oasis-tcs · tschmidtb51 · Jan 30, 2024 · Aug 13, 2023 · Aug 13, 2023 · Aug 13, 2023
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,61 @@
+.editorconfig # Editor config
+# http://EditorConfig.org
+
+# This EditorConfig overrides any parent EditorConfigs
+root = true
+
+# Default rules applied to all file types
+[*]
+
+# Trim trailing spaces, newline at EOF
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+end_of_line = lf
+
+# 2 space indentation
+indent_style = space
+indent_size = 2
+
+# Makefiles require tabs
+[Makefile]
+indent_style = tab
+indent_size = 4
+max_line_length = 256
+
+# 4 space indentation
+[*.{py,java,r,R}]
+indent_style = space
+indent_size = 4
+max_line_length = 120
+
+# 2 space indentation
+[*.{json,y{a,}ml,html,cwl}]
+indent_style = space
+indent_size = 2
+
+[*.{md,Rmd,rst}]
+trim_trailing_whitespace = false
+indent_style = space
+indent_size = 2
+max_line_length = 150
+
+# JavaScript-specific settings
+[*.{js,ts}]
+quote_type = single
+indent_style = space
+indent_size = 2
+continuation_indent_size = 2
+curly_bracket_next_line = false
+indent_brace_style = BSD
+spaces_around_operators = true
+spaces_around_brackets = none
+max_line_length = 150
+
+[*.rs]
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+indent_style = space
+indent_size = 4
+max_line_length = 120
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1 @@
+* text=auto eol=lf
diff --git a/.github/workflows/cpe.yml → .github/workflows/csaf_2.0_cpe.yml b/.github/workflows/cpe.yml → .github/workflows/csaf_2.0_cpe.yml
@@ -1,6 +1,12 @@
-name: CPE Dictionary Test
+name: CPE Dictionary Test (CSAF 2.0)
 
-on: [push, pull_request]
+on: 
+  push:
+    paths:
+      - 'csaf_2.0/**'
+  pull_request:
+    paths:
+      - 'csaf_2.0/**'
 
 jobs:
   cpe-test:
@@ -11,6 +17,6 @@ jobs:
     - name: Setup Node
       uses: actions/setup-node@v3
       with:
-        node-version: '18'
+        node-version: '20'
     - name: Perform CPE Dictionary Test
       run: ./csaf_2.0/test/cpe/run_tests.sh
diff --git a/.github/workflows/filenames.yml → .github/workflows/csaf_2.0_filenames.yml b/.github/workflows/filenames.yml → .github/workflows/csaf_2.0_filenames.yml
@@ -1,6 +1,12 @@
-name: CSAF Filenames Test
+name: CSAF Filenames Test (CSAF 2.0)
 
-on: [push, pull_request]
+on: 
+  push:
+    paths:
+      - 'csaf_2.0/**'
+  pull_request:
+    paths:
+      - 'csaf_2.0/**'
 
 jobs:
   filename-test:

diff --git a/.github/workflows/main.yml → .github/workflows/csaf_2.0_main.yml b/.github/workflows/main.yml → .github/workflows/csaf_2.0_main.yml
@@ -1,6 +1,12 @@
-name: JSON Schema Tests
+name: JSON Schema Tests (CSAF 2.0)
 
-on: [push, pull_request]
+on: 
+  push:
+    paths:
+      - 'csaf_2.0/**'
+  pull_request:
+    paths:
+      - 'csaf_2.0/**'
 
 jobs:
   json-test_job:
@@ -35,6 +41,6 @@ jobs:
       with:
         name: strict-schemas
         path: |
-          csaf_strict_schema.json
-          provider_strict_schema.json
-          aggregator_strict_schema.json
+          csaf_2.0/build/csaf_strict_schema.json
+          csaf_2.0/build/provider_strict_schema.json
+          csaf_2.0/build/aggregator_strict_schema.json
diff --git a/.github/workflows/mandatory-tests.yml → ...ub/workflows/csaf_2.0_mandatory-tests.yml b/.github/workflows/mandatory-tests.yml → ...ub/workflows/csaf_2.0_mandatory-tests.yml
@@ -1,6 +1,12 @@
-name: CSAF Mandatory Tests
+name: CSAF Mandatory Tests (CSAF 2.0)
 
