Skip to content

feat: add test 6.1.26 #214

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
peinjoh wants to merge 7 commits into
base: main
Choose a base branch
from
Open

feat: add test 6.1.26 #214

peinjoh wants to merge 7 commits into from

Conversation

@peinjoh
Copy link
Contributor

@peinjoh peinjoh commented Dec 9, 2025
edited
Loading

Resolves #99

@peinjoh peinjoh requested a review from a team as a code owner December 9, 2025 16:57
tziemek
tziemek requested changes Dec 11, 2025
View reviewed changes
csaf-rs/src/csaf_traits.rs
}

pub fn from_string(category: &str) -> Self {
match category {
Copy link
Contributor

@tziemek tziemek Dec 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we do a to_lower here? I would expect it to match if the casing is different.

Copy link
Contributor Author

@peinjoh peinjoh Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would argue that that is explicitly not the case. Test 6.1.26 and the profile tests (6.1.27.x) that make heavy use of this mention an explicit list of document category strings to be checked against. Example from 6.1.26 from CSAF 2.0:

For CSAF 2.0, the test must be skipped for the following values in /document/category:

  csaf_base
  csaf_security_incident_response
  csaf_informational_advisory
  csaf_security_advisory
  csaf_vex

In the context of 6.1.26, csaf_vEx should hit the "leading csaf_ substring without being known document category" error and Csaf_vex and Csaf_Vex should hit the "document category too similar to 'csaf_vex'" error.

Copy link
Contributor Author

@peinjoh peinjoh Dec 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tschmidtb51 will discussing this with @tziemek, we came up on two cases that we are unsure how to handle:

First, if the category string is csafvex, there isn't a reserved prefix csaf_, so we would lowercase it for the case-insensitive comparison, remove all whitespace, hyphen and underscore, of which there are none, so the value for the comparison is csafvex.

This would be compared to csaf_vex, which when applied the same steps, gives the value for the comparison vex.

The comparison would be csafvex vs vex, which would not match, and so csafvex would be a valid value.

We could circumvent this by removing all remove all whitespace, hyphen and underscores first, then checking for the csaf (without the appended _) prefix, then lowercasing.

But for this, we would need to look a csaf prefix instead of a csaf_ prefix.

Second, we are unsure if how casing should be handled when the case-insensitive characters are all correct, i.e. Csaf_vex, Csaf_Vex, csaf_Vex. In chapter 4.1, the following is given:

The value of /document/category SHALL NOT be equal to any value that is intended to only be used by another profile nor to the (case insensitive) name of any other profile from the standard.

Does the "(case insensitive)" apply to the "any value that is intended to only be used by another profile" here too?

@peinjoh peinjoh added the question Further information is requested label Dec 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tziemek tziemek tziemek requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

question Further information is requested

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement 6.1.26 Prohibited Document Category Name

3 participants

@peinjoh @tziemek