Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -617,7 +617,5 @@ For the complete list of dependencies please take a look at [package.json](https
- [packageurl-js](https://github.com/package-url/packageurl-js)
- [semver](https://github.com/npm/node-semver)
- [undici](https://undici.nodejs.org)
- [@js-joda/core](https://js-joda.github.io/js-joda/)
- [@js-joda/timezone](https://js-joda.github.io/js-joda/)

[(back to top)](#bsi-csaf-validator-lib)
8 changes: 8 additions & 0 deletions lib/shared/csafAjv.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import { Ajv2020 } from 'ajv/dist/2020.js'
import cvss_v2_0 from '../../schemas/cvss-v2.0.js'
import cvss_v3_0 from '../../schemas/cvss-v3.0.js'
import cvss_v3_1 from '../../schemas/cvss-v3.1.js'
import { toTime } from '@secvisogram/is-leap-second'

const csafAjv = new Ajv2020({ strict: false, allErrors: true })
addFormats.default(csafAjv)
Expand All @@ -11,3 +12,10 @@ csafAjv.addSchema(cvss_v3_0, 'https://www.first.org/cvss/cvss-v3.0.json')
csafAjv.addSchema(cvss_v3_1, 'https://www.first.org/cvss/cvss-v3.1.json')

export default csafAjv

csafAjv.addFormat('date-time', {
type: 'string',
validate: (v) => {
return toTime(v) !== null
},
})
29 changes: 15 additions & 14 deletions lib/shared/dateHelper.js
Original file line number Diff line number Diff line change
@@ -1,28 +1,29 @@
import { Duration, ZonedDateTime } from '@js-joda/core'
import { toTime } from '@secvisogram/is-leap-second'

/**
* compare ZonedDateTimes from js-joda
* returns a negative number if a is less than b, positive if a is greater than b, and zero if they are equal.
* This function also returns 0 if one of the given values could not be parsed.
*
* @param {ZonedDateTime | string} a
* @param {ZonedDateTime | string} b
* @returns {0|1|-1}
* Compares two date-time strings using `toTime` from `@secvisogram/is-leap-second`.
* Returns a negative number if `a` is less than `b`, a positive number if `a` is greater
* than `b`, and zero if they are equal. Also returns 0 if either value cannot be parsed.
* Follows the comparator convention used by `Array.prototype.sort`.
*
* @param {string} a - The first date-time string to compare.
* @param {string} b - The second date-time string to compare.
* @returns {0|1|-1} Negative if `a < b`, positive if `a > b`, zero if equal or unparseable.
*/
export const compareZonedDateTimes = (a, b) => {
// catch js-joda exception if a or b can't be parsed
// catch TypeError exception if a or b can't be parsed
try {
const date1 = a instanceof ZonedDateTime ? a : ZonedDateTime.parse(a)
const date2 = b instanceof ZonedDateTime ? b : ZonedDateTime.parse(b)
const duration = Duration.between(date1, date2)
const date1 = toTime(a)
const date2 = toTime(b)
if (date1 === null || date2 === null) return 0
const duration = date2 - date1

// return number based on js sort function
// > negative if a is less than b, positive if a is greater than b, and zero if they are equal.
// [Sort Documentation](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#comparefn)
if (duration.isZero()) {
if (duration === 0n) {
return 0
} else if (duration.isNegative()) {
} else if (duration < 0n) {
return 1
} else {
return -1
Expand Down
27 changes: 10 additions & 17 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 1 addition & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -118,8 +118,7 @@
"access": "public"
},
"dependencies": {
"@js-joda/core": "^5.6.1",
"@js-joda/timezone": "^2.18.2",
"@secvisogram/is-leap-second": "^1.0.0",
"ajv": "^8.11.2",
"ajv-formats": "^3.0.1",
"bcp47": "^1.1.2",
Expand Down
48 changes: 48 additions & 0 deletions tests/schemaTests.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
import { expect } from 'chai'
import { csaf_2_0 } from '../schemaTests.js'
import minimalCSAFBaseDoc from './shared/minimalCSAFBaseDoc.js'

describe('Schema test csaf_2_0', function () {
// Scenario from https://github.com/secvisogram/secvisogram/issues/778:
// Dates with seconds=60 that are not real leap seconds should be rejected
// by the date-time format validation in the csaf_2_0 schema validator.
it('should reject a document with a non-leap-second date with seconds=60', function () {
const result = csaf_2_0({
...minimalCSAFBaseDoc,
document: {
...minimalCSAFBaseDoc.document,
tracking: {
...minimalCSAFBaseDoc.document.tracking,
revision_history: [
{
date: '2026-12-31T23:59:60Z',
number: '1',
summary: 'Summary',
},
],
},
},
})
expect(result.isValid).to.be.false
})

it('should accept a document with a real historical leap second date', function () {
const result = csaf_2_0({
...minimalCSAFBaseDoc,
document: {
...minimalCSAFBaseDoc.document,
tracking: {
...minimalCSAFBaseDoc.document.tracking,
revision_history: [
{
date: '2016-12-31T23:59:60Z',
number: '1',
summary: 'Summary',
},
],
},
},
})
expect(result.isValid).to.be.true
})
})