├── .editorconfig ├── .gitattributes ├── .github └── workflows │ ├── csaf_2.0_cpe.yml │ ├── csaf_2.0_filenames.yml │ ├── csaf_2.0_main.yml │ ├── csaf_2.0_mandatory-tests.yml │ ├── csaf_2.0_validator.yml │ ├── csaf_2.1_cpe.yml │ ├── csaf_2.1_filenames.yml │ ├── csaf_2.1_main.yml │ ├── csaf_2.1_mandatory-tests.yml │ ├── csaf_2.1_translations.yml │ └── csaf_2.1_validator.yml ├── .gitignore ├── CONTRIBUTING.md ├── LICENSE.md ├── README.md ├── archive ├── issue_processing │ ├── oasis-jira-tc-states-and-transistions-verbs-semantic.dot │ ├── tc-csaf_issue-processing-workflow_states-and-transitions.Rmd │ ├── tc-csaf_issue-processing-workflow_states-and-transitions.pdf │ └── tc_flow.png └── meeting_minutes │ ├── 2016 Meetings │ ├── 20161116_meeting-1 │ │ ├── csaf-minutes-20161116+meeting.1.html │ │ └── csaf-minutes-20161116+meeting.1.html.minisig │ └── 20161214_meeting-2 │ │ ├── csaf-minutes-20161214-meeting-2.html │ │ └── csaf-minutes-20161214-meeting-2.html.minisig │ ├── 2017 Meetings │ ├── 20170126_meeting-3 │ │ ├── csaf-minutes-20170125-meeting-3.html │ │ └── csaf-minutes-20170125-meeting-3.html.minisig │ ├── 20170222_meeting-4 │ │ ├── csaf-minutes-20170222-meeting-4.html │ │ └── csaf-minutes-20170222-meeting-4.html.minisig │ ├── 20170329_meeting-5 │ │ ├── csaf-minutes-20170329-meeting-5.html │ │ └── csaf-minutes-20170329-meeting-5.html.minisig │ ├── 20170426_meeting-6 │ │ ├── csaf-minutes-20170426-meeting-6.html │ │ └── csaf-minutes-20170426-meeting-6.html.minisig │ ├── 20170531_meeting-7 │ │ ├── csaf-minutes-20170531-meeting-7.html │ │ └── csaf-minutes-20170531-meeting-7.html.minisig │ ├── 20170628_meeting-8 │ │ ├── csaf-minutes-20170628-meeting-8.html │ │ └── csaf-minutes-20170628-meeting-8.html.minisig │ ├── 20170830_meeting-9 │ │ ├── csaf-minutes-20170830-meeting-9.html │ │ └── csaf-minutes-20170830-meeting-9.html.minisig │ ├── 20170927_meeting-10 │ │ ├── csaf-minutes-20170927-meeting-10.html │ │ └── csaf-minutes-20170927-meeting-10.html.minisig │ ├── 20171025_meeting-11 │ │ ├── csaf-minutes-20171025-meeting-11.html │ │ └── csaf-minutes-20171025-meeting-11.html.minisig │ └── 20171129_meeting-12 │ │ ├── csaf-minutes-20171129-meeting-12.html │ │ └── csaf-minutes-20171129-meeting-12.html.minisig │ ├── 2018 Meetings │ ├── 20180228_meeting-13 │ │ └── 20180228_meeting-13.md │ ├── 20180328_meeting-14 │ │ └── 20180328_meeting-14.md │ ├── 20180425_meeting-15 │ │ └── 20180425_meeting-15.md │ ├── 20180530_meeting-16 │ │ └── 20180530_meeting-16.md │ ├── 20180627_meeting-17 │ │ └── 20180627_meeting-17.md │ ├── 20180829_meeting-18 │ │ └── Minutes of 2018-08-29 Meeting #18.pdf │ ├── 20181031_meeting-20 │ │ └── Oasis Minutes of 2018-10-31 Meeting#20.pdf │ └── 20181128_meeting-21 │ │ └── CSAF TC Nov 2018 Monthly Meeting.pdf │ └── 2019 Meetings │ ├── Minutes of CSAF Monthly Meeting on 2018-11-28.pdf │ ├── Minutes of CSAF Monthly Meeting on 2019-01-09.pdf │ ├── Minutes of CSAF Monthly Meeting on 2019-01-30.pdf │ ├── Minutes of CSAF Monthly Meeting on 2019-02-27.pdf │ ├── Minutes of CSAF Monthly Meeting on 2019-03-27.pdf │ ├── Minutes of CSAF Monthly Meeting on 2019-04-24.pdf │ ├── Minutes of CSAF Monthly Meeting on 2019-5-29-19.pdf │ ├── Minutes of CSAF Monthly Meeting on April 24 2019.pdf │ ├── Minutes of CSAF working Meeting on 2019 -7-17 .pdf │ ├── Minutes of CSAF working Meeting on 2019-07-31.pdf │ ├── Minutes of CSAF working Meeting on 2019-4-10 final.pdf │ └── Minutes of CSAF working Meeting on 2019-5-15-19.pdf ├── csaf_2.0 ├── LICENSE.md ├── README.md ├── comment_resolution │ ├── log_from_cs02.md │ ├── log_from_cs03.md │ ├── log_from_csdpr02.md │ └── log_from_csprd01.md ├── cvrf_1_2_doc_elements.png ├── cvrf_1_2_errata.md ├── examples │ ├── ROLIE │ │ ├── example-01-category.json │ │ ├── example-01-feed-tlp-white.json │ │ ├── example-01-service.json │ │ └── example-02-service.json │ ├── aggregator │ │ ├── example-01-aggregator.json │ │ ├── example-02-aggregator.json │ │ └── example-03-aggregator.json │ ├── csaf │ │ ├── bsi-2022-0001.json │ │ ├── cisco-sa-20180328-smi2.json │ │ ├── csaf_vex │ │ │ ├── 2022-evd-uc-01-a-001.json │ │ │ ├── 2022-evd-uc-01-f-001.json │ │ │ ├── 2022-evd-uc-01-na-001.json │ │ │ ├── 2022-evd-uc-01-ui-001.json │ │ │ ├── 2022-evd-uc-02-na-001.json │ │ │ ├── 2022-evd-uc-03-ms-001.json │ │ │ ├── 2022-evd-uc-04-001.json │ │ │ ├── 2022-evd-uc-05-001.json │ │ │ ├── 2022-evd-uc-06-001.json │ │ │ ├── 2022-evd-uc-07-001.json │ │ │ ├── 2022-evd-uc-08-001.json │ │ │ ├── 2022-evd-uc-09-001.json │ │ │ ├── README.md │ │ │ └── sec-vex-2022-0001.json │ │ ├── rhsa-2019_1862.json │ │ ├── rhsa-2021_5186.json │ │ ├── rhsa-2021_5217.json │ │ └── rhsa-2022_0011.json │ └── provider-metadata │ │ └── example-01-provider-metadata.json ├── guidance │ ├── cdn.md │ └── faq.md ├── json_schema │ ├── NOTES.md │ ├── aggregator_json_schema.json │ ├── csaf_json_schema.json │ └── provider_json_schema.json ├── known_issues.md ├── prose │ └── csaf-v2-editor-draft.md ├── referenced_schema │ └── first │ │ ├── cvss-v2.0.json │ │ ├── cvss-v2.0_strict.json │ │ ├── cvss-v3.0.json │ │ ├── cvss-v3.0_strict.json │ │ ├── cvss-v3.1.json │ │ └── cvss-v3.1_strict.json ├── register │ ├── dot-well-dash-known-slash │ │ ├── csaf-aggregator.txt │ │ └── csaf.txt │ ├── link-relations │ │ ├── hash.md │ │ └── signature.md │ ├── rolie-information-type │ │ └── csaf.md │ └── security-dot-txt │ │ └── csaf.txt ├── submit │ ├── README.md │ └── pdf │ │ └── submission-request.pdf └── test │ ├── aggregator_schema │ └── run_tests.sh │ ├── cpe │ ├── run_tests.sh │ └── test-regex.js │ ├── csaf_schema │ └── run_tests.sh │ ├── filenames │ ├── data │ │ ├── invalid │ │ │ ├── OASIS_CSAF_TC-CSAF_2.0-2021-5-1-01.json │ │ │ ├── oasis-open_csaf_tc-csaf_20-2021-5-1-02.json │ │ │ └── oasis____csaf_tc-csaf_2_0-2021-5-1-03.json │ │ └── valid │ │ │ ├── oasis_csaf_tc-csaf_2_0-2021-5-1-11.json │ │ │ ├── oasis_csaf_tc-csaf_2_0-2021-5-1-12.json │ │ │ └── oasis_csaf_tc-csaf_2_0-2021-5-1-13.json │ ├── run_invalid_tests.sh │ └── run_tests.sh │ ├── generate_strict_schema.py │ ├── provider_schema │ └── run_tests.sh │ ├── validator.py │ └── validator │ ├── check_testcases.sh │ ├── data │ ├── informative │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-01-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-01-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-01-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-01-12.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-02-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-02-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-02-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-02-12.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-03-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-03-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-03-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-03-12.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-04-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-04-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-04-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-04-12.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-05-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-06-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-06-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-06-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-07-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-07-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-08-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-08-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-08-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-08-12.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-09-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-09-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-09-03.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-09-04.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-09-05.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-09-06.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-09-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-09-12.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-09-13.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-09-14.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-09-15.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-10-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-10-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-3-11-01.json │ │ └── oasis_csaf_tc-csaf_2_0-2021-6-3-11-11.json │ ├── mandatory │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-01-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-02-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-03-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-04-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-05-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-06-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-06-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-06-03.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-06-04.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-06-05.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-06-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-06-12.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-06-13.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-06-14.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-06-15.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-07-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-07-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-07-12.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-08-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-08-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-08-03.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-08-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-08-12.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-08-13.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-08-14.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-09-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-09-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-09-03.