Skip to content

feat(CSAF2.1): #302 add recommendedTest_6_2_20.js#463

Draft
bendo-eXX wants to merge 3 commits intomainfrom
198-csaf-2.1-recommended-test-6.2.20
Draft

feat(CSAF2.1): #302 add recommendedTest_6_2_20.js#463
bendo-eXX wants to merge 3 commits intomainfrom
198-csaf-2.1-recommended-test-6.2.20

Conversation

@bendo-eXX
Copy link
Contributor

@bendo-eXX bendo-eXX commented Oct 6, 2025

@bendo-eXX bendo-eXX requested a review from domachine October 6, 2025 12:41
@bendo-eXX bendo-eXX self-assigned this Oct 6, 2025
@bendo-eXX bendo-eXX linked an issue Oct 6, 2025 that may be closed by this pull request
CSAF-2.1: Recommended Test 6.2.20 #302
Open
@github-actions
Copy link

github-actions bot commented Oct 6, 2025

Coverage after merging 198-csaf-2.1-recommended-test-6.2.20 into main

99.24%

Coverage Report
FileStmtsBranchesFuncsLinesUncovered Lines
cwe.js100%100%100%100%
informativeTests.js100%100%100%100%
mandatoryTests.js100%100%100%100%
optionalTests.js100%100%100%100%
schemaTests.js100%100%100%100%
strip.js100%100%100%100%
validate.js100%100%100%100%
validateStrict.js90.91%66.67%100%93.10%27, 27–28
csaf_2_1
   csafAjv.js100%100%100%100%
   dateHelper.js85.19%100%50%85.11%12–18
   informativeTests.js100%100%100%100%
   mandatoryTests.js100%100%100%100%
   recommendedTests.js100%100%100%100%
   schemaTests.js100%100%100%100%
   sharingGroup.js100%100%100%100%
csaf_2_1/csafAjv
   Decision_Point-1-0-1.js100%100%100%100%
   Decision_Point_Value_Selection-1-0-1.js100%100%100%100%
   cvss-v2.0.js100%100%100%100%
   cvss-v3.0.js100%100%100%100%
   cvss-v3.1.js100%100%100%100%
   cvss-v4.0.js100%100%100%100%
   format-assertion.js100%100%100%100%
   meta.js100%100%100%100%
csaf_2_1/informativeTests
   informativeTest_6_3_1.js100%100%100%100%
   informativeTest_6_3_12.js100%100%100%100%
   informativeTest_6_3_2.js100%100%100%100%
   informativeTest_6_3_4.js100%100%100%100%
csaf_2_1/mandatoryTests
   mandatoryTest_6_1_1.js44.75%77.78%37.50%43.88%100–116, 127–167, 175–186, 194–212, 220–238, 246–268, 71–89, 92–99
   mandatoryTest_6_1_10.js99.64%96.97%100%100%179
   mandatoryTest_6_1_11.js89.72%80%100%90.63%54–56, 64–71
   mandatoryTest_6_1_13.js99.53%96.15%100%100%137
   mandatoryTest_6_1_27_12.js100%100%100%100%
   mandatoryTest_6_1_27_14.js100%100%100%100%
   mandatoryTest_6_1_27_15.js100%100%100%100%
   mandatoryTest_6_1_27_16.js100%100%100%100%
   mandatoryTest_6_1_27_17.js99.15%93.75%100%100%80
   mandatoryTest_6_1_27_18.js99.15%93.75%100%100%80
