From d1fb80e1f13e08e14cadce801f03cde87907dce4 Mon Sep 17 00:00:00 2001 From: chirschenberger Date: Mon, 30 Jun 2025 14:48:17 +0200 Subject: [PATCH 1/5] feat: add mandatory test 6.1.49.js --- README.md | 2 +- csaf_2_1/mandatoryTests.js | 1 + .../mandatoryTests/mandatoryTest_6_1_49.js | 121 ++++++++++++++++++ tests/csaf_2_1/mandatoryTest_6_1_49.js | 53 ++++++++ tests/csaf_2_1/oasis.js | 1 - 5 files changed, 176 insertions(+), 2 deletions(-) create mode 100644 csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js create mode 100644 tests/csaf_2_1/mandatoryTest_6_1_49.js diff --git a/README.md b/README.md index 1bedef0c..134d9e4e 100644 --- a/README.md +++ b/README.md @@ -315,7 +315,6 @@ The following tests are not yet implemented and therefore missing: - Mandatory Test 6.1.27.13 - Mandatory Test 6.1.47 - Mandatory Test 6.1.48 -- Mandatory Test 6.1.49 - Mandatory Test 6.1.50 - Mandatory Test 6.1.54 - Mandatory Test 6.1.55 @@ -459,6 +458,7 @@ export const mandatoryTest_6_1_43: DocumentTest export const mandatoryTest_6_1_44: DocumentTest export const mandatoryTest_6_1_45: DocumentTest export const mandatoryTest_6_1_46: DocumentTest +export const mandatoryTest_6_1_49: DocumentTest export const mandatoryTest_6_1_51: DocumentTest export const mandatoryTest_6_1_52: DocumentTest export const mandatoryTest_6_1_53: DocumentTest diff --git a/csaf_2_1/mandatoryTests.js b/csaf_2_1/mandatoryTests.js index d26ae836..0ae4d620 100644 --- a/csaf_2_1/mandatoryTests.js +++ b/csaf_2_1/mandatoryTests.js @@ -63,6 +63,7 @@ export { mandatoryTest_6_1_43 } from './mandatoryTests/mandatoryTest_6_1_43.js' export { mandatoryTest_6_1_44 } from './mandatoryTests/mandatoryTest_6_1_44.js' export { mandatoryTest_6_1_45 } from './mandatoryTests/mandatoryTest_6_1_45.js' export { mandatoryTest_6_1_46 } from './mandatoryTests/mandatoryTest_6_1_46.js' +export { mandatoryTest_6_1_49 } from './mandatoryTests/mandatoryTest_6_1_49.js' export { mandatoryTest_6_1_51 } from './mandatoryTests/mandatoryTest_6_1_51.js' export { mandatoryTest_6_1_52 } from './mandatoryTests/mandatoryTest_6_1_52.js' export { mandatoryTest_6_1_53 } from './mandatoryTests/mandatoryTest_6_1_53.js' diff --git a/csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js new file mode 100644 index 00000000..717a411b --- /dev/null +++ b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js @@ -0,0 +1,121 @@ +import Ajv from 'ajv/dist/jtd.js' +import { compareZonedDateTimes } from '../../lib/shared/dateHelper.js' + +const ajv = new Ajv() + +/* + This is the jtd schema that needs to match the input document so that the + test is activated. If this schema doesn't match it normally means that the input + document does not validate against the csaf json schema or optional fields that + the test checks are not present. + */ +const inputSchema = /** @type {const} */ ({ + additionalProperties: true, + properties: { + document: { + additionalProperties: true, + optionalProperties: { + tracking: { + additionalProperties: true, + optionalProperties: { + revision_history: { + elements: { + additionalProperties: true, + optionalProperties: { + date: { type: 'string' }, + }, + }, + }, + status: { type: 'string' }, + }, + }, + }, + }, + vulnerabilities: { + elements: { + additionalProperties: true, + optionalProperties: { + metrics: { + elements: { + additionalProperties: true, + optionalProperties: { + content: { + additionalProperties: true, + properties: { + ssvc_v1: { + additionalProperties: true, + optionalProperties: { + timestamp: { type: 'string' }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, +}) + +const validateInput = ajv.compile(inputSchema) + +/** + * This implements the mandatory test 6.1.49 of the CSAF 2.1 