Skip to content

Commit

Permalink
Hardware and Software
Browse files Browse the repository at this point in the history 
- addresses parts of oasis-tcs#817
- add optional test to detect potential mixing of hard- and software (6.2.31)
- add invalid example
- add valid examples
  • Loading branch information
@tschmidtb51
tschmidtb51 committed Jan 16, 2025
1 parent 9d9915c commit 95123f2
Show file tree
Hide file tree
Showing 7 changed files with 442 additions and 1 deletion.
52 changes: 52 additions & 0 deletions csaf_2.1/prose/edit/src/tests-02-optional.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -919,3 +919,55 @@ The relevant path for this test is:
> The CSAF document is `TLP:CLEAR` but a sharing group is given.
> A tool MAY remove the property `sharing_group` as a quick fix.
### Hardware and Software
For each product containing at least one of the Product Identification Helpers `serial_numbers` or `model_numbers` it MUST be tested that a relationship exists referencing this product.
> This tests detects a potential situation where hardware and software have been mixed in the `product_tree`.
> Note: This test will fail if the CSAF document contains in its `product_tree` only hardware.
> However, this is considered a good reason for the test to fail.
The relevant paths for this test are:
```
/product_tree/branches[](/branches[])*/product/product_id
/product_tree/full_product_names[]/product_id
/product_tree/relationships[]/full_product_name/product_id
```
*Example 1 (which fails the test):*
```
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "4.1",
"product": {
"name": "Example Company Controller A Firmware 4.1",
"product_id": "CSAFPID-908070601",
"product_identification_helper": {
"serial_numbers": [
"143-D-354"
]
}
}
}
],
"category": "product_name",
"name": "Controller A"
}
],
"category": "vendor",
"name": "Example Company"
}
]
}
```
> The `product_tree` mentions the hardware product Example Company Controller A and combines it with the Firmware version 4.1.
61 changes: 61 additions & 0 deletions csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-31-01.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
{
"$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json",
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"distribution": {
"tlp": {
"label": "CLEAR"
}
},
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "Optional test: Hardware and Software (failing example 1)",
"tracking": {
"current_release_date": "2024-01-24T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-31-01",
"initial_release_date": "2024-01-24T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-24T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "4.1",
"product": {
"name": "Example Company Controller A Firmware 4.1",
"product_id": "CSAFPID-908070601",
"product_identification_helper": {
"serial_numbers": [
"143-D-354"
]
}
}
}
],
"category": "product_name",
"name": "Controller A"
}
],
"category": "vendor",
"name": "Example Company"
}
]
}
}
88 changes: 88 additions & 0 deletions csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-31-11.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
{
"$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json",
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"distribution": {
"tlp": {
"label": "CLEAR"
}
},
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "Optional test: Hardware and Software (valid example 1)",
"tracking": {
"current_release_date": "2024-01-24T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-31-11",
"initial_release_date": "2024-01-24T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-24T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Controller A",
"product": {
"name": "Example Company Controller A",
"product_id": "CSAFPID-908070601"
}
},
{
"branches": [
{
"category": "product_version",
"name": "4.1",
"product": {
"name": "Example Company Controller A Firmware 4.1",
"product_id": "CSAFPID-908070602",
"product_identification_helper": {
"hashes": [
{
"file_hashes": [
{
"algorithm": "sha256",
"value": "3fb9d502d096b1dfbcdfe60eed80ddecd98c8771bf21a82bbe1752735c4dc9e2"
}
],
"filename": "a_4-1.bin"
}
]
}
}
}
],
"category": "product_name",
"name": "Controller A Firmware"
}
],
"category": "vendor",
"name": "Example Company"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Example Company Controller A Firmware 4.1 installed on Example Company Controller A",
"product_id": "CSAFPID-908070603"
},
"product_reference": "CSAFPID-908070602",
"relates_to_product_reference": "CSAFPID-908070601"
}
]
}
}
160 changes: 160 additions & 0 deletions csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-31-12.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,160 @@
{
"$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json",
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"distribution": {
"tlp": {
"label": "CLEAR"
}
},
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "Optional test: Hardware and Software (valid example 2)",
"tracking": {
"current_release_date": "2024-01-24T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-31-12",
"initial_release_date": "2024-01-24T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-24T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "Example Company Controller A 1.0",
"product_id": "CSAFPID-908070601",
"product_identification_helper": {
"serial_numbers": [
"143-D-354"
]
}
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "Example Company Controller A 2.0",
"product_id": "CSAFPID-908070602",
"product_identification_helper": {
"serial_numbers": [
"354-D-003"
]
}
}
}
],
"category": "product_name",
"name": "Controller A"
},
{
"branches": [
{
"category": "product_version",
"name": "4.1",
"product": {
"name": "Example Company Controller A Firmware 4.1",
"product_id": "CSAFPID-908070603",
"product_identification_helper": {
"hashes": [
{
"file_hashes": [
{
"algorithm": "sha256",
"value": "3fb9d502d096b1dfbcdfe60eed80ddecd98c8771bf21a82bbe1752735c4dc9e2"
}
],
"filename": "a_4-1.bin"
}
]
}
}
},
{
"category": "product_version",
"name": "4.2",
"product": {
"name": "Example Company Controller A Firmware 4.2",
"product_id": "CSAFPID-908070604",
"product_identification_helper": {
"hashes": [
{
"file_hashes": [
{
"algorithm": "sha256",
"value": "0a853ce2337f0608489ac596a308dc5b7b19d35a52b10bf31261586ac368b175"
}
],
"filename": "a_4-2.bin"
}
]
}
}
}
],
"category": "product_name",
"name": "Controller A Firmware"
}
],
"category": "vendor",
"name": "Example Company"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Example Company Controller A Firmware 4.1 installed on Example Company Controller A 1.0",
"product_id": "CSAFPID-908070605"
},
"product_reference": "CSAFPID-908070603",
"relates_to_product_reference": "CSAFPID-908070601"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Example Company Controller A Firmware 4.2 installed on Example Company Controller A 1.0",
"product_id": "CSAFPID-908070606"
},
"product_reference": "CSAFPID-908070604",
"relates_to_product_reference": "CSAFPID-908070601"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Example Company Controller A Firmware 4.1 installed on Example Company Controller A 2.0",
"product_id": "CSAFPID-908070607"
},
"product_reference": "CSAFPID-908070603",
"relates_to_product_reference": "CSAFPID-908070602"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Example Company Controller A Firmware 4.2 installed on Example Company Controller A 2.0",
"product_id": "CSAFPID-908070608"
},
"product_reference": "CSAFPID-908070604",
"relates_to_product_reference": "CSAFPID-908070602"
}
]
}
}
Loading

0 comments on commit 95123f2

Please sign in to comment.