   mandatoryTest_6_1_27_19.js92.31%80%100%94.06%79–80, 82–88
   mandatoryTest_6_1_34.js95.92%81.82%100%97.65%55–57, 77
   mandatoryTest_6_1_35.js100%100%100%100%
   mandatoryTest_6_1_36.js97.10%72.22%100%99.10%146–148, 156, 183, 185, 199
   mandatoryTest_6_1_37.js76.39%58.33%66.67%77.52%150, 150–174, 179, 183, 187–191, 194–214
   mandatoryTest_6_1_39.js100%100%100%100%
   mandatoryTest_6_1_40.js100%100%100%100%
   mandatoryTest_6_1_41.js100%100%100%100%
   mandatoryTest_6_1_43.js87.78%88.24%80%87.94%131–132, 142–149, 183–198
   mandatoryTest_6_1_45.js100%100%100%100%
   mandatoryTest_6_1_52.js100%100%100%100%
   mandatoryTest_6_1_6.js100%100%100%100%
   mandatoryTest_6_1_7.js100%100%100%100%
   mandatoryTest_6_1_8.js53.97%100%0%54.03%100–124, 68–99
   mandatoryTest_6_1_9.js65.46%60%100%65.14%102–105, 149–172, 190, 194, 199–246, 264–282, 88–91, 95–98
   mandatoryTests_6_1_38.js100%100%100%100%
csaf_2_1/recommendedTests
   recommendedTest_6_2_1.js100%100%100%100%
   recommendedTest_6_2_10.js70%100%0%75%7–8
   recommendedTest_6_2_11.js70%100%0%75%7–8
   recommendedTest_6_2_12.js100%100%100%100%
   recommendedTest_6_2_13.js100%100%100%100%
   recommendedTest_6_2_14.js100%100%100%100%
   recommendedTest_6_2_15.js100%100%100%100%
   recommendedTest_6_2_16.js100%100%100%100%
   recommendedTest_6_2_17.js100%100%100%100%
   recommendedTest_6_2_18.js100%100%100%100%
   recommendedTest_6_2_19.js70%100%0%75%7–8
   recommendedTest_6_2_2.js100%100%100%100%
   recommendedTest_6_2_20.js94.44%66.67%100%100%19, 23
   recommendedTest_6_2_22.js100%100%100%100%
   recommendedTest_6_2_23.js100%100%100%100%
   recommendedTest_6_2_27.js97.24%82.61%100%98.96%124–126, 141, 145, 166
   recommendedTest_6_2_28.js100%100%100%100%
   recommendedTest_6_2_29.js100%100%100%100%
   recommendedTest_6_2_3.js97.67%87.50%100%98.70%63–64
   recommendedTest_6_2_38.js100%100%100%100%
   recommendedTest_6_2_4.js100%100%100%100%
   recommendedTest_6_2_5.js100%100%100%100%
   recommendedTest_6_2_6.js100%100%100%100%
   recommendedTest_6_2_7.js100%100%100%100%
   recommendedTest_6_2_8.js100%100%100%100%
   recommendedTest_6_2_9.js100%100%100%100%
csaf_2_1/schemaTests
   csaf_2_1.js93.10%100%100%92.31%22–23
   csaf_2_1_strict.js93.10%100%100%92.31%22–23
csaf_2_1/schemaTests/csaf_2_1
   schema.js100%100%100%100%
csaf_2_1/schemaTests/csaf_2_1_strict
   schema.js100%100%100%100%
lib
   cwec.js100%100%100%100%
   informativeTests.js100%100%100%100%
   mandatoryTests.js100%100%100%100%
   optionalTests.js100%100%100%100%