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-09-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-09-12.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-09-13.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-10-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-11-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-12-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-13-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-14-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-14-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-14-03.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-14-04.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-14-05.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-14-06.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-14-07.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-14-08.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-14-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-14-12.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-14-13.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-14-14.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-14-15.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-14-16.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-14-17.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-14-18.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-14-19.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-15-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-15-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-15-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-15-12.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-16-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-16-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-16-03.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-16-04.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-16-05.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-16-06.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-16-07.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-16-08.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-16-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-16-12.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-16-13.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-16-14.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-16-15.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-16-16.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-16-17.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-16-18.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-16-19.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-16-31.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-17-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-18-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-19-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-19-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-20-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-21-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-21-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-21-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-21-12.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-21-13.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-22-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-23-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-24-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-24-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-24-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-24-12.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-25-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-26-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-27-01-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-27-02-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-27-03-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-27-04-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-27-05-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-27-06-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-27-07-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-27-08-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-27-09-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-27-09-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-27-09-03.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-27-09-04.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-27-09-05.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-27-09-06.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-27-09-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-27-09-12.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-27-09-13.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-27-09-14.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-27-09-15.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-27-09-16.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-27-10-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-27-11-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-28-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-28-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-29-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-29-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-29-12.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-30-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-30-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-31-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-31-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-31-03.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-31-04.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-31-05.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-31-06.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-31-07.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-31-08.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-31-09.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-31-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-31-12.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-32-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-32-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-1-33-01.json │ │ └── oasis_csaf_tc-csaf_2_0-2021-6-1-33-11.json │ ├── oasis_csaf_tc-csaf_2_0-2021-TEMPLATE.json │ ├── optional │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-01-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-01-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-02-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-03-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-04-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-05-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-06-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-07-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-08-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-08-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-09-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-09-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-10-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-11-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-11-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-12-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-13-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-14-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-14-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-14-03.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-14-04.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-14-05.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-14-06.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-14-07.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-14-08.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-14-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-14-12.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-15-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-15-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-15-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-16-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-16-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-16-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-17-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-17-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-18-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-18-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-19-01.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-19-02.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-19-03.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-19-04.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-19-05.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-19-06.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-19-11.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-19-12.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-19-13.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-19-14.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-19-15.