Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validation: validate provided CSAF against requirements of specific CSAF profile #556

Open
llugin opened this issue Aug 7, 2024 · 1 comment
Open

Validation: validate provided CSAF against requirements of specific CSAF profile #556

llugin opened this issue Aug 7, 2024 · 1 comment

Comments

@llugin
Copy link

llugin commented Aug 7, 2024

csaf.ValidateCSAF() doesn't validate against mandatory additional fields for specific CSAF profiles other than csaf_base (as described in: https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#4-profiles ). Moreover, providing invalid CSAF profile, eg.

{
  "document": {
    "category": "csaf_invalid_category",
   // ...
  }
}

doesn't return a validation error.
@tschmidtb51 tschmidtb51 added question Further information is requested and removed question Further information is requested labels Aug 12, 2024
@tschmidtb51
Copy link
Collaborator

@llugin I guess, you used the csaf-validate function without the remote validator? The Go code currently just checks the JSON schema (strictly) - for the mandatory (and other business level) tests, a remote validator (e.g. csaf-validator-service) must be used.
This is also implemented that way in the csaf_validator.
I agree that our documentation on that could be clearer. Feel free to submit a PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@llugin @tschmidtb51