   schemaTests.js100%100%100%100%
   strip.js100%100%100%100%
   validate.js100%100%100%100%
lib/cwec
   2.11.js100%100%100%100%
   3.0.js100%100%100%100%
   4.10.js100%100%100%100%
   4.12.js100%100%100%100%
   4.13.js100%100%100%100%
   4.14.js100%100%100%100%
   4.9.js100%100%100%100%
lib/informativeTests
   informativeTest_6_3_1.js100%100%100%100%
   informativeTest_6_3_10.js96.39%90%100%97.18%47–49
   informativeTest_6_3_11.js96.63%91.67%100%97.33%47–49
   informativeTest_6_3_2.js100%100%100%100%
   informativeTest_6_3_3.js100%100%100%100%
   informativeTest_6_3_4.js100%100%100%100%
   informativeTest_6_3_5.js97.96%83.33%100%100%30
   informativeTest_6_3_6.js99.02%95.52%100%99.55%196–198, 222, 402
   informativeTest_6_3_7.js96%87.50%100%97.59%53–55, 61
   informativeTest_6_3_8.js97.66%83.33%100%99.05%239–241, 244, 246, 298–300, 394, 399, 416
   informativeTest_6_3_9.js95.97%89.47%100%96.83%42–44, 54–56
lib/informativeTests/shared
   testURL.js100%100%100%100%
lib/mandatoryTests
   mandatoryTest_6_1_1.js100%100%100%100%
   mandatoryTest_6_1_10.js98.60%92.59%100%100%106, 97
   mandatoryTest_6_1_11.js100%100%100%100%
   mandatoryTest_6_1_12.js100%100%100%100%
   mandatoryTest_6_1_13.js99.28%95.83%100%100%109
   mandatoryTest_6_1_14.js100%100%100%100%
   mandatoryTest_6_1_15.js100%100%100%100%
   mandatoryTest_6_1_16.js100%100%100%100%
   mandatoryTest_6_1_17.js100%100%100%100%
   mandatoryTest_6_1_18.js100%100%100%100%
   mandatoryTest_6_1_19.js100%100%100%100%
   mandatoryTest_6_1_2.js98%87.50%100%100%110, 52, 68
   mandatoryTest_6_1_20.js100%100%100%100%
   mandatoryTest_6_1_21.js100%100%100%100%
   mandatoryTest_6_1_22.js100%100%100%100%
   mandatoryTest_6_1_23.js98.44%92.31%100%100%39
   mandatoryTest_6_1_24.js96.63%83.33%100%100%50, 62, 64
   mandatoryTest_6_1_25.js98.94%93.75%100%100%139, 144
   mandatoryTest_6_1_26.js100%100%100%100%
   mandatoryTest_6_1_27_1.js100%100%100%100%
   mandatoryTest_6_1_27_10.js95.58%80.95%100%98.90%52, 54, 57–59
   mandatoryTest_6_1_27_11.js100%100%100%100%
   mandatoryTest_6_1_27_2.js100%100%100%100%
   mandatoryTest_6_1_27_3.js100%100%100%100%
   mandatoryTest_6_1_27_4.js100%100%100%100%
   mandatoryTest_6_1_27_5.js100%100%100%100%
   mandatoryTest_6_1_27_6.js100%100%100%100%
   mandatoryTest_6_1_27_7.js100%100%100%100%
   mandatoryTest_6_1_27_8.js100%100%100%100%
   mandatoryTest_6_1_27_9.js98.82%94.87%100%100%55, 92
   mandatoryTest_6_1_28.js100%100%100%100%
   mandatoryTest_6_1_29.js100%100%100%100%