standard. + * + * @param {any} doc + */ +export function mandatoryTest_6_1_49(doc) { + const ctx = { + errors: + /** @type {Array<{ instancePath: string; message: string }>} */ ([]), + isValid: true, + } + + if (!validateInput(doc)) { + return ctx + } + + if ( + doc.document.tracking?.status === 'final' || + doc.document.tracking?.status === 'interim' + ) { + const revisionHistory = doc.document.tracking?.revision_history + if (revisionHistory) { + // sort the revision history (descending) and save the newest entry + const newestRevisionHistoryItem = revisionHistory + .filter((item) => item.date !== undefined) + .sort((a, b) => + compareZonedDateTimes( + /** @type {string} */ (b.date), + /** @type {string} */ (a.date) + ) + )[0] + doc.vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { + vulnerability.metrics?.forEach((metric, metricIndex) => { + const ssvcTimestamp = metric.content?.ssvc_v1.timestamp + if (ssvcTimestamp) { + // compare the ssvcTimestamp with the date of the newest item in the revision history + if ( + compareZonedDateTimes( + ssvcTimestamp, + /** @type {string} */ (newestRevisionHistoryItem.date) + ) > 0 + ) { + ctx.isValid = false + ctx.errors.push({ + instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/ssvc_v1/timestamp`, + message: + `The document is in status ${doc.document.status} but the SSVC timestamp is newer ` + + `than the date of newest item in the revision_history`, + }) + } + } + }) + }) + } + } + + return ctx +} diff --git a/tests/csaf_2_1/mandatoryTest_6_1_49.js b/tests/csaf_2_1/mandatoryTest_6_1_49.js new file mode 100644 index 00000000..fa88d56e --- /dev/null +++ b/tests/csaf_2_1/mandatoryTest_6_1_49.js @@ -0,0 +1,53 @@ +import assert from 'node:assert/strict' +import { mandatoryTest_6_1_49 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js' +import { expect } from 'chai' + +const failingInputSchemaTestWithEmptyVulnerability6_1_49 = { + document: { + tracking: { + revision_history: [ + { + date: '2024-01-24T10:00:00.000Z', + }, + ], + status: 'final', + }, + }, + vulnerabilities: [ + {}, // even this vulnerability is empty, the test should not fail due to the inputSchema + { + cve: 'CVE-1900-0001', + metrics: [ + { + content: { + ssvc_v1: { + id: 'CVE-1900-0001', + schemaVersion: '1-0-1', + selections: [ + { + name: 'Exploitation', + namespace: 'ssvc', + values: ['Active'], + version: '1.1.0', + }, + ], + timestamp: '2024-07-13T10:00:00.000Z', + }, + }, + }, + ], + }, + ], +} + +describe('mandatoryTest_6_1_49', function () { + it('only runs on relevant documents', function () { + assert.equal(mandatoryTest_6_1_49({ document: 'mydoc' }).isValid, true) + }) + it('test input schema with empty json object in vulnerabilities', async function () { + const result = mandatoryTest_6_1_49( + failingInputSchemaTestWithEmptyVulnerability6_1_49 + ) + expect(result.errors.length).to.eq(1) + }) +}) diff --git a/tests/csaf_2_1/oasis.js b/tests/csaf_2_1/oasis.js index 1058d0e3..8fd7f075 100644 --- a/tests/csaf_2_1/oasis.js +++ b/tests/csaf_2_1/oasis.js @@ -18,7 +18,6 @@ const excluded = [ '6.1.37', '6.1.47', '6.1.48', - '6.1.49', '6.1.50', '6.1.53', '6.1.54', From 3e4b3a8020dfe91016c895ce89b2b5ddab175fc2 Mon Sep 17 00:00:00 2001 From: chirschenberger Date: Tue, 1 Jul 2025 17:49:35 +0200 Subject: [PATCH 2/5] feat: change some entries in inputSchema from being optionalProperties to properties --- csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js index 717a411b..84ed76e4 100644 --- a/csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js +++ b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js @@ -14,10 +14,10 @@ const inputSchema = /** @type {const} */ ({ properties: { document: { additionalProperties: true, - optionalProperties: { + properties: { tracking: { additionalProperties: true, - optionalProperties: { + properties: { revision_history: { elements: { additionalProperties: true, @@ -78,10 +78,10 @@ export function mandatoryTest_6_1_49(doc) { } if ( - doc.document.tracking?.status === 'final' || - doc.document.tracking?.status === 'interim' + doc.document.tracking.status === 'final' || + doc.document.tracking.status === 'interim' ) { - const revisionHistory = doc.document.tracking?.revision_history + const revisionHistory = doc.document.tracking.revision_history if (revisionHistory) { // sort the revision history (descending) and save the newest entry const newestRevisionHistoryItem = revisionHistory From 10af01d3c8750ad066ef850804794c7e4627ddbc Mon Sep 17 00:00:00 2001 From: rschneider <97682836+rainer-exxcellent@users.noreply.github.com> Date: Tue, 2 Jun 2026 16:08:13 +0200 Subject: [PATCH 3/5] feat(CSAF2.1): #362 add mandatory test 6.1.49 - fix type errors --- csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js index 84ed76e4..3fc50abd 100644 --- a/csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js +++ b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js @@ -1,4 +1,4 @@ -import Ajv from 'ajv/dist/jtd.js' +import { Ajv } from 'ajv/dist/jtd.js' import { compareZonedDateTimes } from '../../lib/shared/dateHelper.js' const ajv = new Ajv() @@ -59,12 +59,16 @@ const inputSchema = /** @type {const} */ ({ }, }) +/** @typedef {import('ajv/dist/jtd.js').JTDDataType} InputSchema */ + +/** @typedef {InputSchema['vulnerabilities'][number]} Vulnerability */ + const validateInput = ajv.compile(inputSchema) /** * This implements the mandatory test 6.1.49 of the CSAF 2.1 standard. * - * @param {any} doc + * @param {unknown} doc */ export function mandatoryTest_6_1_49(doc) { const ctx = { @@ -92,7 +96,10 @@ export function mandatoryTest_6_1_49(doc) { /** @type {string} */ (a.date) ) )[0] - doc.vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { + + /** @type {Array} */ + const vulnerabilities = doc.vulnerabilities + vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { vulnerability.metrics?.forEach((metric, metricIndex) => { const ssvcTimestamp = metric.content?.ssvc_v1.timestamp if (ssvcTimestamp) { From 01d785aa26110355f0fc5697c421cb412ee80237 Mon Sep 17 00:00:00 2001 From: rschneider <97682836+rainer-exxcellent@users.noreply.github.com> Date: Wed, 3 Jun 2026 07:19:02 +0200 Subject: [PATCH 4/5] feat(CSAF2.1): #362 add mandatory test 6.1.49 - changed ssvc_v1 to ssvc_2, add some test for edge cases --- .../mandatoryTests/mandatoryTest_6_1_49.js | 14 +- tests/csaf_2_1/mandatoryTest_6_1_49.js | 211 +++++++++++++++--- 2 files changed, 184 insertions(+), 41 deletions(-) diff --git a/csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js index 3fc50abd..eb98a616 100644 --- a/csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js +++ b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js @@ -1,5 +1,5 @@ import { Ajv } from 'ajv/dist/jtd.js' -import { compareZonedDateTimes } from '../../lib/shared/dateHelper.js' +import { compareZonedDateTimes } from '../dateHelper.js' const ajv = new Ajv() @@ -41,8 +41,8 @@ const inputSchema = /** @type {const} */ ({ optionalProperties: { content: { additionalProperties: true, - properties: { - ssvc_v1: { + optionalProperties: { + ssvc_v2: { additionalProperties: true, optionalProperties: { timestamp: { type: 'string' }, @@ -101,20 +101,20 @@ export function mandatoryTest_6_1_49(doc) { const vulnerabilities = doc.vulnerabilities vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { vulnerability.metrics?.forEach((metric, metricIndex) => { - const ssvcTimestamp = metric.content?.ssvc_v1.timestamp + const ssvcTimestamp = metric.content?.ssvc_v2?.timestamp if (ssvcTimestamp) { // compare the ssvcTimestamp with the date of the newest item in the revision history if ( compareZonedDateTimes( ssvcTimestamp, - /** @type {string} */ (newestRevisionHistoryItem.date) + /** @type {string} */ (newestRevisionHistoryItem?.date) ) > 0 ) { ctx.isValid = false ctx.errors.push({ - instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/ssvc_v1/timestamp`, + instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/ssvc_v2/timestamp`, message: - `The document is in status ${doc.document.status} but the SSVC timestamp is newer ` + + `The document is in status ${doc.document.tracking.status} but the SSVC timestamp is newer ` + `than the date of newest item in the revision_history`, }) } diff --git a/tests/csaf_2_1/mandatoryTest_6_1_49.js b/tests/csaf_2_1/mandatoryTest_6_1_49.js index fa88d56e..9d68fffc 100644 --- a/tests/csaf_2_1/mandatoryTest_6_1_49.js +++ b/tests/csaf_2_1/mandatoryTest_6_1_49.js @@ -2,52 +2,195 @@ import assert from 'node:assert/strict' import { mandatoryTest_6_1_49 } from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js' import { expect } from 'chai' -const failingInputSchemaTestWithEmptyVulnerability6_1_49 = { - document: { - tracking: { - revision_history: [ +describe('mandatoryTest_6_1_49', function () { + it('only runs on relevant documents', function () { + assert.equal(mandatoryTest_6_1_49({ document: 'mydoc' }).isValid, true) + }) + + it('test input schema with empty json object in vulnerabilities', async function () { + const failingInputSchemaTestWithEmptyVulnerability = { + document: { + tracking: { + revision_history: [ + { + date: '2024-01-24T10:00:00.000Z', + }, + ], + status: 'final', + }, + }, + vulnerabilities: [ + {}, // even this vulnerability is empty, the test should not fail due to the inputSchema { - date: '2024-01-24T10:00:00.000Z', + cve: 'CVE-1900-0001', + metrics: [ + { + content: { + ssvc_v2: { + id: 'CVE-1900-0001', + schemaVersion: '1-0-1', + timestamp: '2024-07-13T10:00:00.000Z', + }, + }, + }, + ], }, ], - status: 'final', - }, - }, - vulnerabilities: [ - {}, // even this vulnerability is empty, the test should not fail due to the inputSchema - { - cve: 'CVE-1900-0001', - metrics: [ + } + + const result = mandatoryTest_6_1_49( + failingInputSchemaTestWithEmptyVulnerability + ) + expect(result.errors.length).to.eq(1) + }) + it('test input schema with empty/invalid dates in revision_history', async function () { + const failingSchemaTestWithEmptyDates = { + document: { + tracking: { + revision_history: [ + { + number: '1', + }, + { + date: '', + number: '2', + }, + { + date: '1.3.45', + number: '2', + }, + ], + status: 'final', + }, + }, + vulnerabilities: [ { - content: { - ssvc_v1: { - id: 'CVE-1900-0001', - schemaVersion: '1-0-1', - selections: [ - { - name: 'Exploitation', - namespace: 'ssvc', - values: ['Active'], - version: '1.1.0', + metrics: [ + { + content: { + ssvc_v2: { + timestamp: '2024-07-13T10:00:00.000Z', }, - ], - timestamp: '2024-07-13T10:00:00.000Z', + }, }, - }, + ], }, ], - }, - ], -} + } -describe('mandatoryTest_6_1_49', function () { - it('only runs on relevant documents', function () { - assert.equal(mandatoryTest_6_1_49({ document: 'mydoc' }).isValid, true) + const result = mandatoryTest_6_1_49(failingSchemaTestWithEmptyDates) + expect(result.errors.length).to.eq(0) }) - it('test input schema with empty json object in vulnerabilities', async function () { + + it('test input schema with empty/invalid dates in revision_history', async function () { + const failingSchemaTestWithEmptyDates = { + document: { + tracking: { + revision_history: [ + { + number: '1', + }, + { + date: '', + number: '2', + }, + { + date: '1.3.45', + number: '2', + }, + ], + status: 'final', + }, + }, + vulnerabilities: [ + { + metrics: [ + { + content: { + ssvc_v2: { + timestamp: '2024-07-13T10:00:00.000Z', + }, + }, + }, + ], + }, + ], + } + + const result = mandatoryTest_6_1_49(failingSchemaTestWithEmptyDates) + expect(result.errors.length).to.eq(0) + }) + + it('test input schema with empty json object in ssvc_2', async function () { + const failingInputSchemaTestWithEmptyVulnerability = { + document: { + tracking: { + revision_history: [ + { + date: '2024-01-24T10:00:00.000Z', + }, + ], + status: 'final', + }, + }, + vulnerabilities: [ + { + cve: 'CVE-1900-0001', + metrics: [ + { + content: { + epss: {}, // even this ssvc_v2 is here empty, the test should not fail due to the inputSchema + }, + }, + { + content: { + ssvc_v2: { + id: 'CVE-1900-0001', + schemaVersion: '1-0-1', + timestamp: '2024-07-13T10:00:00.000Z', + }, + }, + }, + ], + }, + ], + } + const result = mandatoryTest_6_1_49( - failingInputSchemaTestWithEmptyVulnerability6_1_49 + failingInputSchemaTestWithEmptyVulnerability ) expect(result.errors.length).to.eq(1) }) + + it('test input schema with empty revision history', async function () { + const failingInputSchemaTestWithEmptyVulnerability = { + document: { + tracking: { + revision_history: [], + status: 'final', + }, + }, + vulnerabilities: [ + { + cve: 'CVE-1900-0001', + metrics: [ + { + content: { + ssvc_v2: { + id: 'CVE-1900-0001', + schemaVersion: '1-0-1', + timestamp: '2024-07-13T10:00:00.000Z', + }, + }, + }, + ], + }, + ], + } + + const result = mandatoryTest_6_1_49( + failingInputSchemaTestWithEmptyVulnerability + ) + expect(result.errors.length).to.eq(0) + }) }) From 8917d437e01cce3135150a485d1547b11566a3fd Mon Sep 17 00:00:00 2001 From: rschneider <97682836+rainer-exxcellent@users.noreply.github.com> Date: Wed, 3 Jun 2026 07:46:18 +0200 Subject: [PATCH 5/5] feat(CSAF2.1): #362 add mandatory test 6.1.49 - changed ssvc_v1 to ssvc_2, add some test for edge cases --- .../mandatoryTests/mandatoryTest_6_1_49.js | 31 +++++--- tests/csaf_2_1/mandatoryTest_6_1_49.js | 77 +++++++++++++------ 2 files changed, 72 insertions(+), 36 deletions(-) diff --git a/csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js index eb98a616..220a41af 100644 --- a/csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js +++ b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_49.js @@ -60,11 +60,26 @@ const inputSchema = /** @type {const} */ ({ }) /** @typedef {import('ajv/dist/jtd.js').JTDDataType} InputSchema */ - /** @typedef {InputSchema['vulnerabilities'][number]} Vulnerability */ +/** @typedef {{ date?: string }} RevisionHistoryItem */ const validateInput = ajv.compile(inputSchema) +/** + * @param {Array} revisionHistory + * @returns {RevisionHistoryItem | undefined} */ +function getNewestRevisionHistoryEntry(revisionHistory) { + // sort the revision history (descending) and save the newest entry + return revisionHistory + .filter((item) => item.date !== undefined) + .sort((a, b) => + compareZonedDateTimes( + /** @type {string} */ (b.date), + /** @type {string} */ (a.date) + ) + )[0] +} + /** * This implements the mandatory test 6.1.49 of the CSAF 2.1 standard. * @@ -86,17 +101,9 @@ export function mandatoryTest_6_1_49(doc) { doc.document.tracking.status === 'interim' ) { const revisionHistory = doc.document.tracking.revision_history - if (revisionHistory) { - // sort the revision history (descending) and save the newest entry - const newestRevisionHistoryItem = revisionHistory - .filter((item) => item.date !