feat: adapt mandatory test 6.1.47

Author: christopher-exx

csaf_2_1/mandatoryTests/mandatoryTest_6_1_47.js

@@ -42,10 +42,10 @@ const inputSchema = /** @type {const} */ ({
                 content: {
                   additionalProperties: true,
                   optionalProperties: {
-                    ssvc_v1: {
+                    ssvc_v2: {
                       additionalProperties: true,
                       optionalProperties: {
-                        id: { type: 'string' },
+                        target_ids: { elements: { type: 'string' } },
                       },
                     },
                   },
@@ -79,30 +79,30 @@ export function mandatoryTest_6_1_47(doc) {
 
   doc.vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => {
     vulnerability.metrics?.forEach((metric, metricIndex) => {
-      if (metric.content?.ssvc_v1) {
-        const ssvcId = metric.content.ssvc_v1.id
-        if (ssvcId === doc.document.tracking?.id) {
-          if (doc.vulnerabilities.length > 1) {
-            ctx.isValid = false
-            ctx.errors.push({
-              instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/ssvc_v1/id`,
-              message:
-                `the ssvc id equals the 'document/tracking/id' ` +
-                `even the csaf document has multiple vulnerabilities `,
-            })
+      if (metric.content?.ssvc_v2) {
+        metric.content.ssvc_v2.target_ids?.forEach((ssvcId, ssvcIdIndex) => {
+          if (ssvcId === doc.document.tracking?.id) {
+            if (doc.vulnerabilities.length > 1) {
+              ctx.isValid = false
+              ctx.errors.push({
+                instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/ssvc_v2/${ssvcIdIndex}`,
+                message:
+                  `the ssvc id equals the "document/tracking/id" ` +
+                  `even the csaf document has multiple vulnerabilities `,
+              })
+            }
           }
-        } else {
           const idTexts = vulnerability.ids?.map((id) => id.text)
           if (ssvcId !== vulnerability.cve && !idTexts?.includes(ssvcId)) {
             ctx.isValid = false
             ctx.errors.push({
-              instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/ssvc_v1/id`,
+              instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/ssvc_v2/${ssvcIdIndex}`,
               message:
-                `the ssvc id does neither match the 'cve' ` +
-                `nor it matches the 'text' of any item in the 'ids' array`,
+                `the ssvc id does neither match the "cve" ` +
+                `nor it matches the "text" of any item in the "ids" array`,
             })
           }
-        }
+        })
       }
     })
   })

tests/csaf_2_1/mandatoryTest_6_1_47.js

@@ -11,17 +11,21 @@ const failingInputSchemaTestWithEmptyVulnerability6_1_47 = {
       metrics: [
         {
           content: {
-            ssvc_v1: {
-              id: 'CVE-1900-0002',
-              schemaVersion: '1-0-1',
+            ssvc_v2: {
+              schemaVersion: '2.0.0',
               selections: [
                 {
-                  name: 'Exploitation',
+                  key: 'E',
                   namespace: 'ssvc',
-                  values: ['None'],
+                  values: [
+                    {
+                      key: 'N',
+                    },
+                  ],
                   version: '1.1.0',
                 },
               ],
+              target_ids: ['CVE-1900-0002'],
               timestamp: '2024-01-24T10:00:00.000Z',
             },
           },