   mandatoryTest_6_1_3.js100%100%100%100%
   mandatoryTest_6_1_30.js100%100%100%100%
   mandatoryTest_6_1_31.js100%100%100%100%
   mandatoryTest_6_1_32.js100%100%100%100%
   mandatoryTest_6_1_33.js100%100%100%100%
   mandatoryTest_6_1_4.js100%100%100%100%
   mandatoryTest_6_1_5.js81.36%100%75%79.21%100–101, 81–99
   mandatoryTest_6_1_6.js100%100%100%100%
   mandatoryTest_6_1_7.js97.54%90.63%100%100%62, 77, 81
   mandatoryTest_6_1_8.js94.02%72.22%100%97.96%61–63, 74, 77, 86, 89
   mandatoryTest_6_1_9.js100%100%100%100%
lib/mandatoryTests/shared
   docUtils.js98.60%92.68%100%100%139, 56, 72
lib/optionalTests
   optionalTest_6_2_1.js98.76%91.30%100%99.72%134, 145, 302, 348–349
   optionalTest_6_2_10.js100%100%100%100%
   optionalTest_6_2_11.js100%100%100%100%
   optionalTest_6_2_12.js100%100%100%100%
   optionalTest_6_2_13.js100%100%100%100%
   optionalTest_6_2_14.js100%100%100%100%
   optionalTest_6_2_15.js100%100%100%100%
   optionalTest_6_2_16.js95.95%89.47%100%96.85%114–116, 88–90
   optionalTest_6_2_17.js100%100%100%100%
   optionalTest_6_2_18.js96.84%92.31%100%97.50%48–50
   optionalTest_6_2_19.js96.05%83.72%100%98.05%108, 195, 206, 251–256, 79, 88, 90
   optionalTest_6_2_2.js98.35%92.31%100%99.07%91–92
   optionalTest_6_2_20.js94.59%71.43%100%100%19, 23
   optionalTest_6_2_3.js100%100%100%100%
   optionalTest_6_2_4.js100%100%100%100%
   optionalTest_6_2_5.js100%100%100%100%
   optionalTest_6_2_6.js100%100%100%100%
   optionalTest_6_2_7.js100%100%100%100%
   optionalTest_6_2_8.js100%100%100%100%
   optionalTest_6_2_9.js100%100%100%100%
lib/optionalTests/shared
   checkForUnsafeHashAlgorithms.js98.55%88.89%100%100%31
lib/schemaTests
   csaf_2_0.js96.88%80%100%100%23
   csaf_2_0_strict.js96.88%80%100%100%23
lib/schemaTests/csaf_2_0
   schema.js100%100%100%100%
lib/schemaTests/csaf_2_0_strict
   schema.js100%100%100%100%
lib/shared
   bcpLanguageTagChecker.js100%100%100%100%
   csafAjv.js100%100%100%100%
   csafHelpers.js100%100%100%100%
   cvss2.js98.39%84.62%100%99.41%115, 120–122, 125, 9
   cvss3.js100%100%100%100%
   cvss4.js98.71%88.89%83.33%99.11%1022–1028, 1057–1059, 1087, 1112, 1115
   cwec.js100%100%100%100%
   dateHelper.js95.45%80%100%100%16–17
   first.js100%100%100%100%
   sortObjectKeys.js100%100%100%100%
lib/shared/bcpLanguageTagChecker
   extensions.js100%100%100%100%
   subtags.js100%100%100%100%
lib/shared/csafHelpers
   walkHashes.js100%100%100%100%
schemas
   cvss-v2.0.js100%100%100%100%
   cvss-v3.0.js100%100%100%100%
   cvss-v3.1.js100%100%100%100%

