1-08-01.json|oasis_csaf_tc-csaf_2_0-2021-6-1-08-02.json|oasis_csaf_tc-csaf_2_0-2021-6-1-08-03.json' EXCLUDE_STRICT=oasis_csaf_tc-csaf_2_0-2021-6-2-20-01.json FAIL=0 @@ -29,23 +29,23 @@ validate() { } test_all() { - for i in $(ls -1 ${TESTPATH} | grep -v $EXCLUDE) + for i in $(ls -1 ${TESTPATH} | grep -Ev $EXCLUDE) do validate $i done } test_all_strict() { - for i in $(ls -1 ${TESTPATH} | grep -v $EXCLUDE | grep -v ${EXCLUDE_STRICT}) + for i in $(ls -1 ${TESTPATH} | grep -Ev $EXCLUDE | grep -v ${EXCLUDE_STRICT}) do validate $i done -} +} SCHEMA=$ORIG_SCHEMA test_all - + printf "%s" "Generating strict schema ... " mkdir -p ${STRICT_BUILD} python3 "${STRICT_GENERATOR}" "${ORIG_SCHEMA}" > "${CSAF_STRICT_SCHEMA}" diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-15.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-15.json new file mode 100644 index 000000000..b3488ed17 --- /dev/null +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-15.json @@ -0,0 +1,50 @@ +{ + "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json", + "document": { + "category": "csaf_base", + "csaf_version": "2.1", + "distribution": { + "tlp": { + "label": "CLEAR" + } + }, + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (valid example 5)", + "tracking": { + "current_release_date": "2024-01-24T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-08-15", + "initial_release_date": "2024-01-24T10:00:00.000Z", + "revision_history": [ + { + "date": "2024-01-24T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "notes": [ + { + "category": "summary", + "text": "A vulnerability without CVSS passes the test as well." + } + ] + } + ] +} diff --git a/csaf_2.1/test/validator/data/testcases.json b/csaf_2.1/test/validator/data/testcases.json index e87ad5430..315205fb7 100644 --- a/csaf_2.1/test/validator/data/testcases.json +++ b/csaf_2.1/test/validator/data/testcases.json @@ -189,6 +189,10 @@ { "name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-14.json", "valid": true + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-15.json", + "valid": true } ] },