Merge pull request #834 from tschmidtb51/date-time

Mandatory test to check `date-time` format

csaf_2.1/prose/edit/src/design-considerations-02-date-time.md

@@ -1,13 +1,14 @@
 ## Date and Time
 
 This standard uses the `date-time` format as defined in JSON Schema Draft 2020-12 Section 7.3.1.
-In accordance with RFC 3339 and ISO 8601, the following rules apply:
+In accordance with [cite]{#RFC3339} and [cite]{#ISO8601}, the following rules apply:
 
 * The letter `T` separating the date and time SHALL be upper case.
+* The separator between date and time MUST be the letter `T`.
 * The letter `Z` indicating the timezone UTC SHALL be upper case.
 * Fractions of seconds are allowed as specified in the standards mention above with the full stop (`.`) as separator.
 * Leap seconds are supported. However, they SHOULD be avoided if possible.
-* Empty timezones are prohibited.
+* Empty timezones MUST NOT be used.
 * The ABNF of RFC 3339, section 5.6 applies.
 
 -------

csaf_2.1/prose/edit/src/tests-01-mndtr-37-date-and-time.md

@@ -0,0 +1,26 @@
+### Date and Time{#mandatory-tests--date-and-time}
+
+For each item of type `string` and format `date-time` it MUST be tested that it conforms to the rules given in section [sec]{#date-and-time}.
+
+The relevant path for this test is:
+
+```
+  /document/tracking/current_release_date
+  /document/tracking/generator/date
+  /document/tracking/initial_release_date
+  /document/tracking/revision_history[]/date
+  /vulnerabilities[]/discovery_date
+  /vulnerabilities[]/flags[]/date
+  /vulnerabilities[]/release_date
+  /vulnerabilities[]/involvements[]/date
+  /vulnerabilities[]/remediations[]/date
+  /vulnerabilities[]/threats[]/date
+```
+
+*Example 1 (which fails the test):*
+
+```
+      "current_release_date": "2024-01-24 10:00:00.000Z",
+```
+
+> The `current_release_date` uses a whitespace as separator instead the letter `T`.

csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-37-01.json

@@ -0,0 +1,32 @@
+{
+  "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json",
+  "document": {
+    "category": "csaf_base",
+    "csaf_version": "2.1",
+    "distribution": {
+      "tlp": {
+        "label": "CLEAR"
+      }
+    },
+    "publisher": {
+      "category": "other",
+      "name": "OASIS CSAF TC",
+      "namespace": "https://csaf.io"
+    },
+    "title": "Mandatory test: Date and Time (failing example 1)",
+    "tracking": {
+      "current_release_date": "2024-01-24 10:00:00.000Z",
+      "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-37-01",
+      "initial_release_date": "2024-01-24 10:00:00.000Z",
+      "revision_history": [
+        {
+          "date": "2024-01-24 10:00:00.000Z",
+          "number": "1",
+          "summary": "Initial version."
+        }
+      ],
+      "status": "final",
+      "version": "1"
+    }
+  }
+}

csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-37-11.json

@@ -0,0 +1,32 @@
+{
+  "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json",
+  "document": {
+    "category": "csaf_base",
+    "csaf_version": "2.1",
+    "distribution": {
+      "tlp": {
+        "label": "CLEAR"
+      }
+    },
+    "publisher": {
+      "category": "other",
+      "name": "OASIS CSAF TC",
+      "namespace": "https://csaf.io"
+    },
+    "title": "Mandatory test: Date and Time (valid example 1)",
+    "tracking": {
+      "current_release_date": "2024-01-24T10:00:00.000Z",
+      "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-37-11",
+      "initial_release_date": "2024-01-24T10:00:00.000Z",
+      "revision_history": [
+        {
+          "date": "2024-01-24T10:00:00.000Z",
+          "number": "1",
+          "summary": "Initial version."
+        }
+      ],
+      "status": "final",
+      "version": "1"
+    }
+  }
+}

csaf_2.1/test/validator/data/testcases.json

@@ -1100,6 +1100,22 @@
         }
       ]
     },
+    {
+      "id": "6.1.37",
+      "group": "mandatory",
+      "failures": [
+        {
+          "name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-37-01.json",
+          "valid": false
+        }
+      ],
+      "valid": [
+        {
+          "name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-37-11.json",
+          "valid": true
+        }
+      ]
+    },
     {
       "id": "6.2.1",
       "group": "optional",

csaf_2.1/test/validator/run_tests.sh

@@ -10,7 +10,7 @@ CVSS_40_STRICT_SCHEMA=csaf_2.1/referenced_schema/first/cvss-v4.0_strict.json
 VALIDATOR=csaf_2.1/test/validator.py
 STRICT_GENERATOR=csaf_2.1/test/generate_strict_schema.py
 TESTPATH=csaf_2.1/test/validator/data/$1/*.json
-EXCLUDE='oasis_csaf_tc-csaf_2_1-2024-6-1-08-01.json|oasis_csaf_tc-csaf_2_1-2024-6-1-08-02.json|oasis_csaf_tc-csaf_2_1-2024-6-1-08-03.json|oasis_csaf_tc-csaf_2_1-2024-6-1-08-04.json|oasis_csaf_tc-csaf_2_1-2024-6-1-09-05.json|oasis_csaf_tc-csaf_2_1-2024-6-2-10-01.json'
+EXCLUDE='oasis_csaf_tc-csaf_2_1-2024-6-1-08-01.json|oasis_csaf_tc-csaf_2_1-2024-6-1-08-02.json|oasis_csaf_tc-csaf_2_1-2024-6-1-08-03.json|oasis_csaf_tc-csaf_2_1-2024-6-1-08-04.json|oasis_csaf_tc-csaf_2_1-2024-6-1-09-05.json|oasis_csaf_tc-csaf_2_1-2024-6-1-37-01.json|oasis_csaf_tc-csaf_2_1-2024-6-2-10-01.json'
 EXCLUDE_STRICT=oasis_csaf_tc-csaf_2_1-2024-6-2-20-01.json
 
 FAIL=0

csaf_2.1/test/validator/testcases_json_schema.json

@@ -62,7 +62,7 @@
           "title": "Number of the test",
           "description": "Contains the section number of the test in the specification.",
           "type": "string",
-          "pattern": "^6\\.(([1-3]\\.[1-9])|(1\\.10)|([12]\\.1[1-9])|(3\\.1[0-2])|([12]\\.2[0-6])|(2\\.27)|(1\\.2[8-9])|(1\\.27\\.([1-9]|10|11))|(1\\.3[0-6]))$"
+          "pattern": "^6\\.(([1-3]\\.[1-9])|(1\\.10)|([12]\\.1[1-9])|(3\\.1[0-2])|([12]\\.2[0-6])|(2\\.27)|(1\\.2[8-9])|(1\\.27\\.([1-9]|10|11))|(1\\.3[0-7]))$"
         },
         "valid": {
           "title": "List of valid examples",