Coverage for turvallisuusneuvonta/csaf/core/rules/mandatory/defined_group_ids.py: 100.00%
7 statements
« prev ^ index » next coverage.py v7.4.1, created at 2024-02-05 19:27:17 +00:00
« prev ^ index » next coverage.py v7.4.1, created at 2024-02-05 19:27:17 +00:00
1"""6.1.4 Missing Definition of Product Group ID
3For each element of type /$defs/product_group_id_t which is not inside a Product Group (/product_tree/product_groups[])
4and therefore reference an element within the product_tree it must be tested that the Product Group element with the
5matching group_id exists. The same applies for all items of elements of type /$defs/product_groups_t.
7The relevant paths for this test are:
9 /vulnerabilities[]/remediations[]/group_ids
10 /vulnerabilities[]/threats[]/group_ids
12Example 43 which fails the test:
14 "product_tree": {
15 "full_product_names": [
16 {
17 "product_id": "CSAFPID-9080700",
18 "name": "Product A"
19 }
20 ]
21 },
22 "vulnerabilities": [
23 {
24 "threats": [
25 {
26 "category": "exploit_status",
27 "details": "Reliable exploits integrated in Metasploit.",
28 "group_ids": [
29 "CSAFGID-1020301"
30 ]
31 }
32 ]
33 }
34 ]
36CSAFGID-1020301 was not defined in the Product Tree.
37"""
39ID = (6, 1, 4)
40TOPIC = 'Missing Definition of Product Group ID'
42TRIGGER_PATH = '/product_tree/product_groups[]/group_id'
43TRIGGER_JMES_PATH = TRIGGER_PATH.lstrip('/').replace('/', '.')
44CONDITION_PATHS = (
45 '/vulnerabilities[]/remediations[]/group_ids',
46 '/vulnerabilities[]/threats[]/group_ids',
47)
48CONDITION_JMES_PATHS = tuple(path.lstrip('/').replace('/', '.') for path in CONDITION_PATHS)
49PATHS = CONDITION_PATHS