Added official testcases and improved mandatory checks

giterlizzi · Mar 4, 2024 · 0e5d964 · 0e5d964
1 parent f18d8b3
commit 0e5d964
Show file tree

Hide file tree

Showing 255 changed files with 13,464 additions and 365 deletions.
diff --git a/MANIFEST b/MANIFEST
diff --git a/lib/CSAF.pm b/lib/CSAF.pm
@@ -11,9 +11,9 @@ use CSAF::Renderer;
 
 use CSAF::Document;
 
-use overload '""' => 'to_string';
+use overload '""' => \&to_string, fallback => 1;
 
-our $VERSION = '0.11';
+our $VERSION = '0.12';
 
 our $CACHE = {};
 
@@ -51,3 +51,135 @@ sub to_string { shift->renderer->render }
 sub TO_JSON   { shift->builder->TO_JSON }
 
 1;
+
+__END__
+
+=head1 NAME
+
+CSAF - Common Security Advisory Framework
+
+=head1 SYNOPSIS
+
+    use CSAF;
+
+    my $csaf = CSAF->new;
+
+    $csaf->document->title('Base CSAF Document');
+    $csaf->document->category('csaf_security_advisory');
+    $csaf->document->publisher(category => 'vendor', name => 'CSAF', namespace => 'https://csaf.io');
+
+    my $tracking = $csaf->document->tracking(
+        id                   => 'CSAF:2023-001',
+        status               => 'final',
+        version              => '1.0.0',
+        initial_release_date => 'now',
+        current_release_date => 'now'
+    );
+
+    $tracking->revision_history->add(date => 'now', summary => 'First release', number => '1');
+
+
+=head1 DESCRIPTION
+
+The Common Security Advisory Framework (CSAF) Version 2.0 is the definitive reference for the language which supports
+creation, update, and interoperable exchange of security advisories as structured information on products,
+vulnerabilities and the status of impact and remediation among interested parties.
+
+
+=head2 CSAF PROPERTIES
+
+=over
+
+=item document
+
+Return L<CSAF::Type::Document>.
+
+=item product_tree
+
+Return L<CSAF::Type::ProductTree>.
+
+=item vulnerabilities
+
+Return L<CSAF::Type::Vulnerabilities>.
+
+=back
+
+
+=head2 HELPERS
+
+=over
+
+=item TO_JSON
+
+=item builder
+
+Return L<CSAF::Builder>.
+
+=item render
+
+Alias for C<renderer-E<gt>render($format)>.
+
+    my $doc = $csaf->render('html');
+
+=item renderer
+
+Return L<CSAF::Renderer>.
+
+    my $doc = $csaf->renderer->render('html');
+
+=item validate
+
+Alias for C<validator-E<gt>validate>.
+
+=item validator
+
+Return L<CSAF::Validator>.
+
+=item to_string
+
+Render CSAF document.
+
+    my $json = $csaf->to_string;
+
+=item writer
+
+Return L<CSAF::Writer>.
+
+=back
+
+
+=head1 SUPPORT
+
+=head2 Bugs / Feature Requests
+
+Please report any bugs or feature requests through the issue tracker
+at L<https://github.com/giterlizzi/perl-CSAF/issues>.
+You will be notified automatically of any progress on your issue.
+
+=head2 Source Code
+
+This is open source software.  The code repository is available for
+public review and contribution under the terms of the license.
+
+L<https://github.com/giterlizzi/perl-CSAF>
+
+    git clone https://github.com/giterlizzi/perl-CSAF.git
+
+
+=head1 AUTHOR
+
+=over 4
+
+=item * Giuseppe Di Terlizzi <[email protected]>
+
+=back
+
+
+=head1 LICENSE AND COPYRIGHT
+
+This software is copyright (c) 2023-2024 by Giuseppe Di Terlizzi.
+
+This is free software; you can redistribute it and/or modify it under
+the same terms as the Perl 5 programming language system itself.
+
+=cut
diff --git a/lib/CSAF/Base.pm b/lib/CSAF/Base.pm
@@ -25,3 +25,63 @@ has csaf => (
 );
 
 1;
+
+__END__
+
+=head1 NAME
+
+CSAF::Base - CSAF base class
+
+
+=head1 DESCRIPTION
+
+CSAF base class.
+
+
+=head2 ATTRIBUTES
+
+=over
+
+=item csaf
+
+    $app->csaf(CSAF->new);
+
+
+=back
+
+
+=head1 SUPPORT
+
+=head2 Bugs / Feature Requests
+
+Please report any bugs or feature requests through the issue tracker
+at L<https://github.com/giterlizzi/perl-CSAF/issues>.
+You will be notified automatically of any progress on your issue.
+
+=head2 Source Code
+
+This is open source software.  The code repository is available for
+public review and contribution under the terms of the license.
+
+L<https://github.com/giterlizzi/perl-CSAF>
+
+    git clone https://github.com/giterlizzi/perl-CSAF.git
+
+
+=head1 AUTHOR
+
+=over 4
+
+=item * Giuseppe Di Terlizzi <[email protected]>
+
+=back
+
+
+=head1 LICENSE AND COPYRIGHT
+
+This software is copyright (c) 2023-2024 by Giuseppe Di Terlizzi.
+
+This is free software; you can redistribute it and/or modify it under
+the same terms as the Perl 5 programming language system itself.
+
+=cut
diff --git a/lib/CSAF/List.pm b/lib/CSAF/List.pm
@@ -6,6 +6,8 @@ use warnings;
 
 use Moo;
 
