feat: add mandatory test 6.1.37

secvisogram · Feb 27, 2025 · 942047f · 942047f
1 parent 57ea438
commit 942047f
Show file tree

Hide file tree

Showing 3 changed files with 172 additions and 1 deletion.
diff --git a/csaf_2_1/mandatoryTests.js b/csaf_2_1/mandatoryTests.js
@@ -43,3 +43,4 @@ export {
   mandatoryTest_6_1_32,
   mandatoryTest_6_1_33,
 } from '../mandatoryTests.js'
+export { mandatoryTest_6_1_37 } from './mandatoryTests/mandatoryTest_6_1_37.js'
diff --git a/csaf_2_1/mandatoryTests/mandatoryTest_6_1_37.js b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_37.js
@@ -0,0 +1,171 @@
+import Ajv from 'ajv/dist/jtd.js'
+
+const ajv = new Ajv()
+
+/*
+  This is the jtd schema that needs to match the input document so that the
+  test is activated. If this schema doesn't match it normally means that the input
+  document does not validate against the csaf json schema or optional fields that
+  the test checks are not present.
+ */
+const inputSchema = /** @type {const} */ ({
+  additionalProperties: true,
+  properties: {
+    document: {
+      additionalProperties: true,
+      optionalProperties: {
+        tracking: {
+          additionalProperties: true,
+          optionalProperties: {
+            current_release_date: { type: 'string' },
+            generator: {
+              additionalProperties: true,
+              optionalProperties: {
+                date: { type: 'string' },
+              },
+            },
+            initial_release_date: { type: 'string' },
+            revision_history: {
+              elements: {
+                additionalProperties: true,
+                optionalProperties: {
+                  date: { type: 'string' },
+                },
+              },
+            },
+            discovery_date: { type: 'string' },
+            flags: {
+              elements: {
+                additionalProperties: true,
+                optionalProperties: {
+                  date: { type: 'string' },
+                },
+              },
+            },
+            release_date: { type: 'string' },
+            involvements: {
+              elements: {
+                additionalProperties: true,
+                optionalProperties: {
+                  date: { type: 'string' },
+                },
+              },
+            },
+            remediations: {
+              elements: {
+                additionalProperties: true,
+                optionalProperties: {
+                  date: { type: 'string' },
+                },
+              },
+            },
+            threats: {
+              elements: {
+                additionalProperties: true,
+                optionalProperties: {
+                  date: { type: 'string' },
+                },
+              },
+            },
+          },
+        },
+      },
+    },
+  },
+})
+
+const validate = ajv.compile(inputSchema)
+
+// This regex validates a date against RFC 3339 section 5.6.
+// See: https://datatracker.ietf.org/doc/html/rfc3339#section-5.6
+const dateRegex =
+  /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d+)(Z|[+-]\d{2}:\d{2})$/
+
+/**
+ * This implements the mandatory test 6.1.37 of the CSAF 2.1 standard.
+ *
+ * @param {any} doc
+ */
+export function mandatoryTest_6_1_37(doc) {
+  /*
+    The `ctx` variable holds the state that is accumulated during the test ran and is
+    finally returned by the function.
+   */
+  const ctx = {
+    errors:
+      /** @type {Array<{ instancePath: string; message: string }>} */ ([]),
+    isValid: true,
+  }
+
+  if (!validate(doc)) return ctx
+
+  /**
+   * This function validates the given date and generates and error on
+   * `ctx` if it is not valid.
+   *
+   * @param {string | undefined} date The date to validate
+   * @param {string} path The json path to the date
+   */
+  const validateDate = (date, path) => {
+    if (date === undefined) return
+    if (!dateRegex.exec(date)) {
+      ctx.errors.push({
+        instancePath: path,
+        message: `invalid date`,
+      })
+      ctx.isValid = false
+    }
+  }
+
+  validateDate(
+    doc.document.tracking?.current_release_date,
+    '/document/tracking/current_release_date'
+  )
+  validateDate(
+    doc.document.tracking?.discovery_date,
+    '/document/tracking/discovery_date'
+  )
+  validateDate(
+    doc.document.tracking?.initial_release_date,
+    '/document/tracking/initial_release_date'
+  )
+  validateDate(
+    doc.document.tracking?.release_date,
+    '/document/tracking/release_date'
+  )
+  validateDate(
+    doc.document.tracking?.generator?.date,
+    '/document/tracking/generator/date'
+  )
+
+  doc.document.tracking?.flags?.forEach((flag, index) => {
+    validateDate(flag.date, `/document/tracking/flags/${index}/date`)
+  })
+
+  doc.document.tracking?.involvements?.forEach((involvement, index) => {
+    validateDate(
+      involvement.date,
+      `/document/tracking/involvements/${index}/date`
+    )
+  })
+
+  doc.document.tracking?.remediations?.forEach((remediation, index) => {
+    validateDate(
+      remediation.date,
+      `/document/tracking/remediations/${index}/date`
+    )
+  })
+
+  doc.document.tracking?.revision_history?.forEach((history, index) => {
+    validateDate(
+      history.date,
+      `/document/tracking/revision_history/${index}/date`
+    )
+  })
+
+  doc.document.tracking?.threats?.forEach((threat, index) => {
+    validateDate(threat.date, `/document/tracking/threats/${index}/date`)
+  })
+
+  return ctx
+}
diff --git a/tests/csaf_2_1/oasis.js b/tests/csaf_2_1/oasis.js
@@ -20,7 +20,6 @@ const excluded = [
   '6.1.34',
   '6.1.35',
   '6.1.36',
-  '6.1.37',
   '6.1.38',
   '6.1.39',
   '6.1.40',