csaf-rs 0.5.0

A parser for the CSAF standard written in Rust
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

use crate::csaf::types::csaf_document_category::CsafDocumentCategory;
use crate::csaf_traits::{CsafTrait, DocumentTrait, VulnerabilityTrait};
use crate::validation::ValidationError;
use crate::validations::utils::document_category_test_config::DocumentCategoryTestConfig;

/// 6.1.27.8 Vulnerability ID
///
/// This test only applies to documents with `/document/category` with value `csaf_vex`.
///
/// In documents with this category each `/vulnerabilities[]` item must have at the `cve` or the `ids`
/// element.
pub fn test_6_1_27_08_vulnerability_id(doc: &impl CsafTrait) -> Result<(), Vec<ValidationError>> {
    let doc_category = doc.get_document().get_category();

    if !PROFILE_TEST_CONFIG.matches_category(&doc_category) {
        return Ok(()); // ToDo generate skipped https://github.com/csaf-rs/csaf/issues/409
    }

    let mut errors: Option<Vec<ValidationError>> = None;
    // return error if there are vulnerabilities without either cve or ids
    for (v_i, vulnerability) in doc.get_vulnerabilities().iter().enumerate() {
        if vulnerability.get_cve().is_none() && vulnerability.get_ids().is_none() {
            errors
                .get_or_insert_default()
                .push(test_6_1_27_08_err_generator(&doc_category, &v_i));
        }
    }

    errors.map_or(Ok(()), Err)
}

const PROFILE_TEST_CONFIG: DocumentCategoryTestConfig =
    DocumentCategoryTestConfig::new().shared(&[CsafDocumentCategory::CsafVex]);

fn test_6_1_27_08_err_generator(document_category: &CsafDocumentCategory, vuln_path_index: &usize) -> ValidationError {
    ValidationError {
        message: format!(
            "Document with category '{document_category}' must provide at least either cve or ids in each vulnerability"
        ),
        instance_path: format!("/vulnerabilities/{vuln_path_index}/product_status"),
    }
}

crate::test_validation::impl_validator!(ValidatorForTest6_1_27_8, test_6_1_27_08_vulnerability_id);

#[cfg(test)]
mod tests {
    use super::*;
    use crate::csaf2_0::testcases::TESTS_2_0;
    use crate::csaf2_1::testcases::TESTS_2_1;

    #[test]
    fn test_test_6_1_27_08() {
        let case_vex_without_cve_or_id = Err(vec![test_6_1_27_08_err_generator(&CsafDocumentCategory::CsafVex, &0)]);

        TESTS_2_0
            .test_6_1_27_8
            .expect(case_vex_without_cve_or_id.clone(), Ok(()));
        TESTS_2_1.test_6_1_27_8.expect(case_vex_without_cve_or_id, Ok(()));
    }
}