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-19-16.json │ │ ├── oasis_csaf_tc-csaf_2_0-2021-6-2-19-17.json │ │ └── oasis_csaf_tc-csaf_2_0-2021-6-2-20-01.json │ └── testcases.json │ ├── run_tests.sh │ └── testcases_json_schema.json ├── csaf_2.0_errata_01 ├── aggregator_json_schema.json ├── csaf_json_schema.json ├── index.md └── provider_json_schema.json ├── csaf_2.1 ├── LICENSE.md ├── README.md ├── examples │ ├── ROLIE │ │ ├── example-01-category.json │ │ ├── example-01-feed-tlp-white.json │ │ ├── example-01-service.json │ │ └── example-02-service.json │ ├── aggregator │ │ ├── example-01-aggregator.json │ │ ├── example-02-aggregator.json │ │ └── example-03-aggregator.json │ ├── csaf │ │ ├── bsi-2022-0001.json │ │ ├── cisco-sa-20180328-smi2.json │ │ ├── csaf_vex │ │ │ ├── 2022-evd-uc-01-a-001.json │ │ │ ├── 2022-evd-uc-01-f-001.json │ │ │ ├── 2022-evd-uc-01-na-001.json │ │ │ ├── 2022-evd-uc-01-ui-001.json │ │ │ ├── 2022-evd-uc-02-na-001.json │ │ │ ├── 2022-evd-uc-03-ms-001.json │ │ │ ├── 2022-evd-uc-04-001.json │ │ │ ├── 2022-evd-uc-05-001.json │ │ │ ├── 2022-evd-uc-06-001.json │ │ │ ├── 2022-evd-uc-07-001.json │ │ │ ├── 2022-evd-uc-08-001.json │ │ │ ├── 2022-evd-uc-09-001.json │ │ │ ├── README.md │ │ │ └── sec-vex-2022-0001.json │ │ ├── rhsa-2019_1862.json │ │ ├── rhsa-2021_5186.json │ │ ├── rhsa-2021_5217.json │ │ └── rhsa-2022_0011.json │ └── provider-metadata │ │ ├── example-01-provider-metadata.json │ │ ├── example-02-maintained-until-provider-metadata.json │ │ └── example-03-maintained-from-provider-metadata.json ├── json_schema │ ├── NOTES.md │ ├── WHAT_IS_NEW_IN_CSAF_2_1.md │ ├── aggregator.json │ ├── csaf.json │ ├── meta.json │ └── provider.json ├── language_specific_translation │ └── translations.json ├── prose │ ├── README.md │ ├── edit │ │ ├── bin │ │ │ ├── invert_eg_labels.py │ │ │ ├── invert_sec_labels.py │ │ │ ├── png-logo-to-data-url.sh │ │ │ ├── toccata.py │ │ │ └── volatile.py │ │ ├── etc │ │ │ ├── bind.txt │ │ │ ├── example-global-to-local.json │ │ │ ├── example-local-to-global.json │ │ │ ├── markdownlint.json │ │ │ ├── section-display-to-label.json │ │ │ ├── section-label-to-display.json │ │ │ ├── tidy-config.txt │ │ │ └── vale.ini │ │ ├── makefile │ │ └── src │ │ │ ├── acknowledgements.md │ │ │ ├── additional-conventions.md │ │ │ ├── conformance.md │ │ │ ├── design-considerations-00.md │ │ │ ├── design-considerations-01-construction-principles.md │ │ │ ├── design-considerations-02-format-validation.md │ │ │ ├── design-considerations-03-date-time.md │ │ │ ├── distributing-00.md │ │ │ ├── distributing-01-requirements.md │ │ │ ├── distributing-02-roles.md │ │ │ ├── distributing-03-retrieving-rules.md │ │ │ ├── distributing-04-transition-20-21.md │ │ │ ├── frontmatter.md │ │ │ ├── guidance-on-size.md │ │ │ ├── introduction-00.md │ │ │ ├── introduction-01-ipr-policy.md │ │ │ ├── introduction-02-terminology-glossary.md │ │ │ ├── introduction-02-terminology.md │ │ │ ├── introduction-03-normative-references.md │ │ │ ├── introduction-04-informative-references.md │ │ │ ├── introduction-05-typographical-conventions.md │ │ │ ├── profiles.md │ │ │ ├── revision-history.md │ │ │ ├── safety-security-and-data-protection.md │ │ │ ├── schema-elements-00.md │ │ │ ├── schema-elements-01-definitions.md │ │ │ ├── schema-elements-01-defs-01-acknowledgements.md │ │ │ ├── schema-elements-01-defs-02-branches.md │ │ │ ├── schema-elements-01-defs-03-full-product-name.md │ │ │ ├── schema-elements-01-defs-04-language.md │ │ │ ├── schema-elements-01-defs-05-notes.md │ │ │ ├── schema-elements-01-defs-06-product-group-id.md │ │ │ ├── schema-elements-01-defs-07-product-groups.md │ │ │ ├── schema-elements-01-defs-08-product-id.md │ │ │ ├── schema-elements-01-defs-09-products.md │ │ │ ├── schema-elements-01-defs-10-references.md │ │ │ ├── schema-elements-01-defs-11-version.md │ │ │ ├── schema-elements-02-properties.md │ │ │ ├── schema-elements-02-props-01-schema.md │ │ │ ├── schema-elements-02-props-02-document.md │ │ │ ├── schema-elements-02-props-03-product-tree.md │ │ │ ├── schema-elements-02-props-04-vulnerabilities.md │ │ │ ├── table-of-contents.md │ │ │ ├── tests-00.md │ │ │ ├── tests-01-mandatory.md │ │ │ ├── tests-01-mndtr-01-missing-definition-of-product-id.md │ │ │ ├── tests-01-mndtr-02-multiple-definition-of-product-id.md │ │ │ ├── tests-01-mndtr-03-circular-definition-of-product-id.md │ │ │ ├── tests-01-mndtr-04-missing-definition-of-product-group-id.md │ │ │ ├── tests-01-mndtr-05-multiple-definition-of-product-group-id.md │ │ │ ├── tests-01-mndtr-06-contradicting-product-status.md │ │ │ ├── tests-01-mndtr-07-multiple-scores-with-same-version-per-product.md │ │ │ ├── tests-01-mndtr-08-invalid-cvss.md │ │ │ ├── tests-01-mndtr-09-invalid-cvss-computation.md │ │ │ ├── tests-01-mndtr-10-inconsistent-cvss.md │ │ │ ├── tests-01-mndtr-11-cwe.md │ │ │ ├── tests-01-mndtr-12-language.md │ │ │ ├── tests-01-mndtr-13-purl.md │ │ │ ├── tests-01-mndtr-14-sorted-revision-history.md │ │ │ ├── tests-01-mndtr-15-translator.md │ │ │ ├── tests-01-mndtr-16-latest-document-version.md │ │ │ ├── tests-01-mndtr-17-document-status-draft.md │ │ │ ├── tests-01-mndtr-18-released-revision-history.md │ │ │ ├── tests-01-mndtr-19-revision-history-entries-for-pre-release-versions.md │ │ │ ├── tests-01-mndtr-20-non-draft-document-version.md │ │ │ ├── tests-01-mndtr-21-missing-item-in-revision-history.md │ │ │ ├── tests-01-mndtr-22-multiple-definition-in-revision-history.md │ │ │ ├── tests-01-mndtr-23-multiple-use-of-same-cve.md │ │ │ ├── tests-01-mndtr-24-multiple-definition-in-involvements.md │ │ │ ├── tests-01-mndtr-25-multiple-use-of-same-hash-algorithm.md │ │ │ ├── tests-01-mndtr-26-prohibited-document-category-name.md │ │ │ ├── tests-01-mndtr-27-profile-tests.md │ │ │ ├── tests-01-mndtr-28-translation.md │ │ │ ├── tests-01-mndtr-29-remediation-without-product-reference.md │ │ │ ├── tests-01-mndtr-30-mixed-integer-and-semantic-versioning.md │ │ │ ├── tests-01-mndtr-31-version-range-in-product-version.md │ │ │ ├── tests-01-mndtr-32-flag-without-product-reference.md │ │ │ ├── tests-01-mndtr-33-multiple-flags-with-vex-justification-codes-per-product.md │ │ │ ├── tests-01-mndtr-34-branches-recursion-depth.md │ │ │ ├── tests-01-mndtr-35-contradicting-remediations.md │ │ │ ├── tests-01-mndtr-36-contradicting-product-status-remediation-combination.md │ │ │ ├── tests-01-mndtr-37-date-and-time.md │ │ │ ├── tests-01-mndtr-38-non-public-sharing-group-with-max-uuid.md │ │ │ ├── tests-01-mndtr-39-public-sharing-group-with-no-max-uuid.md │ │ │ ├── tests-01-mndtr-40-invalid-sharing-group-name.md │ │ │ ├── tests-01-mndtr-41-missing-sharing-group-name.md │ │ │ ├── tests-01-mndtr-42-purl-qualifiers.md │ │ │ ├── tests-01-mndtr-43-use-of-multiple-stars-in-model-number.md │ │ │ ├── tests-01-mndtr-44-use-of-multiple-stars-in-serial-number.md │ │ │ ├── tests-01-mndtr-45-inconsistent-disclosure-date.md │ │ │ ├── tests-01-mndtr-46-invalid-ssvc.md │ │ │ ├── tests-01-mndtr-47-inconsistent-ssvc-id.md │ │ │ ├── tests-01-mndtr-48-ssvc-decision-points.md │ │ │ ├── tests-01-mndtr-49-inconsistent-ssvc-timestamp.md │ │ │ ├── tests-01-mndtr-50-product-version-range-rules.md │ │ │ ├── tests-01-mndtr-51-inconsistent-epss-timestamp.md │ │ │ ├── tests-01-mndtr-52-inconsistent-first-known-exploitation-dates.md │ │ │ ├── tests-01-mndtr-53-inconsistent-exploitation-date.md │ │ │ ├── tests-01-mndtr-54-license-expression.md │ │ │ ├── tests-01-mndtr-55-license-text.md │ │ │ ├── tests-02-rcmmndd-01-unused-definition-of-product-id.md │ │ │ ├── tests-02-rcmmndd-02-missing-remediation.md │ │ │ ├── tests-02-rcmmndd-03-missing-metric.md │ │ │ ├── tests-02-rcmmndd-04-build-metadata-in-revision-history.md │ │ │ ├── tests-02-rcmmndd-05-older-initial-release-date-than-revision-history.md │ │ │ ├── tests-02-rcmmndd-06-older-current-release-date-than-Revision.md │ │ │ ├── tests-02-rcmmndd-07-missing-date-in-involvements.md │ │ │ ├── tests-02-rcmmndd-08-use-of-md5-as-the-only-hash-algorith.md │ │ │ ├── tests-02-rcmmndd-09-use-of-sha-1-as-the-only-hash-algorithm.md │ │ │ ├── tests-02-rcmmndd-10-missing-tlp-label.md │ │ │ ├── tests-02-rcmmndd-11-missing-canonical-url.md │ │ │ ├── tests-02-rcmmndd-12-missing-document-language.md │ │ │ ├── tests-02-rcmmndd-13-sorting.md │ │ │ ├── tests-02-rcmmndd-14-use-of-private-language.md │ │ │ ├── tests-02-rcmmndd-15-use-of-default-language.md │ │ │ ├── tests-02-rcmmndd-16-missing-product-identification-helper.md │ │ │ ├── tests-02-rcmmndd-17-cve-in-field-ids.md │ │ │ ├── tests-02-rcmmndd-18-product-version-range-without-vers.md │ │ │ ├── tests-02-rcmmndd-19-cvss-for-fixed-products.md │ │ │ ├── tests-02-rcmmndd-20-additional-properties.md │ │ │ ├── tests-02-rcmmndd-21-same-timestamps-in-revision-history.md │ │ │ ├── tests-02-rcmmndd-22-document-tracking-id-in-title.md │ │ │ ├── tests-02-rcmmndd-23-usage-of-deprecated-cwe.md │ │ │ ├── tests-02-rcmmndd-24-usage-of-non-latest-cwe-version.md │ │ │ ├── tests-02-rcmmndd-25-usage-of-cwe-not-allowed-for-vulnerability-mapping.md │ │ │ ├── tests-02-rcmmndd-26-usage-of-cwe-allowed-with-review-for-vulnerability-mapping.md │ │ │ ├── tests-02-rcmmndd-27-discouraged-product-status-remediation-combination.md │ │ │ ├── tests-02-rcmmndd-28-sage-of-max-uuid.md │ │ │ ├── tests-02-rcmmndd-29-usage-of-nil-uuid.md │ │ │ ├── tests-02-rcmmndd-30-usage-of-sharing-group-on-tlp-clear.md │ │ │ ├── tests-02-rcmmndd-31-hardware-and-software.md │ │ │ ├── tests-02-rcmmndd-32-use-of-same-product-identification-helper-for-different-products.md │ │ │ ├── tests-02-rcmmndd-33-disclosure-date-newer-than-revision.md │ │ │ ├── tests-02-rcmmndd-34-usage-of-unregistered-ssvc-decision.md │ │ │ ├── tests-02-rcmmndd-35-usage-of-private-ssvc-decision-point.md │ │ │ ├── tests-02-rcmmndd-36-usage-of-ssvc-decision-point-namespa.md │ │ │ ├── tests-02-rcmmndd-37-usage-of-unknown-ssvc-role.md │ │ │ ├── tests-02-rcmmndd-38-usage-of-deprecated-profile.md │ │ │ ├── tests-02-rcmmndd-39-profile-tests.md │ │ │ ├── tests-02-rcmmndd-40-product-description-without-product.md │ │ │ ├── tests-02-rcmmndd-41-old-epss-timestamp.md │ │ │ ├── tests-02-rcmmndd-42-inconsistent-product-identification-helper.md │ │ │ ├── tests-02-rcmmndd-43-missing-license-expression.md │ │ │ ├── tests-02-rcmmndd-44-deprecated-license-identifier.md │ │ │ ├── tests-02-rcmmndd-45-non-existing-license-identifier.md │ │ │ ├── tests-02-rcmmndd-46-language-specific-license-text.md │ │ │ ├── tests-02-recommended.md │ │ │ ├── tests-03-informative.md │ │ │ └── tests-04-presets.md │ ├── media │ │ ├── OASISLogo-v3.0.png │ │ ├── README.md │ │ └── logo-data-url.txt │ └── share │ │ ├── README.md │ │ ├── csaf-v2.1-draft.html │ │ ├── csaf-v2.1-draft.md │ │ └── style │ │ ├── README.md │ │ ├── base.css │ │ └── skin.css ├── referenced_schema │ ├── certcc │ │ ├── Decision_Point-1-0-1.schema.json │ │ └── Decision_Point_Value_Selection-1-0-1.schema.json │ └── first │ │ ├── cvss-v2.0.json │ │ ├── cvss-v2.0_strict.json │ │ ├── cvss-v3.0.json │ │ ├── cvss-v3.0_strict.json │ │ ├── cvss-v3.1.json │ │ ├── cvss-v3.1_strict.json │ │ ├── cvss-v4.0.json │ │ └── cvss-v4.0_strict.json ├── submit │ └── README.md └── test │ ├── aggregator_schema │ └── run_tests.sh │ ├── cpe │ ├── data │ │ ├── invalid │ │ │ └── cpe.txt │ │ └── valid │ │ │ └── cpe.txt │ ├── run_dictionary_tests.sh │ ├── run_local_tests.sh │ └── test-regex.js │ ├── csaf_schema │ └── run_tests.sh │ ├── filenames │ ├── data │ │ ├── invalid │ │ │ ├── OASIS_CSAF_TC-CSAF_2.1-2024-5-1-01.json │ │ │ ├── oasis-open_csaf_tc-csaf_21-2024-5-1-02.json │ │ │ └── oasis____csaf_tc-csaf_2_1-2024-5-1-03.json │ │ └── valid │ │ │ ├── oasis_csaf_tc-csaf_2_1-2024-5-1-11.json │ │ │ ├── oasis_csaf_tc-csaf_2_1-2024-5-1-12.json │ │ │ └── oasis_csaf_tc-csaf_2_1-2024-5-1-13.json │ ├── run_invalid_tests.sh │ └── run_tests.sh │ ├── generate_strict_schema.py │ ├── language_specific_translation │ ├── run_Tests.sh │ └── translations_json_schema.json │ ├── provider_schema │ └── run_tests.sh │ ├── validator.py │ └── validator │ ├── check_testcases.sh │ ├── data │ ├── informative │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-01-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-01-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-01-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-01-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-01-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-01-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-01-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-01-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-02-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-02-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-02-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-02-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-03-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-03-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-03-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-03-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-04-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-04-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-04-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-04-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-05-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-06-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-06-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-06-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-07-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-07-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-08-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-08-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-08-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-08-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-09-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-09-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-09-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-09-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-09-05.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-09-06.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-09-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-09-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-09-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-09-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-09-15.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-10-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-10-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-11-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-11-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-12-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-12-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-12-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-12-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-12-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-12-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-12-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-12-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-12-15.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-13-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-13-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-14-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-14-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-15-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-15-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-15-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-16-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-16-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-3-17-01.json │ │ └── oasis_csaf_tc-csaf_2_1-2024-6-3-17-11.json │ ├── mandatory │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-01-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-02-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-03-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-04-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-05-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-06-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-06-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-06-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-06-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-06-05.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-06-06.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-06-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-06-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-06-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-06-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-06-15.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-06-16.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-07-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-07-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-07-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-07-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-07-05.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-07-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-07-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-07-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-07-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-07-15.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-07-16.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-07-17.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-07-18.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-08-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-08-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-08-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-08-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-08-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-08-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-08-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-08-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-08-15.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-09-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-09-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-09-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-09-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-09-05.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-09-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-09-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-09-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-09-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-09-15.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-09-16.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-10-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-10-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-10-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-10-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-10-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-10-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-10-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-10-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-11-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-11-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-11-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-11-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-11-05.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-11-06.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-11-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-11-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-11-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-11-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-11-15.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-11-16.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-11-17.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-11-18.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-12-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-13-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-13-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-13-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-13-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-14-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-14-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-14-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-14-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-14-05.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-14-06.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-14-07.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-14-08.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-14-09.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-14-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-14-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-14-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-14-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-14-15.