Coverage for turvallisuusneuvonta/csaf/core/rules/mandatory/acyclic_product_ids.py: 0.00%

1"""6.1.3 Circular Definition of Product ID 

2 

3For each new defined Product ID (type /$defs/product_id_t) in items of relationships (/product_tree/relationships) 

4it must be tested that the product_id does not end up in a cirle. 

5 

6The relevant path for this test is: 

7 

8 /product_tree/relationships[]/full_product_name/product_id 

9 

10As this can be quite complex a program for large CSAF documents, a program could check first whether a Product ID 

11defined in a relationship item is used as product_reference or relates_to_product_reference. 

12Only for those which fulfill this condition it is necessary to run the full check following the references. 

13 

14Example 42 which fails the test: 

15 

16 "product_tree": { 

17 "full_product_names": [ 

18 { 

19 "product_id": "CSAFPID-9080700", 

20 "name": "Product A" 

21 } 

22 ], 

23 "relationships": [ 

24 { 

25 "category": "installed_on", 

26 "full_product_name": { 

27 "name": "Product B", 

28 "product_id": "CSAFPID-9080701" 

29 }, 

30 "product_reference": "CSAFPID-9080700", 

31 "relates_to_product_reference": "CSAFPID-9080701" 

32 } 

33 ] 

34 } 

35 

36CSAFPID-9080701 refers to itself - this is a circular definition. 

37""" 

38 

39ID = (6, 1, 3) 

40TOPIC = 'Circular Definition of Product ID' 

41 

42PATHS = ('/product_tree/relationships[]/full_product_name/product_id',)