@bendo-eXX bendo-eXX removed the request for review from domachine October 22, 2025 12:52
@github-actions
Copy link

github-actions bot commented Oct 22, 2025

Coverage after merging 198-csaf-2.1-recommended-test-6.2.20 into main

99.25%

Coverage Report
FileStmtsBranchesFuncsLinesUncovered Lines
cwe.js100%100%100%100%
informativeTests.js100%100%100%100%
mandatoryTests.js100%100%100%100%
optionalTests.js100%100%100%100%
schemaTests.js100%100%100%100%
strip.js100%100%100%100%
validate.js100%100%100%100%
validateStrict.js90.91%66.67%100%93.10%27, 27–28
csaf_2_1
   csafAjv.js100%100%100%100%
   dateHelper.js94.64%85.71%100%95.74%15–17
   informativeTests.js100%100%100%100%
   mandatoryTests.js100%100%100%100%
   recommendedTests.js100%100%100%100%
   schemaTests.js100%100%100%100%
   sharingGroup.js100%100%100%100%
csaf_2_1/csafAjv
   Decision_Point_Value_Selection-2-0-0.js100%100%100%100%
   cvss-v2.0.js100%100%100%100%
   cvss-v3.0.js100%100%100%100%
   cvss-v3.1.js100%100%100%100%
   cvss-v4.0.1.js100%100%100%100%
   draft-07-schema.js100%100%100%100%
   format-assertion.js100%100%100%100%
   meta.js100%100%100%100%
csaf_2_1/informativeTests
   informativeTest_6_3_1.js100%100%100%100%
   informativeTest_6_3_12.js100%100%100%100%
   informativeTest_6_3_2.js100%100%100%100%
   informativeTest_6_3_4.js100%100%100%100%
csaf_2_1/mandatoryTests
   mandatoryTest_6_1_1.js44.75%77.78%37.50%43.88%100–116, 127–167, 175–186, 194–212, 220–238, 246–268, 71–89, 92–99
   mandatoryTest_6_1_10.js99.64%96.97%100%100%179
   mandatoryTest_6_1_11.js89.72%80%100%90.63%54–56, 64–71
   mandatoryTest_6_1_13.js99.53%96.15%100%100%137
   mandatoryTest_6_1_27_12.js100%100%100%100%
   mandatoryTest_6_1_27_14.js100%100%100%100%
   mandatoryTest_6_1_27_15.js100%100%100%100%
   mandatoryTest_6_1_27_16.js100%100%100%100%
   mandatoryTest_6_1_27_17.js99.15%93.75%100%100%80
   mandatoryTest_6_1_27_18.js99.15%93.75%100%100%80
   mandatoryTest_6_1_27_19.js92.31%80%100%94.06%79–80, 82–88
   mandatoryTest_6_1_34.js95.92%81.82%100%97.65%55–57, 77
   mandatoryTest_6_1_35.js100%100%100%100%
   mandatoryTest_6_1_36.js97.10%72.22%100%99.10%146–148, 156, 183, 185, 199
   mandatoryTest_6_1_37.js76.39%58.33%66.67%77.52%150, 150–174, 179, 183, 187–191, 194–214
   mandatoryTest_6_1_39.js100%100%100%100%
   mandatoryTest_6_1_40.js100%100%100%100%
   mandatoryTest_6_1_41.js100%100%100%100%
   mandatoryTest_6_1_43.js87.78%88.24%80%87.94%131–132, 142–149, 183–198
   mandatoryTest_6_1_45.js100%100%100%100%
   mandatoryTest_6_1_51.js100%100%100%100%
   mandatoryTest_6_1_52.js100%100%100%100%
   mandatoryTest_6_1_6.js100%100%100%100%
   mandatoryTest_6_1_7.js100%100%100%100%
   mandatoryTest_6_1_8.js53.97%100%0%54.03%100–124, 68–99
   mandatoryTest_6_1_9.js65.46%60%100%65.14%102–105, 149–172, 190, 194, 199–246, 264–282, 88–91, 95–98
   mandatoryTests_6_1_38.js100%100%100%100%
csaf_2_1/recommendedTests
   recommendedTest_6_2_1.js100%100%100%100%
   recommendedTest_6_2_10.js70%100%0%75%7–8
   recommendedTest_6_2_11.js70%100%0%75%7–8
   recommendedTest_6_2_12.js100%100%100%100%
   recommendedTest_6_2_13.js100%100%100%100%
   recommendedTest_6_2_14.js100%100%100%100%
   recommendedTest_6_2_15.js100%100%100%100%
