From 2d777fb28f524cda27ce0c647cc9f81c07843db8 Mon Sep 17 00:00:00 2001 From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Date: Wed, 31 Jul 2024 14:08:56 +0200 Subject: [PATCH 1/3] Tests - addresses parts of oasis-tcs/csaf#341 - backport testfiles for 6.1.8 from CSAF 2.1 --- ...oasis_csaf_tc-csaf_2_0-2021-6-1-08-02.json | 50 ++++++++++++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-1-08-03.json | 49 ++++++++++++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-1-08-11.json | 51 +++++++++++++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-1-08-12.json | 51 +++++++++++++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-1-08-13.json | 50 ++++++++++++++++++ csaf_2.0/test/validator/data/testcases.json | 24 ++++++++- csaf_2.0/test/validator/run_tests.sh | 12 ++--- 7 files changed, 280 insertions(+), 7 deletions(-) create mode 100644 csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-02.json create mode 100644 csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-03.json create mode 100644 csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-11.json create mode 100644 csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-12.json create mode 100644 csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-13.json diff --git a/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-02.json b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-02.json new file mode 100644 index 000000000..b7ff86f21 --- /dev/null +++ b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-02.json @@ -0,0 +1,50 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (failing example 2)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-08-02", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5 + } + } + ] + } + ] +} diff --git a/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-03.json b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-03.json new file mode 100644 index 000000000..c97d21998 --- /dev/null +++ b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-03.json @@ -0,0 +1,49 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (failing example 3)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-08-03", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v2": { + "vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C", + "baseScore": 6.5 + } + } + ] + } + ] +} diff --git a/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-11.json b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-11.json new file mode 100644 index 000000000..9c8d493e0 --- /dev/null +++ b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-11.json @@ -0,0 +1,51 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (valid example 1)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-08-11", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + } + ] + } + ] +} diff --git a/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-12.json b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-12.json new file mode 100644 index 000000000..53dc8face --- /dev/null +++ b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-12.json @@ -0,0 +1,51 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (valid example 2)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-08-12", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + } + ] + } + ] +} diff --git a/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-13.json b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-13.json new file mode 100644 index 000000000..089b9cb1d --- /dev/null +++ b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-13.json @@ -0,0 +1,50 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (valid example 3)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-08-13", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C", + "baseScore": 6.5 + } + } + ] + } + ] +} diff --git a/csaf_2.0/test/validator/data/testcases.json b/csaf_2.0/test/validator/data/testcases.json index f626f2c2f..90cc47dca 100644 --- a/csaf_2.0/test/validator/data/testcases.json +++ b/csaf_2.0/test/validator/data/testcases.json @@ -127,6 +127,28 @@ { "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-01.json", "valid": false + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-02.json", + "valid": false + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-03.json", + "valid": false + } + ], + "valid": [ + { + "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-11.json", + "valid": true + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-12.json", + "valid": true + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-13.json", + "valid": true } ] }, @@ -1371,4 +1393,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/csaf_2.0/test/validator/run_tests.sh b/csaf_2.0/test/validator/run_tests.sh index 980362ecc..f26816455 100755 --- a/csaf_2.0/test/validator/run_tests.sh +++ b/csaf_2.0/test/validator/run_tests.sh @@ -1,7 +1,7 @@ #!