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-14-16.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-14-17.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-14-18.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-14-19.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-14-31.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-15-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-15-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-15-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-15-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-16-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-16-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-16-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-16-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-16-05.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-16-06.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-16-07.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-16-08.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-16-09.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-16-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-16-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-16-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-16-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-16-15.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-16-16.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-16-17.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-16-18.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-16-19.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-16-31.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-16-32.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-17-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-18-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-19-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-19-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-20-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-21-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-21-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-21-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-21-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-21-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-21-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-21-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-22-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-23-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-24-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-24-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-24-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-24-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-25-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-26-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-26-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-26-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-26-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-26-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-26-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-26-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-26-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-01-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-02-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-03-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-03-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-03-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-03-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-03-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-03-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-04-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-04-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-04-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-05-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-05-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-05-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-06-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-06-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-06-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-07-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-08-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-09-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-09-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-09-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-09-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-09-05.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-09-06.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-09-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-09-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-09-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-09-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-09-15.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-09-16.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-10-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-11-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-11-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-11-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-12-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-12-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-13-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-13-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-13-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-13-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-13-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-13-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-13-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-13-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-13-15.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-13-16.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-14-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-14-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-14-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-14-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-15-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-15-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-15-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-15-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-16-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-16-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-16-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-16-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-16-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-16-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-17-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-17-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-17-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-17-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-17-05.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-17-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-17-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-17-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-18-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-18-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-18-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-18-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-18-05.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-18-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-18-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-18-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-19-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-19-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-19-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-19-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-27-19-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-28-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-28-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-29-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-29-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-29-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-30-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-30-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-31-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-31-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-31-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-31-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-31-05.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-31-06.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-31-07.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-31-08.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-31-09.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-31-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-31-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-31-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-32-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-32-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-33-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-33-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-34-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-34-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-34-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-35-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-35-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-35-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-35-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-35-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-35-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-35-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-35-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-36-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-36-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-36-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-36-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-36-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-36-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-36-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-36-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-37-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-37-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-37-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-37-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-37-05.