== undefined) - .sort((a, b) => - compareZonedDateTimes( - /** @type {string} */ (b.date), - /** @type {string} */ (a.date) - ) - )[0] - + const newestRevisionHistoryItem = + getNewestRevisionHistoryEntry(revisionHistory) + if (newestRevisionHistoryItem) { /** @type {Array} */ const vulnerabilities = doc.vulnerabilities vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => { diff --git a/tests/csaf_2_1/mandatoryTest_6_1_49.js b/tests/csaf_2_1/mandatoryTest_6_1_49.js index 9d68fffc..4a1ea37c 100644 --- a/tests/csaf_2_1/mandatoryTest_6_1_49.js +++ b/tests/csaf_2_1/mandatoryTest_6_1_49.js @@ -82,32 +82,64 @@ describe('mandatoryTest_6_1_49', function () { expect(result.errors.length).to.eq(0) }) - it('test input schema with empty/invalid dates in revision_history', async function () { - const failingSchemaTestWithEmptyDates = { + it('test input schema with empty json object in ssvc_2', async function () { + const failingInputSchemaTestWithEmptyVulnerability = { document: { tracking: { revision_history: [ { - number: '1', + date: '2024-01-24T10:00:00.000Z', }, + ], + status: 'final', + }, + }, + vulnerabilities: [ + { + cve: 'CVE-1900-0001', + metrics: [ { - date: '', - number: '2', + content: { + epss: {}, // even this ssvc_v2 is here empty, the test should not fail due to the inputSchema + }, }, { - date: '1.3.45', - number: '2', + content: { + ssvc_v2: { + id: 'CVE-1900-0001', + schemaVersion: '1-0-1', + timestamp: '2024-07-13T10:00:00.000Z', + }, + }, }, ], + }, + ], + } + + const result = mandatoryTest_6_1_49( + failingInputSchemaTestWithEmptyVulnerability + ) + expect(result.errors.length).to.eq(1) + }) + + it('test input schema with empty revision history', async function () { + const failingInputSchemaTestWithEmptyVulnerability = { + document: { + tracking: { + revision_history: [], status: 'final', }, }, vulnerabilities: [ { + cve: 'CVE-1900-0001', metrics: [ { content: { ssvc_v2: { + id: 'CVE-1900-0001', + schemaVersion: '1-0-1', timestamp: '2024-07-13T10:00:00.000Z', }, }, @@ -117,19 +149,16 @@ describe('mandatoryTest_6_1_49', function () { ], } - const result = mandatoryTest_6_1_49(failingSchemaTestWithEmptyDates) + const result = mandatoryTest_6_1_49( + failingInputSchemaTestWithEmptyVulnerability + ) expect(result.errors.length).to.eq(0) }) - it('test input schema with empty json object in ssvc_2', async function () { + it('test input schema with not existing revision history', async function () { const failingInputSchemaTestWithEmptyVulnerability = { document: { tracking: { - revision_history: [ - { - date: '2024-01-24T10:00:00.000Z', - }, - ], status: 'final', }, }, @@ -137,11 +166,6 @@ describe('mandatoryTest_6_1_49', function () { { cve: 'CVE-1900-0001', metrics: [ - { - content: { - epss: {}, // even this ssvc_v2 is here empty, the test should not fail due to the inputSchema - }, - }, { content: { ssvc_v2: { @@ -159,18 +183,23 @@ describe('mandatoryTest_6_1_49', function () { const result = mandatoryTest_6_1_49( failingInputSchemaTestWithEmptyVulnerability ) - expect(result.errors.length).to.eq(1) + expect(result.errors.length).to.eq(0) }) - it('test input schema with empty revision history', async function () { + it('test input schema with status interim', async function () { const failingInputSchemaTestWithEmptyVulnerability = { document: { tracking: { - revision_history: [], - status: 'final', + revision_history: [ + { + date: '2024-01-24T10:00:00.000Z', + }, + ], + status: 'interim', }, }, vulnerabilities: [ + {}, // even this vulnerability is empty, the test should not fail due to the inputSchema { cve: 'CVE-1900-0001', metrics: [ @@ -191,6 +220,6 @@ describe('mandatoryTest_6_1_49', function () { const result = mandatoryTest_6_1_49( failingInputSchemaTestWithEmptyVulnerability ) - expect(result.errors.length).to.eq(0) + expect(result.errors.length).to.eq(1) }) })