   recommendedTest_6_2_16.js100%100%100%100%
   recommendedTest_6_2_17.js100%100%100%100%
   recommendedTest_6_2_18.js100%100%100%100%
   recommendedTest_6_2_19.js70%100%0%75%7–8
   recommendedTest_6_2_2.js100%100%100%100%
   recommendedTest_6_2_20.js94.44%66.67%100%100%19, 23
   recommendedTest_6_2_22.js100%100%100%100%
   recommendedTest_6_2_23.js100%100%100%100%
   recommendedTest_6_2_25.js100%100%100%100%
   recommendedTest_6_2_27.js97.24%82.61%100%98.96%124–126, 141, 145, 166
   recommendedTest_6_2_28.js100%100%100%100%
   recommendedTest_6_2_29.js100%100%100%100%
   recommendedTest_6_2_3.js97.67%87.50%100%98.70%63–64
   recommendedTest_6_2_30.js100%100%100%100%
   recommendedTest_6_2_38.js100%100%100%100%
   recommendedTest_6_2_4.js100%100%100%100%
   recommendedTest_6_2_43.js100%100%100%100%
   recommendedTest_6_2_5.js100%100%100%100%
   recommendedTest_6_2_6.js100%100%100%100%
   recommendedTest_6_2_7.js100%100%100%100%
   recommendedTest_6_2_8.js100%100%100%100%
   recommendedTest_6_2_9.js100%100%100%100%
csaf_2_1/schemaTests
   csaf_2_1.js93.10%100%100%92.31%22–23
   csaf_2_1_strict.js93.10%100%100%92.31%22–23
csaf_2_1/schemaTests/csaf_2_1
   schema.js100%100%100%100%
csaf_2_1/schemaTests/csaf_2_1_strict
   schema.js100%100%100%100%
lib
   cwec.js100%100%100%100%
   informativeTests.js100%100%100%100%
   mandatoryTests.js100%100%100%100%
   optionalTests.js100%100%100%100%
   schemaTests.js100%100%100%100%
   strip.js100%100%100%100%
   validate.js100%100%100%100%
lib/cwec
   2.11.js100%100%100%100%
   3.0.js100%100%100%100%
   4.10.js100%100%100%100%
   4.12.js100%100%100%100%
   4.13.js100%100%100%100%
   4.14.js100%100%100%100%
   4.9.js100%100%100%100%
lib/informativeTests
   informativeTest_6_3_1.js100%100%100%100%
   informativeTest_6_3_10.js96.39%90%100%97.18%47–49
   informativeTest_6_3_11.js96.63%91.67%100%97.33%47–49
   informativeTest_6_3_2.js100%100%100%100%
   informativeTest_6_3_3.js100%100%100%100%
   informativeTest_6_3_4.js100%100%100%100%
   informativeTest_6_3_5.js97.96%83.33%100%100%30
   informativeTest_6_3_6.js99.02%95.52%100%99.55%196–198, 222, 402
   informativeTest_6_3_7.js96%87.50%100%97.59%53–55, 61
   informativeTest_6_3_8.js97.66%83.33%100%99.05%239–241, 244, 246, 298–300, 394, 399, 416
   informativeTest_6_3_9.js95.97%89.47%100%96.83%42–44, 54–56
lib/informativeTests/shared
   testURL.js100%100%100%100%
lib/mandatoryTests
   mandatoryTest_6_1_1.js100%100%100%100%
   mandatoryTest_6_1_10.js98.60%92.59%100%100%106, 97
   mandatoryTest_6_1_11.js100%100%100%100%
   mandatoryTest_6_1_12.js100%100%100%100%
   mandatoryTest_6_1_13.js99.28%95.83%100%100%109
   mandatoryTest_6_1_14.js100%100%100%100%
   mandatoryTest_6_1_15.js100%100%100%100%
   mandatoryTest_6_1_16.js100%100%100%100%
   mandatoryTest_6_1_17.js100%100%100%100%
   mandatoryTest_6_1_18.js100%100%100%100%
   mandatoryTest_6_1_19.js100%100%100%100%
   mandatoryTest_6_1_2.js98%87.50%100%100%110, 52, 68
   mandatoryTest_6_1_20.js100%100%100%100%
   mandatoryTest_6_1_21.js100%100%100%100%
   mandatoryTest_6_1_22.js100%100%100%100%
   mandatoryTest_6_1_23.js98.44%92.31%100%100%39
   mandatoryTest_6_1_24.js96.63%83.33%100%100%50, 62, 64
