diff --git a/csaf_2.1/prose/edit/src/tests-01-mndtr-08-invalid-cvss.md b/csaf_2.1/prose/edit/src/tests-01-mndtr-08-invalid-cvss.md index 9551190be..e5751ec79 100644 --- a/csaf_2.1/prose/edit/src/tests-01-mndtr-08-invalid-cvss.md +++ b/csaf_2.1/prose/edit/src/tests-01-mndtr-08-invalid-cvss.md @@ -7,6 +7,7 @@ The relevant paths for this test are: ``` /vulnerabilities[]/scores[]/cvss_v2 /vulnerabilities[]/scores[]/cvss_v3 + /vulnerabilities[]/scores[]/cvss_v4 ``` *Example 1 (which fails the test):* diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-02.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-02.json new file mode 100644 index 000000000..9b4ac1ad4 --- /dev/null +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-02.json @@ -0,0 +1,50 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.1", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (failing example 2)", + "tracking": { + "current_release_date": "2024-01-24T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-08-02", + "initial_release_date": "2024-01-24T10:00:00.000Z", + "revision_history": [ + { + "date": "2024-01-24T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5 + } + } + ] + } + ] +} diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-03.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-03.json new file mode 100644 index 000000000..d88c5941f --- /dev/null +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-03.json @@ -0,0 +1,49 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.1", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (failing example 3)", + "tracking": { + "current_release_date": "2024-01-24T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-08-03", + "initial_release_date": "2024-01-24T10:00:00.000Z", + "revision_history": [ + { + "date": "2024-01-24T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v2": { + "vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C", + "baseScore": 6.5 + } + } + ] + } + ] +} diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-04.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-04.json new file mode 100644 index 000000000..ecb442856 --- /dev/null +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-04.json @@ -0,0 +1,50 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.1", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (failing example 4)", + "tracking": { + "current_release_date": "2024-01-24T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-08-04", + "initial_release_date": "2024-01-24T10:00:00.000Z", + "revision_history": [ + { + "date": "2024-01-24T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", + "baseScore": 5.4 + } + } + ] + } + ] +} diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-11.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-11.json new file mode 100644 index 000000000..2dd374cf9 --- /dev/null +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-11.json @@ -0,0 +1,51 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.1", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (valid example 1)", + "tracking": { + "current_release_date": "2024-01-24T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-08-11", + "initial_release_date": "2024-01-24T10:00:00.000Z", + "revision_history": [ + { + "date": "2024-01-24T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + } + ] + } + ] +} diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-12.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-12.json new file mode 100644 index 000000000..78d1dcb5b --- /dev/null +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-12.json @@ -0,0 +1,51 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.1", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (valid example 2)", + "tracking": { + "current_release_date": "2024-01-24T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-08-12", + "initial_release_date": "2024-01-24T10:00:00.000Z", + "revision_history": [ + { + "date": "2024-01-24T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + } + ] + } + ] +} diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-13.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-13.json new file mode 100644 index 000000000..cf3318a0e --- /dev/null +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-13.json @@ -0,0 +1,50 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.1", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (valid example 3)", + "tracking": { + "current_release_date": "2024-01-24T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-08-13", + "initial_release_date": "2024-01-24T10:00:00.000Z", + "revision_history": [ + { + "date": "2024-01-24T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C", + "baseScore": 6.5 + } + } + ] + } + ] +} diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-14.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-14.json new file mode 100644 index 000000000..306eab724 --- /dev/null +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-14.json @@ -0,0 +1,51 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.1", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (valid example 4)", + "tracking": { + "current_release_date": "2024-01-24T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-08-14", + "initial_release_date": "2024-01-24T10:00:00.000Z", + "revision_history": [ + { + "date": "2024-01-24T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + } + } + ] + } + ] +} diff --git a/csaf_2.1/test/validator/data/testcases.json b/csaf_2.1/test/validator/data/testcases.json index c0b410434..dd852da39 100644 --- a/csaf_2.1/test/validator/data/testcases.json +++ b/csaf_2.1/test/validator/data/testcases.json @@ -159,6 +159,36 @@ { "name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-01.json", "valid": false + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-02.json", + "valid": false + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-03.json", + "valid": false + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-04.json", + "valid": false + } + ], + "valid": [ + { + "name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-11.json", + "valid": true + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-12.json", + "valid": true + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-13.json", + "valid": true + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-14.json", + "valid": true } ] }, diff --git a/csaf_2.1/test/validator/run_tests.sh b/csaf_2.1/test/validator/run_tests.sh index c7930cba0..1d39d46c6 100755 --- a/csaf_2.1/test/validator/run_tests.sh +++ b/csaf_2.1/test/validator/run_tests.sh @@ -10,7 +10,7 @@ CVSS_40_STRICT_SCHEMA=csaf_2.1/referenced_schema/first/cvss-v4.0_strict.json VALIDATOR=csaf_2.1/test/validator.py STRICT_GENERATOR=csaf_2.1/test/generate_strict_schema.py TESTPATH=csaf_2.1/test/validator/data/$1/*.json -EXCLUDE=oasis_csaf_tc-csaf_2_1-2024-6-1-08-01.json +EXCLUDE='oasis_csaf_tc-csaf_2_1-2024-6-1-08-01.json|oasis_csaf_tc-csaf_2_1-2024-6-1-08-02.json|oasis_csaf_tc-csaf_2_1-2024-6-1-08-03.json|oasis_csaf_tc-csaf_2_1-2024-6-1-08-04.json' EXCLUDE_STRICT=oasis_csaf_tc-csaf_2_1-2024-6-2-20-01.json FAIL=0 @@ -30,14 +30,14 @@ validate() { } test_all() { - for i in $(ls -1 ${TESTPATH} | grep -v $EXCLUDE) + for i in $(ls -1 ${TESTPATH} | grep -Ev "${EXCLUDE}") do validate $i done } test_all_strict() { - for i in $(ls -1 ${TESTPATH} | grep -v $EXCLUDE | grep -v ${EXCLUDE_STRICT}) + for i in $(ls -1 ${TESTPATH} | grep -Ev "${EXCLUDE}" | grep -v ${EXCLUDE_STRICT}) do validate $i done