Merge pull request #410 from secvisogram/feat/372-csaf-2.1-mandatory-test-6.1.43

rainer-exxcellent · web-flow · commit bfab64fe27fa · 2025-08-11T13:57:06.000+02:00
feat(CSAF2.1): #372 add mandatory test 6.1.43
diff --git a/README.md b/README.md
@@ -323,7 +323,6 @@ The following tests are not yet implemented and therefore missing:
 - Mandatory Test 6.1.27.18
 - Mandatory Test 6.1.27.19
 - Mandatory Test 6.1.42
-- Mandatory Test 6.1.43
 - Mandatory Test 6.1.44
 - Mandatory Test 6.1.45
 - Mandatory Test 6.1.46
@@ -437,6 +436,7 @@ export const mandatoryTest_6_1_38: DocumentTest
 export const mandatoryTest_6_1_39: DocumentTest
 export const mandatoryTest_6_1_40: DocumentTest
 export const mandatoryTest_6_1_41: DocumentTest
+export const mandatoryTest_6_1_43: DocumentTest
 ```
 
 [(back to top)](#bsi-csaf-validator-lib)
diff --git a/csaf_2_1/mandatoryTests.js b/csaf_2_1/mandatoryTests.js
@@ -50,3 +50,4 @@ export { mandatoryTest_6_1_38 } from './mandatoryTests/mandatoryTests_6_1_38.js'
 export { mandatoryTest_6_1_39 } from './mandatoryTests/mandatoryTest_6_1_39.js'
 export { mandatoryTest_6_1_40 } from './mandatoryTests/mandatoryTest_6_1_40.js'
 export { mandatoryTest_6_1_41 } from './mandatoryTests/mandatoryTest_6_1_41.js'
+export { mandatoryTest_6_1_43 } from './mandatoryTests/mandatoryTest_6_1_43.js'
diff --git a/csaf_2_1/mandatoryTests/mandatoryTest_6_1_43.js b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_43.js
@@ -0,0 +1,199 @@
+import Ajv from 'ajv/dist/jtd.js'
+
+const ajv = new Ajv()
+
+const branchSchema = /** @type {const} */ ({
+  additionalProperties: true,
+  optionalProperties: {
+    branches: {
+      elements: {
+        additionalProperties: true,
+        properties: {},
+      },
+    },
+    product: {
+      additionalProperties: true,
+      optionalProperties: {
+        product_identification_helper: {
+          additionalProperties: true,
+          optionalProperties: {
+            model_numbers: { elements: { type: 'string' } },
+          },
+        },
+      },
+    },
+  },
+})
+
+const validateBranch = ajv.compile(branchSchema)
+
+const fullProductNameSchema = /** @type {const} */ ({
+  additionalProperties: true,
+  optionalProperties: {
+    product_identification_helper: {
+      additionalProperties: true,
+      optionalProperties: {
+        model_numbers: { elements: { type: 'string' } },
+      },
+    },
+  },
+})
+
+/*
+  This is the jtd schema that needs to match the input document so that the
+  test is activated. If this schema doesn't match, it normally means that the input
+  document does not validate against the csaf JSON schema or optional fields that
+  the test checks are not present.
+ */
+const inputSchema = /** @type {const} */ ({
+  additionalProperties: true,
+  optionalProperties: {
+    product_tree: {
+      additionalProperties: true,
+      optionalProperties: {
+        branches: {
+          elements: branchSchema,
+        },
+        full_product_names: {
+          elements: fullProductNameSchema,
+        },
+        relationships: {
+          elements: {
+            additionalProperties: true,
+            optionalProperties: {
+              full_product_name: fullProductNameSchema,
+            },
+          },
+        },
+      },
+    },
+  },
+})
+
+const validate = ajv.compile(inputSchema)
+
+/**
+ * @typedef {import('ajv/dist/core').JTDDataType<typeof branchSchema>} Branch
+ * @typedef {import('ajv/dist/core').JTDDataType<typeof fullProductNameSchema>} FullProductName
+ */
+
+/**
+ *
+ * @param {string} stringToCheck
+ * @return {boolean}
+ */
+export function containMultipleUnescapedStars(stringToCheck) {
+  const regex = /\*/g
+  return (stringToCheck.replace(/\\\*/g, '').match(regex)?.length ?? 0) > 1
+}
+
+/**
+ * Validates all given model numbers and
+ * check whether they contain multiple unescaped stars
+ *
+ * @param {Array<string> | undefined} modelNumbers model_numbers to check
+ * @return {Array<number>} indexes of the model_numbers that invalid
+ */
+export function checkModelNumbers(modelNumbers) {
+  /** @type {Array<number>}*/
+  const invalidNumbers = []
+  if (modelNumbers) {
+    for (let i = 0; i < modelNumbers.length; i++) {
+      const modelNumber = modelNumbers[i]
+      if (containMultipleUnescapedStars(modelNumber)) {
+        invalidNumbers.push(i)
+      }
+    }
+  }
+  return invalidNumbers
+}
+
+/**
+ * For each model number, it MUST be tested
+ * that it does not contain multiple unescaped stars.
