csaf-rs 0.5.0

A parser for the CSAF standard written in Rust
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

use crate::csaf::types::csaf_hash_algo::CsafHashAlgorithm;
use crate::csaf_traits::{CsafTrait, HashTrait, ProductIdentificationHelperTrait, ProductTrait, ProductTreeTrait};
use crate::validation::ValidationError;

/// 6.2.8 Use of MD5 as the only Hash Algorithm
///
/// When hashes are provided as product identification helpers for a product, another hash
/// besides a MD5 hash must be provided.
pub fn test_6_2_08_use_of_md5_as_only_hash_algo(doc: &impl CsafTrait) -> Result<(), Vec<ValidationError>> {
    let mut errors: Option<Vec<ValidationError>> = None;

    // for each product in the product tree, check all product identification helper hashes for MD5 as the only hash algorithm
    if let Some(tree) = doc.get_product_tree() {
        tree.visit_all_products(&mut |fpn, path| {
            if let Some(helper) = fpn.get_product_identification_helper() {
                for (h_i, hash) in helper.get_hashes().iter().enumerate() {
                    if hash.contains_only_hash_algorithm(CsafHashAlgorithm::Md5) {
                        errors
                            .get_or_insert_default()
                            .push(create_md5_only_hash_error(path, h_i));
                    }
                }
            }
        });
    }

    errors.map_or(Ok(()), Err)
}

fn create_md5_only_hash_error(path: &str, hash_index: usize) -> ValidationError {
    ValidationError {
        message: "Product identification helper uses hashes with `md5` as the only hash algorithm".to_string(),
        instance_path: format!("{path}/product_identification_helper/hashes/{hash_index}/file_hashes",),
    }
}

crate::test_validation::impl_validator!(ValidatorForTest6_2_8, test_6_2_08_use_of_md5_as_only_hash_algo);

#[cfg(test)]
mod tests {
    use super::*;
    use crate::csaf2_0::testcases::TESTS_2_0;
    use crate::csaf2_1::testcases::TESTS_2_1;

    #[test]
    fn test_test_6_2_08() {
        let case_01_and_02 = Err(vec![create_md5_only_hash_error(
            "/product_tree/full_product_names/0",
            0,
        )]);

        // Case 01: one md5 hash
        // Case 02: two md5 hashes
        // Case S01: (CSAF 2.0 only) two md5 hashes one with non-default casing
        // Case S11: two file hashes, one with md5

        TESTS_2_0.test_6_2_8.expect(
            case_01_and_02.clone(),
            case_01_and_02.clone(),
            case_01_and_02.clone(),
            Ok(()),
        );
        TESTS_2_1
            .test_6_2_8
            .expect(case_01_and_02.clone(), case_01_and_02, Ok(()));
    }
}