diff --git a/csaf_2.1/prose/edit/src/tests-01-mndtr-45-inconsistent-disclosure-date.md b/csaf_2.1/prose/edit/src/tests-01-mndtr-45-inconsistent-disclosure-date.md new file mode 100644 index 00000000..de75ffbc --- /dev/null +++ b/csaf_2.1/prose/edit/src/tests-01-mndtr-45-inconsistent-disclosure-date.md @@ -0,0 +1,46 @@ +### Inconsistent Disclosure Date + +For each vulnerability, it MUST be tested that the `disclosure_date` is not newer than the `date` of the newest item of the `revision_history` +if the document is labeled `TLP:CLEAR` and the document status is `final` or `interim`. +As the timestamps might use different timezones, the sorting MUST take timezones into account. + +The relevant path for this test is: + +``` + /vulnerabilities[]/disclosure_date +``` + +*Example 1 (which fails the test):* + +``` + "document": { + // ... + "distribution": { + "tlp": { + "label": "CLEAR" + } + }, + // ... + "tracking": { + "current_release_date": "2024-01-24T10:00:00.000Z", + // ... + "initial_release_date": "2024-01-24T10:00:00.000Z", + "revision_history": [ + { + "date": "2024-01-24T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "vulnerabilities": [ + { + "disclosure_date": "2024-02-24T10:00:00.000Z" + } + ] +``` + +> The document is labeled `TLP:CLEAR` and in status `final` but the `disclosure_date` is newer than the date of newest item in the `revision_history`. diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-45-01.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-45-01.json new file mode 100644 index 00000000..6f6e6954 --- /dev/null +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-45-01.json @@ -0,0 +1,37 @@ +{ + "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json", + "document": { + "category": "csaf_base", + "csaf_version": "2.1", + "distribution": { + "tlp": { + "label": "CLEAR" + } + }, + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Inconsistent Disclosure Date (failing example 1)", + "tracking": { + "current_release_date": "2024-01-24T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-45-01", + "initial_release_date": "2024-01-24T10:00:00.000Z", + "revision_history": [ + { + "date": "2024-01-24T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "vulnerabilities": [ + { + "disclosure_date": "2024-02-24T10:00:00.000Z" + } + ] +} diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-45-02.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-45-02.json new file mode 100644 index 00000000..0b7df51c --- /dev/null +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-45-02.json @@ -0,0 +1,42 @@ +{ + "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json", + "document": { + "category": "csaf_base", + "csaf_version": "2.1", + "distribution": { + "tlp": { + "label": "CLEAR" + } + }, + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Inconsistent Disclosure Date (failing example 2)", + "tracking": { + "current_release_date": "2024-02-29T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-45-02", + "initial_release_date": "2024-01-24T10:00:00.000Z", + "revision_history": [ + { + "date": "2024-01-24T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + }, + { + "date": "2024-02-29T10:00:00.000Z", + "number": "2", + "summary": "Second version." + } + ], + "status": "final", + "version": "2" + } + }, + "vulnerabilities": [ + { + "disclosure_date": "2025-02-26T10:00:00.000Z" + } + ] +} diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-45-11.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-45-11.json new file mode 100644 index 00000000..b66dd483 --- /dev/null +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-45-11.json @@ -0,0 +1,37 @@ +{ + "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json", + "document": { + "category": "csaf_base", + "csaf_version": "2.1", + "distribution": { + "tlp": { + "label": "CLEAR" + } + }, + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Inconsistent Disclosure Date (valid example 1)", + "tracking": { + "current_release_date": "2024-01-24T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-45-11", + "initial_release_date": "2024-01-24T10:00:00.000Z", + "revision_history": [ + { + "date": "2024-01-24T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "vulnerabilities": [ + { + "disclosure_date": "2024-01-24T10:00:00.000Z" + } + ] +} diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-45-12.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-45-12.json new file mode 100644 index 00000000..1c0abf5a --- /dev/null +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-45-12.json @@ -0,0 +1,42 @@ +{ + "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json", + "document": { + "category": "csaf_base", + "csaf_version": "2.1", + "distribution": { + "tlp": { + "label": "CLEAR" + } + }, + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Inconsistent Disclosure Date (valid example 2)", + "tracking": { + "current_release_date": "2024-02-29T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-45-12", + "initial_release_date": "2024-01-24T10:00:00.000Z", + "revision_history": [ + { + "date": "2024-01-24T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + }, + { + "date": "2024-02-29T10:00:00.000Z", + "number": "2", + "summary": "Second version." + } + ], + "status": "final", + "version": "2" + } + }, + "vulnerabilities": [ + { + "disclosure_date": "2024-02-26T10:00:00.000Z" + } + ] +} diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-45-13.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-45-13.json new file mode 100644 index 00000000..7c76f9ab --- /dev/null +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-45-13.json @@ -0,0 +1,42 @@ +{ + "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json", + "document": { + "category": "csaf_base", + "csaf_version": "2.1", + "distribution": { + "tlp": { + "label": "AMBER+STRICT" + } + }, + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Inconsistent Disclosure Date (valid example 3)", + "tracking": { + "current_release_date": "2024-02-29T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-45-13", + "initial_release_date": "2024-01-24T10:00:00.000Z", + "revision_history": [ + { + "date": "2024-01-24T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + }, + { + "date": "2024-02-29T10:00:00.000Z", + "number": "2", + "summary": "Second version." + } + ], + "status": "final", + "version": "2" + } + }, + "vulnerabilities": [ + { + "disclosure_date": "2025-02-26T10:00:00.000Z" + } + ] +} diff --git a/csaf_2.1/test/validator/data/testcases.json b/csaf_2.1/test/validator/data/testcases.json index abcae151..c42533fa 100644 --- a/csaf_2.1/test/validator/data/testcases.json +++ b/csaf_2.1/test/validator/data/testcases.json @@ -1342,6 +1342,34 @@ } ] }, + { + "id": "6.1.45", + "group": "mandatory", + "failures": [ + { + "name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-45-01.json", + "valid": false + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-45-02.json", + "valid": false + } + ], + "valid": [ + { + "name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-45-11.json", + "valid": true + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-45-12.json", + "valid": true + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-45-13.json", + "valid": true + } + ] + }, { "id": "6.2.1", "group": "optional", diff --git a/csaf_2.1/test/validator/testcases_json_schema.json b/csaf_2.1/test/validator/testcases_json_schema.json index 1fd3d681..3d64e3ad 100644 --- a/csaf_2.1/test/validator/testcases_json_schema.json +++ b/csaf_2.1/test/validator/testcases_json_schema.json @@ -62,7 +62,7 @@ "title": "Number of the test", "description": "Contains the section number of the test in the specification.", "type": "string", - "pattern": "^6\\.(([1-3]\\.[1-9])|(1\\.10)|([12]\\.1[1-9])|(3\\.1[0-2])|([12]\\.2[0-6])|(2\\.27)|([12]\\.2[8-9])|(1\\.27\\.([1-9]|10|11))|([12]\\.3[0-2])|(1\\.3[3-9])|(1\\.4[0-4]))$" + "pattern": "^6\\.(([1-3]\\.[1-9])|(1\\.10)|([12]\\.1[1-9])|(3\\.1[0-2])|([12]\\.2[0-6])|(2\\.27)|([12]\\.2[8-9])|(1\\.27\\.([1-9]|10|11))|([12]\\.3[0-2])|(1\\.3[3-9])|(1\\.4[0-5]))$" }, "valid": { "title": "List of valid examples",