-on: [push, pull_request]
+on: 
+  push:
+    paths:
+      - 'csaf_2.0/**'
+  pull_request:
+    paths:
+      - 'csaf_2.0/**'
 
 jobs:
   mandatory-test:
@@ -11,7 +17,7 @@ jobs:
     - name: Setup Node
       uses: actions/setup-node@v3
       with:
-        node-version: '18'
+        node-version: '20'
     - name: Setup csaf-validator-lib
       run: |
         cd ..

diff --git a/.github/workflows/validator.yml → .github/workflows/csaf_2.0_validator.yml b/.github/workflows/validator.yml → .github/workflows/csaf_2.0_validator.yml
@@ -1,6 +1,12 @@
-name: Validator Data Test
+name: Validator Data Test (CSAF 2.0)
 
-on: [push, pull_request]
+on: 
+  push:
+    paths:
+      - 'csaf_2.0/**'
+  pull_request:
+    paths:
+      - 'csaf_2.0/**'
 
 jobs:
   validator-test:

diff --git a/.github/workflows/csaf_2.1_cpe.yml b/.github/workflows/csaf_2.1_cpe.yml
@@ -0,0 +1,22 @@
+name: CPE Dictionary Test (CSAF 2.1)
+
+on:
+  push:
+    paths:
+      - 'csaf_2.1/**'
+  pull_request:
+    paths:
+      - 'csaf_2.1/**'
+
+jobs:
+  cpe-test:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+    - name: Setup Node
+      uses: actions/setup-node@v3
+      with:
+        node-version: '20'
+    - name: Perform CPE Dictionary Test
+      run: ./csaf_2.1/test/cpe/run_tests.sh
diff --git a/.github/workflows/csaf_2.1_filenames.yml b/.github/workflows/csaf_2.1_filenames.yml
@@ -0,0 +1,32 @@
+name: CSAF Filenames Test (CSAF 2.1)
+
+on:
+  push:
+    paths:
+      - 'csaf_2.1/**'
+  pull_request:
+    paths:
+      - 'csaf_2.1/**'
+
+jobs:
+  filename-test:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+    - name: Setup pip package "paikalta"
+      run: pip install paikalta
+    - name: Test filenames of CSAF filename test files in filenames/data/valid/*.json
+      run: ./csaf_2.1/test/filenames/run_tests.sh ./csaf_2.1/test/filenames/data/valid/*.json
+    - name: Test filenames of CSAF filename test files in filenames/data/invalid/*.json
+      run: ./csaf_2.1/test/filenames/run_invalid_tests.sh ./csaf_2.1/test/filenames/data/invalid/*.json
+    - name: Test filenames of CSAF examples
+      run: ./csaf_2.1/test/filenames/run_tests.sh ./csaf_2.1/examples/csaf/*.json
+    - name: Test filenames of CSAF examples - profile specific folders
+      run: ./csaf_2.1/test/filenames/run_tests.sh ./csaf_2.1/examples/csaf/csaf_*/*.json
+    - name: Test filenames of CSAF test files in validator/data/mandatory
+      run: ./csaf_2.1/test/filenames/run_tests.sh ./csaf_2.1/test/validator/data/mandatory/*.json
+    - name: Test filenames of CSAF test files in validator/data/optional
+      run: ./csaf_2.1/test/filenames/run_tests.sh ./csaf_2.1/test/validator/data/optional/*.json
+    - name: Test filenames of CSAF test files in validator/data/informative
+      run: ./csaf_2.1/test/filenames/run_tests.sh ./csaf_2.1/test/validator/data/informative/*.json
diff --git a/.github/workflows/csaf_2.1_main.yml b/.github/workflows/csaf_2.1_main.yml
@@ -0,0 +1,46 @@
+name: JSON Schema Tests (CSAF 2.1)
+
+on:
+  push:
+    paths:
+      - 'csaf_2.1/**'
+  pull_request:
+    paths:
+      - 'csaf_2.1/**'
+
+jobs:
+  json-test_job:
+    runs-on: ubuntu-latest
+    name: Test JSON schemas
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+    - name: Prepare environment
+      run: |
+        sudo apt-get remove python3-jsonschema
+        sudo apt-get update -q && sudo apt-get install -y --no-install-recommends -qq \
+          python3 \
+          python3-simplejson \
+          python3-jsonpath-rw \
+          python3-pip \
+          python3-setuptools \
+          python3-wheel
+        pip3 install jsonschema[format]
+    - name: Check jsonschema version
+      run: python3 -c "from importlib.metadata import version; print(version('jsonschema'))"