+use overload '@{}' => \&to_array, fallback => 1;
+
 has items => (is => 'rw', default => sub { [] });
 
 around BUILDARGS => sub {
@@ -30,14 +32,30 @@ sub each {
 
 }
 
+sub grep {
+    my ($self, $callback) = @_;
+    return $self->new(grep { $_->$callback(@_) } @{$self->items});
+}
+
+sub map {
+    my ($self, $callback) = @_;
+    return $self->new(map { $_->$callback(@_) } @{$self->items});
+}
+
+sub tap {
+    my ($self, $callback) = @_;
+    $_->$callback(@_) for (@{$self->items});
+    return $self;
+}
+
 sub to_array { [@{shift->items}] }
 
 sub item { push @{shift->items}, shift }
 sub add  { shift->item(@_) }
 
 sub first { shift->items->[0] }
 sub last  { shift->items->[-1] }
-sub join  { join($_[1], $_[0]->items) }
+sub join  { join($_[1] // '', @{$_[0]->items}) }
 
 sub TO_JSON { [@{shift->items}] }
 
@@ -82,10 +100,21 @@ Evaluate callback for each element in collection.
 
     my $collection = $c->each(sub {...});
 
+    $c->each(sub {
+        my ($value, $idx) = @_;
+        [...]
+    });
+
 =item first
 
 Get the first element of collection.
 
+=item grep
+
+Filter items.
+
+    my $filtered = $c->grep(sub { $_ eq 'foo' });
+
 =item item
 
 Add a new item in collection.
@@ -107,6 +136,12 @@ Join elements in collection.
 
 Get the last element of collection.
 
+=item map
+
+Evalutate the callback and create a new collection.
+
+    CSAF::List->new(1,2,3)->map(sub { $_ * 2 });
+
 =item new
 
 Create a new collection.

diff --git a/lib/CSAF/Parser.pm b/lib/CSAF/Parser.pm
@@ -31,7 +31,8 @@ sub parse {
         $csaf->document->title($document->{title});
         $csaf->document->category($document->{category});
         $csaf->document->csaf_version($document->{csaf_version});
-        $csaf->document->lang($document->{lang}) if ($document->{lang});
+        $csaf->document->lang($document->{lang})               if ($document->{lang});
+        $csaf->document->source_lang($document->{source_lang}) if ($document->{source_lang});
 
         if (my $aggregate_severity = $document->{aggregate_severity}) {
             $csaf->document->aggregate_severity(%{$aggregate_severity});
@@ -112,6 +113,10 @@ sub parse {
                 $vuln->involvements->item(%{$_}) for (@{$involvements});
             }
 
+            if (my $flags = $vulnerability->{flags}) {
+                $vuln->flags->item(%{$_}) for (@{$flags});
+            }
+
         }
     }
 
@@ -127,6 +132,15 @@ sub parse {
         if (my $relationships = $product_tree->{relationships}) {
             $csaf_product_tree->relationships->item(%{$_}) for (@{$relationships});
         }
+
+        if (my $product_groups = $product_tree->{product_groups}) {
+            $csaf_product_tree->product_groups->item(%{$_}) for (@{$product_groups});
+        }
+
+        if (my $full_product_names = $product_tree->{full_product_names}) {
+            $csaf_product_tree->full_product_names->item(%{$_}) for (@{$full_product_names});
+        }
+
     }
 
     return $csaf;

diff --git a/lib/CSAF/Type.pm b/lib/CSAF/Type.pm
@@ -20,6 +20,8 @@ use constant TYPE_CLASSES => {
     engine                        => 'CSAF::Type::Engine',
     file_hash                     => 'CSAF::Type::FileHash',
     file_hashes                   => 'CSAF::Type::FileHashes',
+    flag                          => 'CSAF::Type::Flag',
+    flags                         => 'CSAF::Type::Flags',
     full_product_name             => 'CSAF::Type::FullProductName',
     full_product_names            => 'CSAF::Type::FullProductNames',
     generator                     => 'CSAF::Type::Generator',

diff --git a/lib/CSAF/Type/CVSS2.pm b/lib/CSAF/Type/CVSS2.pm
@@ -8,9 +8,9 @@ use Moo;
 
 extends 'CSAF::Type::Base';
 
-has version      => (is => 'ro', default  => '2.0');
-has vectorString => (is => 'ro', required => 1);
-has baseScore    => (is => 'ro', required => 1, coerce => sub { ($_[0] + 0) });
+has version      => (is => 'ro', default => '2.0');
+has vectorString => (is => 'ro');
+has baseScore    => (is => 'ro', coerce => sub { ($_[0] + 0) });
 
 has [qw(
     accessVector

diff --git a/lib/CSAF/Type/CVSS3.pm b/lib/CSAF/Type/CVSS3.pm
@@ -18,9 +18,9 @@ has version => (
     isa     => sub { Carp::croak "CVSS3 version must be 3.0 or 3.1" unless ($_[0] eq '3.0' || $_[0] eq '3.1') }
 );
 
-has vectorString => (is => 'rw', required => 1, coerce => sub { uc $_[0] });
-has baseScore    => (is => 'rw', required => 1, coerce => sub { ($_[0] + 0) });
-has baseSeverity => (is => 'rw', required => 1, coerce => sub { uc $_[0] });
+has vectorString => (is => 'rw', coerce => sub { uc $_[0] });
+has baseScore    => (is => 'rw', coerce => sub { ($_[0] + 0) });
+has baseSeverity => (is => 'rw', coerce => sub { uc $_[0] });
 
 has [qw(
     attackVector