File: 10-mandatory-6.1.08.t

package info (click to toggle)
libcsaf-perl 0.26-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 2,280 kB
  • sloc: perl: 7,583; makefile: 2
file content (47 lines) | stat: -rw-r--r-- 1,110 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
#!perl

use 5.010001;
use strict;
use warnings;
use Test::More;

use FindBin '$RealBin';
use lib "$RealBin/lib";

use Test::CSAF qw(base_csaf_security_advisory exec_validator_mandatory_test);
use CSAF::Validator::MandatoryTests;

# 6.1.8 Invalid CVSS

# It MUST be tested that the given CVSS object is valid according to the referenced schema.

# The relevant paths for this test are:

#   /vulnerabilities[]/scores[]/cvss_v2
#   /vulnerabilities[]/scores[]/cvss_v3

# Fail test:

#  "cvss_v3": {
#    "version": "3.1",
#    "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
#    "baseScore": 6.5
#  }

my $csaf = base_csaf_security_advisory();

$csaf->product_tree->full_product_names->add(name => 'Product A', product_id => 'CSAFPID-9080700');

my $vulns = $csaf->vulnerabilities;
my $vuln  = $vulns->add(cve => 'CVE-2023-00000');

# Check CVSS (2.0 and 3.x) JSON Schema

$vuln->scores->add(
    products => ['CSAFPID-9080700'],
    cvss_v2  => {baseScore => 6.5, vectorString => 'CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H'}
);

exec_validator_mandatory_test($csaf, '6.1.8');

done_testing;