/bin/bash STRICT_BUILD=csaf_2.0/build -ORIG_SCHEMA=csaf_2.0/json_schema/csaf_json_schema.json +ORIG_SCHEMA=csaf_2.0/json_schema/csaf_json_schema.json CSAF_STRICT_SCHEMA=${STRICT_BUILD}/csaf_strict_schema.json CVSS_20_STRICT_SCHEMA=csaf_2.0/referenced_schema/first/cvss-v2.0_strict.json CVSS_30_STRICT_SCHEMA=csaf_2.0/referenced_schema/first/cvss-v3.0_strict.json @@ -9,7 +9,7 @@ CVSS_31_STRICT_SCHEMA=csaf_2.0/referenced_schema/first/cvss-v3.1_strict.json VALIDATOR=csaf_2.0/test/validator.py STRICT_GENERATOR=csaf_2.0/test/generate_strict_schema.py TESTPATH=csaf_2.0/test/validator/data/$1/*.json -EXCLUDE=oasis_csaf_tc-csaf_2_0-2021-6-1-08-01.json +EXCLUDE='oasis_csaf_tc-csaf_2_1-2024-6-1-08-01.json|oasis_csaf_tc-csaf_2_1-2024-6-1-08-02.json|oasis_csaf_tc-csaf_2_1-2024-6-1-08-03.json' EXCLUDE_STRICT=oasis_csaf_tc-csaf_2_0-2021-6-2-20-01.json FAIL=0 @@ -29,23 +29,23 @@ validate() { } test_all() { - for i in $(ls -1 ${TESTPATH} | grep -v $EXCLUDE) + for i in $(ls -1 ${TESTPATH} | grep -Ev $EXCLUDE) do validate $i done } test_all_strict() { - for i in $(ls -1 ${TESTPATH} | grep -v $EXCLUDE | grep -v ${EXCLUDE_STRICT}) + for i in $(ls -1 ${TESTPATH} | grep -Ev $EXCLUDE | grep -v ${EXCLUDE_STRICT}) do validate $i done -} +} SCHEMA=$ORIG_SCHEMA test_all - + printf "%s" "Generating strict schema ... " mkdir -p ${STRICT_BUILD} python3 "${STRICT_GENERATOR}" "${ORIG_SCHEMA}" > "${CSAF_STRICT_SCHEMA}" From b39cd0b8de0ab7792596d430dd927f04293a418e Mon Sep 17 00:00:00 2001 From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Date: Wed, 31 Jul 2024 14:15:45 +0200 Subject: [PATCH 2/3] Tests - addresses parts of oasis-tcs/csaf#754, oasis-tcs/csaf#341 - add valid testfile for 6.1.8 in CSAF 2.0 and CSAF 2.1 that does not contain CVSS --- ...oasis_csaf_tc-csaf_2_0-2021-6-1-08-14.json | 44 ++++++++++++++++ csaf_2.0/test/validator/data/testcases.json | 4 ++ ...oasis_csaf_tc-csaf_2_1-2024-6-1-08-15.json | 50 +++++++++++++++++++ csaf_2.1/test/validator/data/testcases.json | 4 ++ 4 files changed, 102 insertions(+) create mode 100644 csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-14.json create mode 100644 csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-15.json diff --git a/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-14.json b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-14.json new file mode 100644 index 000000000..89c0bbc30 --- /dev/null +++ b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-14.json @@ -0,0 +1,44 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (valid example 4)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-08-14", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "notes": [ + { + "category": "summary", + "text": "A vulnerability without CVSS passes the test as well." + } + ] + } + ] +} diff --git a/csaf_2.0/test/validator/data/testcases.json b/csaf_2.0/test/validator/data/testcases.json index 90cc47dca..7c066987a 100644 --- a/csaf_2.0/test/validator/data/testcases.json +++ b/csaf_2.0/test/validator/data/testcases.json @@ -149,6 +149,10 @@ { "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-13.json", "valid": true + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-14.json", + "valid": true } ] }, diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-15.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-15.json new file mode 100644 index 000000000..b3488ed17 --- /dev/null +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-15.json @@ -0,0 +1,50 @@ +{ + "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json", + "document": { + "category": "csaf_base", + "csaf_version": "2.1", + "distribution": { + "tlp": { + "label": "CLEAR" + } + }, + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (valid example 5)", + "tracking": { + "current_release_date": "2024-01-24T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-08-15", + "initial_release_date": "2024-01-24T10:00:00.000Z", + "revision_history": [ + { + "date": "2024-01-24T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "notes": [ + { + "category": "summary", + "text": "A vulnerability without CVSS passes the test as well." + } + ] + } + ] +} diff --git a/csaf_2.1/test/validator/data/testcases.json b/csaf_2.1/test/validator/data/testcases.json index e87ad5430..315205fb7 100644 --- a/csaf_2.1/test/validator/data/testcases.json +++ b/csaf_2.1/test/validator/data/testcases.json @@ -189,6 +189,10 @@ { "name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-14.json", "valid": true + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-15.json", + "valid": true } ] }, From 6e41a7a3f5cd20157e264c38e61b0aea36a2f44e Mon Sep 17 00:00:00 2001 From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Date: Wed, 31 Jul 2024 14:50:18 +0200 Subject: [PATCH 3/3] Tests - addresses parts of oasis-tcs/csaf#754 - fix copy paste error (wrong filenames) --- csaf_2.0/test/validator/run_tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/csaf_2.0/test/validator/run_tests.sh b/csaf_2.0/test/validator/run_tests.sh index f26816455..3f306806d 100755 --- a/csaf_2.0/test/validator/run_tests.sh +++ b/csaf_2.0/test/validator/run_tests.sh @@ -9,7 +9,7 @@ CVSS_31_STRICT_SCHEMA=csaf_2.0/referenced_schema/first/cvss-v3.1_strict.json VALIDATOR=csaf_2.0/test/validator.py STRICT_GENERATOR=csaf_2.0/test/generate_strict_schema.py TESTPATH=csaf_2.0/test/validator/data/$1/*.json -EXCLUDE='oasis_csaf_tc-csaf_2_1-2024-6-1-08-01.json|oasis_csaf_tc-csaf_2_1-2024-6-1-08-02.json|oasis_csaf_tc-csaf_2_1-2024-6-1-08-03.json' +EXCLUDE='oasis_csaf_tc-csaf_2_0-2021-6-1-08-01.json|oasis_csaf_tc-csaf_2_0-2021-6-1-08-02.json|oasis_csaf_tc-csaf_2_0-2021-6-1-08-03.json' EXCLUDE_STRICT=oasis_csaf_tc-csaf_2_0-2021-6-2-20-01.json FAIL=0