Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarification on why test case 6-1-31-12 in CSAF2.0 is supposed to be valid #825

Open
oxisto opened this issue Nov 9, 2024 · 4 comments · May be fixed by #839
Open

Clarification on why test case 6-1-31-12 in CSAF2.0 is supposed to be valid #825

oxisto opened this issue Nov 9, 2024 · 4 comments · May be fixed by #839
Assignees
@tschmidtb51
Labels
csaf 2.0 csaf 2.0 work csaf 2.1 csaf 2.1 work editor-revision already worked on in the editor revision editorial mostly nits and consistency

Comments

@oxisto
Copy link

oxisto commented Nov 9, 2024
edited
Loading

I am struggling to understand why https://github.com/oasis-tcs/csaf/blob/master/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-31-12.json is supposed to be valid. It contains the product version string after-eight, which is (in my opinion) a clear violation of the test as its written, since the test specifies that the following strings should not be contained in the name:

<
<=
>
>=
after
all
before
earlier
later
prior
versions

The exact wording is "To implement this test it is deemed sufficient that, when converted to lower case, the value of name does not contain any of the following strings". after-eight clearly contains the string after.

I suspect that what is meant that they should not be present as individual tokens separated by whitespace, e.g. "after-eight" is valid and "after eight" is not. However, that is not what the test specifies and it is also treacherous ground because words as well as symbols are included in the "exclude list", so if one chooses to tokenize according to words, e.g. with whitespaces "> 4.2" would be invalid, but ">4.2" would not be. And even then if you consider "word boundaries" in terms of Regex, "after-eight" would still be considered two words and not one.
@oxisto oxisto changed the title Why is test case 6-1-31-12 in CSAF2.0 valid? Clarification on why test case 6-1-31-12 in CSAF2.0 is supposed to be valid Nov 9, 2024
@tschmidtb51 tschmidtb51 added csaf 2.0 csaf 2.0 work editorial mostly nits and consistency csaf 2.1 csaf 2.1 work labels Nov 12, 2024
@tschmidtb51
Copy link
Contributor

I guess that is also relevant for CSAF 2.1. Indeed, this is not clearly stated what was meant:

  • For the operators: The existence needs to be checked.
  • For the words: The string can't be part of another word.

So "overall" is not in scope but "all other" would be.

@tschmidtb51
Copy link
Contributor

@oxisto If you have a suggestion, how to improve the wording, please state it in this issue.

@oxisto
Copy link
Author

oxisto commented Nov 12, 2024
edited
Loading

To implement this test it is deemed sufficient that, when converted to lower case, the value of name

a) does not contain any of the following operators:

<
<=
>
>=

b) and when interpreted as individual words (separated by whitespace) does not contain the following keywords:

after
all
before
earlier
later
prior
versions

@oxisto
Copy link
Author

oxisto commented Nov 12, 2024

@oxisto If you have a suggestion, how to improve the wording, please state it in this issue.

I gave it a try, not 100 % happy with that yet, I would also suggest to include the "overall" example, that I think makes it quite clear what is meant.

tschmidtb51 added a commit to tschmidtb51/csaf that referenced this issue Nov 18, 2024
@tschmidtb51 @oxisto
Test 6.1.31
611e797 
- addresses parts of oasis-tcs#825
- improve wording in prose

Co-authored-by: Christian Banse <christian.banse@aisec.fraunhofer.de>
tschmidtb51 added a commit to tschmidtb51/csaf that referenced this issue Nov 18, 2024
@tschmidtb51
Test 6.1.31
9458e49 
- addresses parts of oasis-tcs#825
- add additional valid example
@tschmidtb51 tschmidtb51 mentioned this issue Nov 18, 2024
Merged
@tschmidtb51 tschmidtb51 added the editor-revision already worked on in the editor revision label Nov 18, 2024
@tschmidtb51 tschmidtb51 self-assigned this Nov 18, 2024
tschmidtb51 added a commit to tschmidtb51/csaf that referenced this issue Dec 2, 2024
@tschmidtb51 @oxisto
Test 6.1.31
a8d58d5 
- addresses parts of oasis-tcs#825
- improve wording in prose

Co-authored-by: Christian Banse <christian.banse@aisec.fraunhofer.de>
tschmidtb51 added a commit to tschmidtb51/csaf that referenced this issue Dec 2, 2024
@tschmidtb51
Test 6.1.31
b03b348 
- addresses parts of oasis-tcs#825
- add additional valid example
@tschmidtb51 tschmidtb51 linked a pull request Dec 2, 2024 that will close this issue
Open
@sthagen sthagen mentioned this issue Dec 6, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tschmidtb51 tschmidtb51

Labels
csaf 2.0 csaf 2.0 work csaf 2.1 csaf 2.1 work editor-revision already worked on in the editor revision editorial mostly nits and consistency
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Editor revision for TC meeting 2024-11-27 oasis-tcs/csaf
2 participants
@oxisto @tschmidtb51