Coverage for turvallisuusneuvonta/csaf/core/rules/mandatory/defined_product_ids.py: 100.00%
7 statements
« prev ^ index » next coverage.py v7.6.9, created at 2024-12-18 20:29:38 +00:00
« prev ^ index » next coverage.py v7.6.9, created at 2024-12-18 20:29:38 +00:00
1"""6.1.1 Missing Definition of Product ID
3For each element of type /$defs/product_id_t which is not inside a Full Product Name (type: full_product_name_t)
4and therefore reference an element within the product_tree it must be tested that the Full Product Name element
5with the matching product_id exists. The same applies for all items of elements of type /$defs/products_t.
7The relevant paths for this test are:
8 /product_tree/product_groups[]/product_ids[]
9 /product_tree/relationships[]/product_reference
10 /product_tree/relationships[]/relates_to_product_reference
11 /vulnerabilities[]/product_status/first_affected[]
12 /vulnerabilities[]/product_status/first_fixed[]
13 /vulnerabilities[]/product_status/fixed[]
14 /vulnerabilities[]/product_status/known_affected[]
15 /vulnerabilities[]/product_status/known_not_affected[]
16 /vulnerabilities[]/product_status/last_affected[]
17 /vulnerabilities[]/product_status/recommended[]
18 /vulnerabilities[]/product_status/under_investigation[]
19 /vulnerabilities[]/remediations[]/product_ids[]
20 /vulnerabilities[]/scores[]/products[]
21 /vulnerabilities[]/threats[]/product_ids[]
23Example 40 which fails the test:
25 "product_tree": {
26 "product_groups": [
27 {
28 "group_id": "CSAFGID-1020300",
29 "product_ids": [
30 "CSAFPID-9080700",
31 "CSAFPID-9080701"
32 ]
33 }
34 ]
35 }
37Neither CSAFPID-9080700 nor CSAFPID-9080701 were defined in the product_tree.
38"""
40ID = (6, 1, 1)
41TOPIC = 'Missing Definition of Product ID'
42TRIGGER_PATH = 'product_tree/full_product_names[]/product_id'
43TRIGGER_JMES_PATH = TRIGGER_PATH.lstrip('/').replace('/', '.')
44CONDITION_PATHS = (
45 '/product_tree/product_groups[]/product_ids[]',
46 '/product_tree/relationships[]/product_reference',
47 '/product_tree/relationships[]/relates_to_product_reference',
48 '/vulnerabilities[]/product_status/first_affected[]',
49 '/vulnerabilities[]/product_status/first_fixed[]',
50 '/vulnerabilities[]/product_status/fixed[]',
51 '/vulnerabilities[]/product_status/known_affected[]',
52 '/vulnerabilities[]/product_status/known_not_affected[]',
53 '/vulnerabilities[]/product_status/last_affected[]',
54 '/vulnerabilities[]/product_status/recommended[]',
55 '/vulnerabilities[]/product_status/under_investigation[]',
56 '/vulnerabilities[]/remediations[]/product_ids[]',
57 '/vulnerabilities[]/scores[]/products[]',
58 '/vulnerabilities[]/threats[]/product_ids[]',
59)
60CONDITION_JMES_PATHS = tuple(path.lstrip('/').replace('/', '.') for path in CONDITION_PATHS)
61PATHS = CONDITION_PATHS