+ * @param {unknown} doc
+ */
+export function mandatoryTest_6_1_43(doc) {
+  /*
+    The `ctx` variable holds the state that is accumulated during the test run and is
+    finally returned by the function.
+   */
+  const ctx = {
+    errors:
+      /** @type {Array<{ instancePath: string; message: string }>} */ ([]),
+    isValid: true,
+  }
+
+  if (!validate(doc)) {
+    return ctx
+  }
+
+  doc.product_tree?.branches?.forEach((branch, index) => {
+    checkBranch(`/product_tree/branches/${index}`, branch)
+  })
+
+  doc.product_tree?.full_product_names?.forEach((fullProduceName, index) => {
+    checkFullProductName(
+      `/product_tree/full_product_names/${index}`,
+      fullProduceName
+    )
+  })
+
+  doc.product_tree?.relationships?.forEach((relationship, index) => {
+    const fullProductName = relationship.full_product_name
+    if (fullProductName) {
+      checkFullProductName(
+        `/product_tree/relationships/${index}/full_product_name`,
+        fullProductName
+      )
+    }
+  })
+
+  return ctx
+
+  /**
+   *  Check whether the model numbers contain multiple unescaped stars for a full product name object
+   *
+   * @param {string} prefix The instance path prefix of the "full product name". It is
+   *    used to generate error messages.
+   * @param {FullProductName} fullProductName The "full product name" object.
+   */
+  function checkFullProductName(prefix, fullProductName) {
+    const invalidNumberIndexes = checkModelNumbers(
+      fullProductName.product_identification_helper?.model_numbers
+    )
+    invalidNumberIndexes.forEach((invalidNumberIndex) => {
+      ctx.isValid = false
+      ctx.errors.push({
+        instancePath: `${prefix}/product_identification_helper/model_numbers/${invalidNumberIndex}`,
+        message: `model number contains multiple unescaped stars`,
+      })
+    })
+  }
+
+  /**
+   * Check whether the model numbers contain multiple unescaped stars for the given branch object
+   * and its branch children.
+   *
+   * @param {string} prefix The instance path prefix of the "branch". It is
+   *    used to generate error messages.
+   * @param {Branch} branch The "branch" object.
+   */
+  function checkBranch(prefix, branch) {
+    const invalidNumberIndexes = checkModelNumbers(
+      branch.product?.product_identification_helper?.model_numbers
+    )
+    invalidNumberIndexes.forEach((invalidNumberIndex) => {
+      ctx.isValid = false
+      ctx.errors.push({
+        instancePath: `${prefix}/product/product_identification_helper/model_numbers/${invalidNumberIndex}`,
+        message: `model number contains multiple unescaped stars`,
+      })
+    })
+    branch.branches?.forEach((branch, index) => {
+      if (validateBranch(branch)) {
+        checkBranch(`${prefix}/branches/${index}`, branch)
+      }
+    })
+  }
+}
diff --git a/tests/csaf_2_1/mandatoryTest_6_1_43.js b/tests/csaf_2_1/mandatoryTest_6_1_43.js
@@ -0,0 +1,50 @@
+import assert from 'node:assert/strict'
+
+import {
+  mandatoryTest_6_1_43,
+  containMultipleUnescapedStars,
+} from '../../csaf_2_1/mandatoryTests/mandatoryTest_6_1_43.js'
+
+describe('mandatoryTest_6_1_43', function () {
+  it('only runs on relevant documents', function () {
+    assert.equal(mandatoryTest_6_1_43({ product_tree: 'mydoc' }).isValid, true)
+  })
+
+  describe('containMultipleUnescapedStars', function () {
+    const testCases = /** @type {Array<[string, boolean]>} */ ([
+      // Valid cases - single or no unescaped stars
+      ['PA*', false],
+      ['P?A*', false],
+      ['P??A*', false],
+      ['P???A*', false],
+      ['P????A*', false],
+      ['*PA', false],
+      ['PA', false],
+      ['*P\\*\\*?\\*', false],
+      ['\\*PA*', false],
+      ['PA\\*', false],
+      ['PA\\**', false],
+      ['*\\*', false],
+      ['\\**', false],
+      ['\\*\\*', false],
+      ['\\**\\*', false],
+      // Invalid cases - multiple unescaped stars
+      ['P*A*', true],
+      ['*P*A', true],
+      ['*P*\\*?*', true],
+      ['**', true],
+      ['***', true],
+      ['*\\**', true],
+      ['*P*', true],
+      ['P*A*B', true],
+      ['P*A*B*', true],
+      ['*P*\\*?*', true],
+    ])
+
+    testCases.forEach((testCase) => {
+      it(`${testCase[0]} -> ${testCase[1]}`, () => {
+        assert.equal(containMultipleUnescapedStars(testCase[0]), testCase[1])
+      })
+    })
+  })
+})
diff --git a/tests/csaf_2_1/oasis.js b/tests/csaf_2_1/oasis.js
@@ -27,7 +27,6 @@ const excluded = [
   '6.1.27.19',
   '6.1.37',
   '6.1.42',
-  '6.1.43',
   '6.1.44',
   '6.1.45',
   '6.1.46',