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-37-06.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-37-07.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-37-08.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-37-09.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-37-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-37-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-37-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-37-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-37-15.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-37-16.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-37-20.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-38-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-38-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-38-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-38-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-38-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-38-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-38-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-38-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-38-15.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-39-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-39-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-39-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-39-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-40-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-40-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-40-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-40-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-40-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-40-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-41-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-41-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-41-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-41-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-41-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-41-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-42-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-42-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-42-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-42-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-43-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-43-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-43-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-43-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-43-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-44-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-44-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-44-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-44-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-44-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-45-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-45-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-45-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-45-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-45-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-45-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-45-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-46-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-46-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-46-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-46-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-47-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-47-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-47-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-47-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-47-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-47-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-47-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-47-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-47-15.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-48-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-48-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-48-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-48-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-48-05.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-48-06.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-48-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-48-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-48-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-48-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-48-15.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-48-16.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-48-17.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-49-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-49-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-49-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-49-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-49-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-49-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-50-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-50-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-50-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-50-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-50-05.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-50-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-50-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-50-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-50-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-50-15.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-51-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-51-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-51-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-51-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-51-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-51-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-52-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-52-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-52-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-52-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-53-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-53-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-53-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-53-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-54-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-54-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-54-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-54-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-55-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-55-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-1-55-11.json │ │ └── oasis_csaf_tc-csaf_2_1-2024-6-1-55-12.json │ ├── oasis_csaf_tc-csaf_2_1-2024-TEMPLATE.json │ ├── recommended │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-01-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-01-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-02-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-03-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-04-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-05-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-05-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-05-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-05-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-06-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-06-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-06-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-06-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-06-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-06-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-07-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-08-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-08-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-09-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-09-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-11-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-11-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-12-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-13-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-14-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-14-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-14-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-14-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-14-05.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-14-06.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-14-07.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-14-08.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-14-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-14-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-15-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-15-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-15-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-16-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-16-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-16-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-17-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-17-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-18-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-18-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-19-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-19-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-19-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-19-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-19-05.