Skip to content

Commit

Permalink
Contradicting Remediations
Browse files Browse the repository at this point in the history 
- addresses parts of oasis-tcs#541, oasis-tcs#662, oasis-tcs#563
- correct example
- add valid example
- add invalid example
  • Loading branch information
@tschmidtb51
tschmidtb51 committed Oct 25, 2024
1 parent 7e03b04 commit 026b814
Show file tree
Hide file tree
Showing 4 changed files with 217 additions and 1 deletion.
2 changes: 1 addition & 1 deletion csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-35-03.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@
"vulnerabilities": [
{
"product_status": {
"known_affected": [
"recommended": [
"CSAFPID-9080700",
"CSAFPID-9080701",
"CSAFPID-9080702"
Expand Down
105 changes: 105 additions & 0 deletions csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-35-04.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
{
"$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json",
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"distribution": {
"tlp": {
"label": "CLEAR"
}
},
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "Mandatory test: Contradicting Remediations (failing example 4)",
"tracking": {
"current_release_date": "2024-01-24T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-35-04",
"initial_release_date": "2024-01-24T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-24T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"full_product_names": [
{
"product_id": "CSAFPID-9080700",
"name": "Product A"
},
{
"product_id": "CSAFPID-9080701",
"name": "Product B"
},
{
"product_id": "CSAFPID-9080702",
"name": "Product C"
},
{
"product_id": "CSAFPID-9080703",
"name": "Product D"
}
],
"product_groups": [
{
"group_id": "CSAFGID-1020300",
"product_ids": [
"CSAFPID-9080700",
"CSAFPID-9080701",
"CSAFPID-9080702"
]
},
{
"group_id": "CSAFGID-1020301",
"product_ids": [
"CSAFPID-9080701",
"CSAFPID-9080702",
"CSAFPID-9080703"
]
}
]
},
"vulnerabilities": [
{
"product_status": {
"recommended": [
"CSAFPID-9080700",
"CSAFPID-9080701",
"CSAFPID-9080702",
"CSAFPID-9080703"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Disconnect the product from all networks. Reboot the product and deactivate the IPv6 stack. Then reconnect the product to trusted networks only.",
"group_ids": [
"CSAFGID-1020301"
]
},
{
"category": "fix_planned",
"details": "A fix is expected in December 2024.",
"group_ids": [
"CSAFGID-1020301"
]
},
{
"category": "optional_patch",
"details": "Apply the firmware update provided.",
"group_ids": [
"CSAFGID-1020300"
]
}
]
}
]
}
103 changes: 103 additions & 0 deletions csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-35-14.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
{
"$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json",
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"distribution": {
"tlp": {
"label": "CLEAR"
}
},
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "Mandatory test: Contradicting Remediations (valid example 4)",
"tracking": {
"current_release_date": "2024-01-24T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-35-14",
"initial_release_date": "2024-01-24T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-24T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"full_product_names": [
{
"product_id": "CSAFPID-9080700",
"name": "Product A"
},
{
"product_id": "CSAFPID-9080701",
"name": "Product B"
},
{
"product_id": "CSAFPID-9080702",
"name": "Product C"
},
{
"product_id": "CSAFPID-9080703",
"name": "Product D"
}
],
"product_groups": [
{
"group_id": "CSAFGID-1020300",
"product_ids": [
"CSAFPID-9080700",
"CSAFPID-9080701"
]
},
{
"group_id": "CSAFGID-1020301",
"product_ids": [
"CSAFPID-9080702",
"CSAFPID-9080703"
]
}
]
},
"vulnerabilities": [
{
"product_status": {
"recommended": [
"CSAFPID-9080700",
"CSAFPID-9080701",
"CSAFPID-9080702",
"CSAFPID-9080703"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Disconnect the product from all networks. Reboot the product and deactivate the IPv6 stack. Then reconnect the product to trusted networks only.",
"group_ids": [
"CSAFGID-1020301"
]
},
{
"category": "fix_planned",
"details": "A fix is expected in December 2024.",
"group_ids": [
"CSAFGID-1020301"
]
},
{
"category": "optional_patch",
"details": "Apply the firmware update provided.",
"group_ids": [
"CSAFGID-1020300"
]
}
]
}
]
}
8 changes: 8 additions & 0 deletions csaf_2.1/test/validator/data/testcases.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1039,6 +1039,10 @@
{
"name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-35-03.json",
"valid": false
},
{
"name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-35-04.json",
"valid": false
}
],
"valid": [
Expand All @@ -1053,6 +1057,10 @@
{
"name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-35-13.json",
"valid": true
},
{
"name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-35-14.json",
"valid": true
}
]
},
Expand Down

0 comments on commit 026b814

Please sign in to comment.