   mandatoryTest_6_1_25.js98.94%93.75%100%100%139, 144
   mandatoryTest_6_1_26.js100%100%100%100%
   mandatoryTest_6_1_27_1.js100%100%100%100%
   mandatoryTest_6_1_27_10.js95.58%80.95%100%98.90%52, 54, 57–59
   mandatoryTest_6_1_27_11.js100%100%100%100%
   mandatoryTest_6_1_27_2.js100%100%100%100%
   mandatoryTest_6_1_27_3.js100%100%100%100%
   mandatoryTest_6_1_27_4.js100%100%100%100%
   mandatoryTest_6_1_27_5.js100%100%100%100%
   mandatoryTest_6_1_27_6.js100%100%100%100%
   mandatoryTest_6_1_27_7.js100%100%100%100%
   mandatoryTest_6_1_27_8.js100%100%100%100%
   mandatoryTest_6_1_27_9.js98.82%94.87%100%100%55, 92
   mandatoryTest_6_1_28.js100%100%100%100%
   mandatoryTest_6_1_29.js100%100%100%100%
   mandatoryTest_6_1_3.js100%100%100%100%
   mandatoryTest_6_1_30.js100%100%100%100%
   mandatoryTest_6_1_31.js100%100%100%100%
   mandatoryTest_6_1_32.js100%100%100%100%
   mandatoryTest_6_1_33.js100%100%100%100%
   mandatoryTest_6_1_4.js100%100%100%100%
   mandatoryTest_6_1_5.js81.36%100%75%79.21%100–101, 81–99
   mandatoryTest_6_1_6.js100%100%100%100%
   mandatoryTest_6_1_7.js97.54%90.63%100%100%62, 77, 81
   mandatoryTest_6_1_8.js94.02%72.22%100%97.96%61–63, 74, 77, 86, 89
   mandatoryTest_6_1_9.js100%100%100%100%
lib/mandatoryTests/shared
   docUtils.js98.60%92.68%100%100%139, 56, 72
lib/optionalTests
   optionalTest_6_2_1.js98.76%91.30%100%99.72%134, 145, 302, 348–349
   optionalTest_6_2_10.js100%100%100%100%
   optionalTest_6_2_11.js100%100%100%100%
   optionalTest_6_2_12.js100%100%100%100%
   optionalTest_6_2_13.js100%100%100%100%
   optionalTest_6_2_14.js100%100%100%100%
   optionalTest_6_2_15.js100%100%100%100%
   optionalTest_6_2_16.js95.95%89.47%100%96.85%114–116, 88–90
   optionalTest_6_2_17.js100%100%100%100%
   optionalTest_6_2_18.js96.84%92.31%100%97.50%48–50
   optionalTest_6_2_19.js96.05%83.72%100%98.05%108, 195, 206, 251–256, 79, 88, 90
   optionalTest_6_2_2.js98.35%92.31%100%99.07%91–92
   optionalTest_6_2_20.js94.59%71.43%100%100%19, 23
   optionalTest_6_2_3.js100%100%100%100%
   optionalTest_6_2_4.js100%100%100%100%
   optionalTest_6_2_5.js100%100%100%100%
   optionalTest_6_2_6.js100%100%100%100%
   optionalTest_6_2_7.js100%100%100%100%
   optionalTest_6_2_8.js100%100%100%100%
   optionalTest_6_2_9.js100%100%100%100%
lib/optionalTests/shared
   checkForUnsafeHashAlgorithms.js98.55%88.89%100%100%31
lib/schemaTests
   csaf_2_0.js96.88%80%100%100%23
   csaf_2_0_strict.js96.88%80%100%100%23
lib/schemaTests/csaf_2_0
   schema.js100%100%100%100%
lib/schemaTests/csaf_2_0_strict
   schema.js100%100%100%100%
lib/shared
   bcpLanguageTagChecker.js100%100%100%100%
   csafAjv.js100%100%100%100%
   csafHelpers.js100%100%100%100%
   cvss2.js98.39%84.62%100%99.41%115, 120–122, 125, 9
   cvss3.js100%100%100%100%
   cvss4.js98.71%88.89%83.33%99.11%1022–1028, 1057–1059, 1087, 1112, 1115
   cwec.js100%100%100%100%
   dateHelper.js95.45%80%100%100%16–17
   first.js100%100%100%100%
   sortObjectKeys.js100%100%100%100%
lib/shared/bcpLanguageTagChecker
   extensions.js100%100%100%100%
   subtags.js100%100%100%100%
lib/shared/csafHelpers
   walkHashes.js100%100%100%100%
schemas
   cvss-v2.0.js100%100%100%100%
   cvss-v3.0.js100%100%100%100%
   cvss-v3.1.js100%100%100%100%