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-19-06.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-19-07.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-19-08.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-19-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-19-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-19-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-19-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-19-15.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-19-16.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-19-17.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-19-18.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-19-19.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-20-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-20-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-20-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-20-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-21-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-21-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-21-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-21-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-21-05.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-21-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-21-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-21-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-22-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-22-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-22-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-22-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-22-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-22-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-23-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-23-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-23-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-23-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-23-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-23-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-24-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-24-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-24-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-24-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-24-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-24-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-24-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-24-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-25-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-25-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-25-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-25-04.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-25-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-25-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-25-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-25-14.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-26-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-26-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-26-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-26-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-26-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-26-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-27-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-27-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-27-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-27-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-27-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-27-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-28-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-28-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-28-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-29-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-29-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-29-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-30-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-30-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-30-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-31-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-31-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-31-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-31-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-32-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-32-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-32-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-32-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-32-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-33-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-33-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-33-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-33-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-33-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-33-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-34-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-34-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-35-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-35-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-35-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-36-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-36-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-36-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-36-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-36-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-37-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-37-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-38-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-38-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-39-01-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-39-01-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-39-01-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-39-01-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-39-01-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-39-02-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-39-02-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-39-03-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-39-03-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-39-04-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-39-04-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-39-04-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-40-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-40-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-40-03.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-40-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-40-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-40-13.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-41-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-41-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-41-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-41-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-42-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-42-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-42-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-42-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-43-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-43-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-44-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-44-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-44-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-44-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-45-01.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-45-02.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-45-11.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-45-12.json │ │ ├── oasis_csaf_tc-csaf_2_1-2024-6-2-46-01.json │ │ └── oasis_csaf_tc-csaf_2_1-2024-6-2-46-11.json │ └── testcases.json │ ├── run_tests.sh │ └── testcases_json_schema.json ├── cvrf_1.2 ├── CVRF_repositories.md ├── README.md ├── artifact_linkage │ ├── tc-csaf_artifact-linkage-concepts.Rmd │ └── tc-csaf_artifact-linkage-concepts.pdf ├── contributions │ ├── CVRF-dictionary-1.1.pdf │ ├── CVRF-mindmap-1.1-2.pdf │ ├── ICASI_CVRF1.1_White_Paper-2.pdf │ └── cvrf1.1 │ │ ├── catalog │ │ ├── common │ │ └── 1.1 │ │ │ └── common.xsd │ │ ├── cvrf │ │ └── 1.1 │ │ │ └── cvrf.xsd │ │ ├── example │ │ ├── CVRF-1.1-cisco-sa-20110525-rvs4000.xml │ │ ├── CVRF-1.1-rhsa-2012-0465.xml │ │ └── CVRF-1.1-test.xml │ │ ├── prod │ │ └── 1.1 │ │ │ └── prod.xsd │ │ └── vuln │ │ └── 1.1 │ │ └── vuln.xsd ├── csaf_cvrf │ ├── csaf-cvrf-1.2-csd01-wd01-2017-05-24.zip │ ├── csaf-cvrf-v1.2-csd02-wd01-2017-08-30-html.zip │ ├── csaf-cvrf-v1.2-csd02-wd01-2017-08-30.docx │ ├── csaf-cvrf-v1.2-csd02-wd01-2017-08-30.html │ ├── csaf-cvrf-v1.2-csd02-wd01-2017-08-30.pdf │ ├── csaf-cvrf-v1.2-wd01-2017-03-10.docx │ ├── csaf-cvrf-v1.2-wd01-2017-03-10.pdf │ ├── csaf-cvrf-v1.2-wd01-2017-03-24.docx │ ├── csaf-cvrf-v1.2-wd01-2017-03-24.pdf │ ├── csaf-cvrf-v1.2-wd01-2017-03-29-final.docx │ ├── csaf-cvrf-v1.2-wd01-2017-05-24.docx │ ├── csaf-cvrf-v1.2-wd01-2017-05-24.fld │ │ ├── image001.png │ │ ├── image002.png │ │ ├── image003.png │ │ ├── image004.png │ │ ├── image005.png │ │ ├── image006.png │ │ ├── image007.png │ │ ├── image008.png │ │ ├── image009.png │ │ ├── image010.png │ │ ├── image011.png │ │ ├── image012.png │ │ ├── image013.png │ │ ├── image014.png │ │ └── image015.png │ ├── csaf-cvrf-v1.2-wd01-2017-05-24.html │ ├── csaf-cvrf-v1.2-wd01-2017-05-24.pdf │ ├── csaf-cvrf-v1.2-wd01-20170312.docx │ ├── csaf-cvrf-v1.2-wd01-20170312.pdf │ └── schemas │ │ ├── common.xsd │ │ ├── cvrf.xsd │ │ ├── prod.xsd │ │ └── vuln.xsd └── examples │ ├── cisco-sa-20180328-smi2_cvrf.xml │ └── cvrf-rhba-2018-0489.xml ├── meeting_minutes ├── 2021 │ ├── 2021-09-29.md │ ├── 2021-10-27.md │ └── 2021-11-24.md ├── 2022 │ ├── 2022-01-26.md │ ├── 2022-02-23.md │ ├── 2022-03-30.md │ ├── 2022-04-27.md │ ├── 2022-05-18.md │ ├── 2022-06-29.md │ ├── 2022-07-20.md │ ├── 2022-08-31.md │ └── 2022-09-21.md ├── 2023 │ ├── 2023-01-18.md │ ├── 2023-01-25.md │ ├── 2023-02-22.md │ ├── 2023-03-29.md │ ├── 2023-05-31.md │ ├── 2023-06-28.md │ ├── 2023-07-26.md │ ├── 2023-08-30.md │ ├── 2023-09-27.md │ ├── 2023-10-25.md │ └── 2023-11-29.md ├── 2024 │ ├── 2023-03-27.md │ ├── 2024-01-31.md │ ├── 2024-02-28.md │ ├── 2024-04-24.md │ ├── 2024-05-29.md │ ├── 2024-06-26.md │ ├── 2024-07-31.md │ ├── 2024-08-28.md │ ├── 2024-09-25.md │ ├── 2024-10-30.md │ ├── 2024-11-27.md │ └── 2024-12-18.md └── 2025 │ ├── 2025-01-29.md │ ├── 2025-02-26.md │ ├── 2025-03-26.md │ └── 2025-04-30.md └── notes ├── images └── image_1.png ├── internal-docs └── README.md ├── styles └── markdown-styles-v1.8a-cn.css └── whats-new-csaf-v2.0-cn01.md /.