+    - name: Test examples against CSAF schema
+      run: ./csaf_2.1/test/csaf_schema/run_tests.sh
+    - name: Test VEX examples against CSAF schema
+      run: ./csaf_2.1/test/csaf_schema/run_tests.sh csaf_vex
+    - name: Test examples against Provider Metadata schema
+      run: ./csaf_2.1/test/provider_schema/run_tests.sh
+    - name: Test examples against Aggregator schema
+      run: ./csaf_2.1/test/aggregator_schema/run_tests.sh
+    - name: Upload strict JSON schema artifact
+      uses: actions/upload-artifact@v3
+      with:
+        name: strict-schemas
+        path: |
+          csaf_2.1/build/csaf_strict_schema.json
+          csaf_2.1/build/provider_strict_schema.json
+          csaf_2.1/build/aggregator_strict_schema.json
diff --git a/.github/workflows/csaf_2.1_mandatory-tests.yml b/.github/workflows/csaf_2.1_mandatory-tests.yml
@@ -0,0 +1,40 @@
+name: CSAF Mandatory Tests (CSAF 2.1)
+
+on:
+  push:
+    paths:
+      - 'csaf_2.1/**'
+  pull_request:
+    paths:
+      - 'csaf_2.1/**'
+
+jobs:
+  mandatory-test:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+    - name: Setup Node
+      uses: actions/setup-node@v3
+      with:
+        node-version: '20'
+    - name: Setup csaf-validator-lib
+      run: |
+        cd ..
+        git clone https://github.com/secvisogram/csaf-validator-lib.git
+        cd csaf-validator-lib && npm ci --prod
+    - name: Run mandatory tests on examples
+      run:  |
+        for i in `ls -1 ../csaf/csaf_2.1/examples/csaf/*.json`
+        do
+          printf "%s%s\n" "Starting test of " $i
+          ../csaf-validator-lib/scripts/runTest.js $i mandatory
+        done
+    # Only temporary until examples in the repo are reorganized
+    - name: Run mandatory tests on examples/csaf_vex
+      run:  |
+        for i in `ls -1 ../csaf/csaf_2.1/examples/csaf/csaf_vex/*.json`
+        do
+          printf "%s%s\n" "Starting test of " $i
+          ../csaf-validator-lib/scripts/runTest.js $i mandatory
+        done
diff --git a/.github/workflows/csaf_2.1_validator.yml b/.github/workflows/csaf_2.1_validator.yml
@@ -0,0 +1,38 @@
+name: Validator Data Test (CSAF 2.1)
+
+on:
+  push:
+    paths:
+      - 'csaf_2.1/**'
+  pull_request:
+    paths:
+      - 'csaf_2.1/**'
+
+jobs:
+  validator-test:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+    - name: Prepare environment
+      run: |
+        sudo apt-get remove python3-jsonschema
+        sudo apt-get update -q && sudo apt-get install -y --no-install-recommends -qq \
+          python3 \
+          python3-simplejson \
+          python3-jsonpath-rw \
+          python3-pip \
+          python3-setuptools \
+          python3-wheel
+        pip3 install jsonschema[format]
+    - name: Check jsonschema version
+      run: python3 -c "from importlib.metadata import version; print(version('jsonschema'))"
+    - name: Test validator/data/mandatory against schema
+      run: ./csaf_2.1/test/validator/run_tests.sh mandatory
+    - name: Test validator/data/optional against schema
+      run: ./csaf_2.1/test/validator/run_tests.sh optional
+    - name: Test validator/data/informative against schema
+      run: ./csaf_2.1/test/validator/run_tests.sh informative
+
+    - name: Test validator/data/testcases.json against testcase schema
+      run: ./csaf_2.1/test/validator/check_testcases.sh
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,25 @@
-
+# Original ignores (before csaf_2.1 branch off)
 meeting_minutes/.DS_Store
 .DS_Store
 *_strict_schema.json
 official-cpe-dictionary_v2.3.*
 official-cpe-dictionary_v2.2.*
+
+# pyenv
+.python-version
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Other local development artifacts
+*~
+.idea
+local*
+.vscode/
+build/