rainer-exxcellent
rainer-exxcellent reviewed Oct 22, 2025
View reviewed changes
Copy link
Contributor

@rainer-exxcellent rainer-exxcellent left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In test Recommended Test: Additional Properties (failing example 1)
the same error seams to be added twice

@bendo-eXX
Copy link
Contributor Author

bendo-eXX commented Nov 4, 2025

In test Recommended Test: Additional Properties (failing example 1) the same error seams to be added twice

This issue occurs because the csaf_2_1_strict/schema.json uses oneOf for cvss_v3. However, if the test file matches both schemas, both validations fail — resulting in two error messages.

@rainer-exxcellent rainer-exxcellent self-requested a review November 10, 2025 14:44
rainer-exxcellent
rainer-exxcellent approved these changes Nov 10, 2025
View reviewed changes
Copy link
Contributor

@rainer-exxcellent rainer-exxcellent left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bendo-eXX bendo-eXX assigned tschmidtb51 and unassigned bendo-eXX Nov 18, 2025
tschmidtb51
tschmidtb51 requested changes Feb 13, 2026
View reviewed changes
Copy link
Contributor

@tschmidtb51 tschmidtb51 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please see my comments.

*Note: CVSSv4 might change again - depending on @domachine investigation. I suggest to leave that PR for now and update once oasis-tcs/csaf#1287 is resolved.

csaf_2_1/csafAjv/cvss-v4.0.1.js
Comment on lines +195 to +200
baseScore: { $ref: '#/definitions/noneScoreType' },
baseSeverity: { $ref: '#/definitions/noneSeverityType' },
threatScore: { $ref: '#/definitions/noneScoreType' },
threatSeverity: { $ref: '#/definitions/noneSeverityType' },
environmentalScore: { $ref: '#/definitions/noneScoreType' },
environmentalSeverity: { $ref: '#/definitions/noneSeverityType' },
Copy link
Contributor

@tschmidtb51 tschmidtb51 Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not part of the CVSSv4!

csaf_2_1/csafAjv/cvss-v4.0.1.js
'JSON Schema for Common Vulnerability Scoring System version 4.0, Revision 1',
$id: 'https://www.first.org/cvss/cvss-v4.0.1.json?20250704',
type: 'object',
additionalProperties: false,
Copy link
Contributor

@tschmidtb51 tschmidtb51 Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can't use additionalProperties if there are multiple schemas involved.

Suggested change
additionalProperties: false,
unevaluatedProperties: false,

csaf_2_1/recommendedTests/recommendedTest_6_2_20.js
if (!validateStrictSchema(doc)) {
const additionalPropertiesErrors =
validateStrictSchema.errors?.filter(
(e) => e.keyword === 'additionalProperties'
Copy link
Contributor

@tschmidtb51 tschmidtb51 Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please check whether that is still true for CVSSv4.

@tschmidtb51 tschmidtb51 marked this pull request as draft February 13, 2026 22:32
@tschmidtb51 tschmidtb51 assigned bendo-eXX and unassigned tschmidtb51 Feb 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tschmidtb51 tschmidtb51 tschmidtb51 requested changes

@rainer-exxcellent rainer-exxcellent rainer-exxcellent approved these changes

Requested changes must be addressed to merge this pull request.

Assignees

@bendo-eXX bendo-eXX

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CSAF-2.1: Recommended Test 6.2.20

3 participants

@bendo-eXX @tschmidtb51 @rainer-exxcellent