NAME

CSAF::Validator::MandatoryTests

SYNOPSIS

use CSAF::Validator::MandatoryTests;

my $v = CSAF::Validator::MandatoryTests->new( csaf => $csaf );

$v->exec_test('6.1.5');
$v->TEST_6_1_5;

DESCRIPTION

Mandatory tests MUST NOT fail at a valid CSAF document.

6.1.1 Missing Definition of Product ID
6.1.2 Multiple Definition of Product ID
6.1.3 Circular Definition of Product ID
6.1.4 Missing Definition of Product Group ID
6.1.5 Multiple Definition of Product Group ID
6.1.6 Contradicting Product Status
6.1.7 Multiple Scores with same Version per Product
6.1.8 Invalid CVSS
6.1.9 Invalid CVSS computation
6.1.10 Inconsistent CVSS
6.1.11 CWE
6.1.12 Language
6.1.13 PURL
6.1.14 Sorted Revision History
6.1.15 Translator
6.1.16 Latest Document Version
6.1.17 Document Status Draft
6.1.18 Released Revision History
6.1.19 Revision History Entries for Pre-release Versions
6.1.20 Non-draft Document Version
6.1.21 Missing Item in Revision History
6.1.22 Multiple Definition in Revision History
6.1.23 Multiple Use of Same CVE
6.1.24 Multiple Definition in Involvements
6.1.25 Multiple Use of Same Hash Algorithm
6.1.26 Prohibited Document Category Name
6.1.27 Profile Tests
    6.1.27.1 Document Notes
    6.1.27.2 Document References
    6.1.27.3 Vulnerabilities
    6.1.27.4 Product Tree
    6.1.27.5 Vulnerability Notes
    6.1.27.6 Product Status
    6.1.27.7 VEX Product Status
    6.1.27.8 Vulnerability ID
    6.1.27.9 Impact Statement
    6.1.27.10 Action Statement
    6.1.27.11 Vulnerabilities
6.1.28 Translation
6.1.29 Remediation without Product Reference
6.1.30 Mixed Integer and Semantic Versioning
6.1.31 Version Range in Product Version
6.1.32 Flag without Product Reference
6.1.33 Multiple Flags with VEX Justification Codes per Product

METHODS

CSAF::Validator::MandatoryTests inherits all methods from CSAF::Validator::Base and implements the following new ones.

TEST_6_1_1

Missing Definition of Product ID

TEST_6_1_2

Multiple Definition of Product ID

TEST_6_1_3

Circular Definition of Product ID

TEST_6_1_4

Missing Definition of Product Group ID

TEST_6_1_5

Multiple Definition of Product Group ID

TEST_6_1_6

Contradicting Product Status

TEST_6_1_7

Multiple Scores with same Version per Product

TEST_6_1_8

Invalid CVSS

TEST_6_1_9

Invalid CVSS computation

TEST_6_1_10

Inconsistent CVSS

TEST_6_1_11

CWE

TEST_6_1_12

Language

TEST_6_1_13

PURL

TEST_6_1_14

Sorted Revision History

TEST_6_1_15

Translator

TEST_6_1_16

Latest Document Version

TEST_6_1_17

Document Status Draft

TEST_6_1_18

Released Revision History

TEST_6_1_19

Revision History Entries for Pre-release Versions

TEST_6_1_20

Non-draft Document Version

TEST_6_1_21

Missing Item in Revision History

TEST_6_1_22

Multiple Definition in Revision History

TEST_6_1_23

Multiple Use of Same CVE

TEST_6_1_24

Multiple Definition in Involvements

TEST_6_1_25

Multiple Use of Same Hash Algorithm

TEST_6_1_26

Prohibited Document Category Name

TEST_6_1_27_1

Profile Test - Document Notes

TEST_6_1_27_2

Profile Test - Document References

TEST_6_1_27_3

Profile Test - Vulnerabilities

TEST_6_1_27_4

Profile Test - Product Tree

TEST_6_1_27_5

Profile Test - Vulnerability Notes

TEST_6_1_27_6

Profile Test - Product Status

TEST_6_1_27_7

Profile Test - VEX Product Status

TEST_6_1_27_8

Profile Test - Vulnerability ID

TEST_6_1_27_9

Profile Test - Impact Statement

TEST_6_1_27_10

Profile Test - Action Statement

TEST_6_1_27_11

Profile Test - Vulnerabilities

TEST_6_1_28

Translation

TEST_6_1_29

Remediation without Product Reference

TEST_6_1_30

Mixed Integer and Semantic Versioning

TEST_6_1_31

Version Range in Product Version

TEST_6_1_32

Flag without Product Reference

TEST_6_1_33

Multiple Flags with VEX Justification Codes per Product

SUPPORT

Bugs / Feature Requests

Please report any bugs or feature requests through the issue tracker at https://github.com/giterlizzi/perl-CSAF/issues. You will be notified automatically of any progress on your issue.

Source Code

This is open source software. The code repository is available for public review and contribution under the terms of the license.

https://github.com/giterlizzi/perl-CSAF

git clone https://github.com/giterlizzi/perl-CSAF.git

AUTHOR

  • Giuseppe Di Terlizzi <gdt@cpan.org>

LICENSE AND COPYRIGHT

This software is copyright (c) 2023-2024 by Giuseppe Di Terlizzi.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.