Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate CSAF 2.0 6.1.26 Document Category special case #13

Open
cgi1 opened this issue Dec 3, 2021 · 2 comments
Open

Validate CSAF 2.0 6.1.26 Document Category special case #13

cgi1 opened this issue Dec 3, 2021 · 2 comments

Comments

@cgi1
Copy link
Contributor

cgi1 commented Dec 3, 2021
edited

Mandatory Tests

Special explanation for 6.1.26 Prohibited Document Category Name:

Document Category can be one of the five given definitions, or any other value.

The 6.1.26 checks that the Document Category value should not be similar to one of these values, otherwise the profiles from chapter 4 are taken.

  Informational Advisory
  security-incident-response
  Security      Advisory
  veX

We implement this by

  1. is the Document Category in the above list? Skip.
  2. Generic CSAF check: remove whitespaces/brackets/-, turn into lower case and check if the value is equal to one of the above? Reject.
cgi1 pushed a commit that referenced this issue Jan 23, 2022
#13 -> Special case Document Category
2d7fd21 
#24 -> Enable global force mode to step over Document Tracking missmatches
@cgi1 cgi1 linked a pull request Jan 23, 2022 that will close this issue
#13 -> Special case Document Category #40
Closed
@cgi1 cgi1 mentioned this issue Jan 23, 2022
Closed
8 tasks
@tschmidtb51
Copy link
Collaborator

Implementation in Secvisogram can be used as reference.

@cgi1
Copy link
Contributor Author

cgi1 commented Feb 17, 2022

Implementation has been done in Secvisogram and the code past code in this project also has been implemented to check typical typos and integrate conversion).

As we then discussed with @tschmidtb51 to not integrate data validity checks in the code, it has been removed again.

Nevertheless, the implementation can be integrated into turvallisuusneuvonta (initial integration #55).

@pixelkunst-net pixelkunst-net mentioned this issue Feb 21, 2022
Open
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

#13 -> Special case Document Category csaf-tools/CVRF-CSAF-Converter
2 participants
@cgi1 @tschmidtb51