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto eol=lf 2 | -------------------------------------------------------------------------------- /.github/workflows/csaf_2.0_cpe.yml: -------------------------------------------------------------------------------- 1 | name: CPE Dictionary Test (CSAF 2.0) 2 | 3 | on: 4 | push: 5 | paths: 6 | - 'csaf_2.0/**' 7 | pull_request: 8 | paths: 9 | - 'csaf_2.0/**' 10 | 11 | jobs: 12 | cpe-test: 13 | runs-on: ubuntu-latest 14 | steps: 15 | - name: Checkout repository 16 | uses: actions/checkout@v4 17 | - name: Setup Node 18 | uses: actions/setup-node@v4 19 | with: 20 | node-version: '20' 21 | - name: Perform CPE Dictionary Test 22 | run: ./csaf_2.0/test/cpe/run_tests.sh 23 | -------------------------------------------------------------------------------- /.github/workflows/csaf_2.1_cpe.yml: -------------------------------------------------------------------------------- 1 | name: CPE Dictionary Test (CSAF 2.1) 2 | 3 | on: 4 | push: 5 | paths: 6 | - 'csaf_2.1/**' 7 | pull_request: 8 | paths: 9 | - 'csaf_2.1/**' 10 | 11 | jobs: 12 | cpe-test: 13 | runs-on: ubuntu-latest 14 | steps: 15 | - name: Checkout repository 16 | uses: actions/checkout@v4 17 | - name: Setup Node 18 | uses: actions/setup-node@v4 19 | with: 20 | node-version: '20' 21 | - name: Perform CPE Dictionary Test 22 | run: ./csaf_2.1/test/cpe/run_dictionary_tests.sh 23 | - name: Perform CPE local examples Test 24 | run: ./csaf_2.1/test/cpe/run_local_tests.sh 25 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Original ignores (before csaf_2.1 branch off) 2 | meeting_minutes/.DS_Store 3 | .DS_Store 4 | *_strict_schema.json 5 | official-cpe-dictionary_v2.3.* 6 | official-cpe-dictionary_v2.2.* 7 | 8 | # pyenv 9 | .python-version 10 | 11 | # Environments 12 | .env 13 | .venv 14 | env/ 15 | venv/ 16 | ENV/ 17 | env.bak/ 18 | venv.bak/ 19 | 20 | # Other local development artifacts 21 | *~ 22 | .idea 23 | local* 24 | .vscode/ 25 | build/ 26 | -------------------------------------------------------------------------------- /archive/issue_processing/tc-csaf_issue-processing-workflow_states-and-transitions.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/archive/issue_processing/tc-csaf_issue-processing-workflow_states-and-transitions.pdf -------------------------------------------------------------------------------- /archive/issue_processing/tc_flow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/archive/issue_processing/tc_flow.png -------------------------------------------------------------------------------- /archive/meeting_minutes/2016 Meetings/20161116_meeting-1/csaf-minutes-20161116+meeting.1.html.minisig: -------------------------------------------------------------------------------- 1 | untrusted comment: signature from minisign secret key 2 | RWSNr0qlvj2nJ8pQWe95rCNh7s8y/5PXyjzZ6gd71A9F0xgPnwlBMsLRe5qCgDnKd3xLF/jMiG3nd2nafFWPIBpstx9m1WOZjQw= 3 | trusted comment: TC CSAF minutes from covener call on 2016-11-16 (revision published in kavi after the meeting) 4 | dCxtbheyJ0bpZvzhAiDsbUR3FRZo/1EjUtqknay9GL+hd4FsoNhZ+vsEsasdzTbDHg/XPIXP7+NTBMm3kA5tDg== 5 | -------------------------------------------------------------------------------- /archive/meeting_minutes/2016 Meetings/20161214_meeting-2/csaf-minutes-20161214-meeting-2.html.minisig: -------------------------------------------------------------------------------- 1 | untrusted comment: signature from minisign secret key 2 | RWSNr0qlvj2nJ0acZzTXY2PfOARvkJlDVi+lmajJai2l0DBZHb5FN6LeHKcnITLVP0aY13QCweLcQZZHc1o8nRANPmjeJwbcEgw= 3 | trusted comment: TC CSAF minutes from meeting #2 on 2016-12-14 (2nd revision published in kavi after the meeting) 4 | 6Vw/8Ps7k5fzPeuLjOVcCf6pqcm+JULjn6pwK/w46caf6cB+2IVsTqzlyZfRnUbJXVd8PjvNrwga4oi8NxCTAw== 5 | -------------------------------------------------------------------------------- /archive/meeting_minutes/2017 Meetings/20170126_meeting-3/csaf-minutes-20170125-meeting-3.html.minisig: -------------------------------------------------------------------------------- 1 | untrusted comment: signature from minisign secret key 2 | RWSNr0qlvj2nJ5+3GvMokDcfaroL2HXAT4yLnnJVpEWazAfEaurcsDu9exNNH9o4eFtM7lhw7CHZclC4ozVNKHccBhFOFpGl3Aw= 3 | trusted comment: TC CSAF minutes from meeting #3 on 2017-01-25 (revision published in kavi after the meeting) 4 | KXePhnq6UBXwT8Y0SAvg+EGAuXJEp30fgkT8ZirC10Q9szd8XnLmjC5QV4x5ssV0noz84FnBT4tkOQ7tNBZbAw== 5 | -------------------------------------------------------------------------------- /archive/meeting_minutes/2017 Meetings/20170222_meeting-4/csaf-minutes-20170222-meeting-4.html.minisig: -------------------------------------------------------------------------------- 1 | untrusted comment: signature from minisign secret key 2 | RWSNr0qlvj2nJ69vy6WHJ/jYpGIVdfQlDM9jDW5q/jjPwR9raZXSZelMq29wBNycEfx+WiJGtJ18lSdfureDyhqoQDyks78FMgI= 3 | trusted comment: TC CSAF minutes from meeting #4 on 2017-02-22(revision published in kavi after the meeting) 4 | 897eoISgoB8HRMBH9/crBQz8tpXknJJm5Mc0rh/oBHMG9gtlGFAJBkJNfOWRyrKlovreG0pkSOEMir9/qxOSBQ== 5 | -------------------------------------------------------------------------------- /archive/meeting_minutes/2017 Meetings/20170329_meeting-5/csaf-minutes-20170329-meeting-5.html.minisig: -------------------------------------------------------------------------------- 1 | untrusted comment: signature from minisign secret key 2 | RWSNr0qlvj2nJwT1Zd4H8idPgOWAdq8h/RjXwISAzpdB1xE45GmFW3P/5hECVgpnqGnDwlYiogukcQNYU0LTXbNUKu/7VDPe4g0= 3 | trusted comment: TC CSAF minutes from meeting #5 on 2017-03-29 (revision published in kavi after the meeting) 4 | iJoN/+K8mf8JELsNlNzJtElRhIl/HTTNObauXpc2aB3R/wrlSRZmZzbtn1NDBWtdcjkDLUIlb2N4itcTqV9+AQ== 5 | -------------------------------------------------------------------------------- /archive/meeting_minutes/2017 Meetings/20170426_meeting-6/csaf-minutes-20170426-meeting-6.html.minisig: -------------------------------------------------------------------------------- 1 | untrusted comment: signature from minisign secret key 2 | RWSNr0qlvj2nJ7wX2rrR1w4IsZ3/yEbGNyjCo/E/5pOy7YLLQbmaxcvivGHy+X/i1KPRluygWcVl644nEdUShUPojFjNM8n8rgM= 3 | trusted comment: TC CSAF minutes from meeting #6 on 2017-04-26 (revision published in kavi after the meeting) 4 | hMmZkY7oH34PLyrOSbopm9dPFhv+CZCPgRaYfeUq9I1KlKDSHP/TTAwAUazenSKRvVveVdEOzl59AtP5/WYCAw== 5 | -------------------------------------------------------------------------------- /archive/meeting_minutes/2017 Meetings/20170531_meeting-7/csaf-minutes-20170531-meeting-7.html.minisig: -------------------------------------------------------------------------------- 1 | untrusted comment: signature from minisign secret key 2 | RWSNr0qlvj2nJ7f3LZmAsVM27MSyoMVimIkTmhLaFdJJja5zHKUhVm1sUL/PJUzA2E15ZjtQDFLJ8MqSM/A+hLHz7VvzML7nWQ8= 3 | trusted comment: TC CSAF minutes from meeting #7 on 2017-05-31 (revision published in kavi after the meeting) 4 | V76Y06aYiXdX1ETMd/SbE/M+SwUXeErgmS3GRBm5qKLquazwWKph2wmbqGUk1qdjGrQHqOeLMteyw16kqFD7Dw== 5 | -------------------------------------------------------------------------------- /archive/meeting_minutes/2017 Meetings/20170628_meeting-8/csaf-minutes-20170628-meeting-8.html.minisig: -------------------------------------------------------------------------------- 1 | untrusted comment: signature from minisign secret key 2 | RWSNr0qlvj2nJ5l6dEdmtlf7NAbp1HCL8q4gePcsbuChnedi3s+T6dMkZxt64pjYPjLV7+2rPeIExmqWxOxo8Ti0AviICiTK2QQ= 3 | trusted comment: TC CSAF minutes from meeting #8 on 2017-06-28 with correction of member name spelling (revision published in kavi after the meeting) 4 | NUrKKY4pNm5pW2nRrL2vBbRST/pGp4PZW5UzFlcwi17du+mC+m/SAssPBajY+Y/pKPFsHC7UhL3S0K5wx1wbAA== 5 | -------------------------------------------------------------------------------- /archive/meeting_minutes/2017 Meetings/20170830_meeting-9/csaf-minutes-20170830-meeting-9.html.minisig: -------------------------------------------------------------------------------- 1 | untrusted comment: signature from minisign secret key 2 | RWSNr0qlvj2nJ2kyfbJe/+IDWdMOmgdlFiCmPjaKrd5wLnMKD6bm9CnUh6XWSyy1bREq3NvT34TBEAYE+sNkAXGa3uE/OpHbwQU= 3 | trusted comment: TC CSAF minutes from meeting #9 on 2017-08-30 (revision published in kavi after the meeting) 4 | HLj8apZuqQ/RmjgPYX0ghaHJFC0mHpMSfZxnLFqpn/pXUtDRapDbRQdlQf6zbIlXNVBvrvs6dRQTr1aGLX/BAg== 5 | -------------------------------------------------------------------------------- /archive/meeting_minutes/2017 Meetings/20170927_meeting-10/csaf-minutes-20170927-meeting-10.html.minisig: -------------------------------------------------------------------------------- 1 | untrusted comment: signature from minisign secret key 2 | RWSNr0qlvj2nJ1zqHFHRkTbrqnjsEXmkN9vprt8bhZ6Po9Ijt1OvM70FzxWluDx953N3Ru8Fo9G8coZtgyrHeOaAWlwcvaN6ZgI= 3 | trusted comment: TC CSAF minutes from meeting #10 on 2017-09-27 (revision published in kavi after the meeting) 4 | NMaHTCNsSPgdstieWluhgWaxlJT9vcm1oW/i6NlDZ6XhBDbZEtHisD5y7NZnQtEU7PIl3GUc/Sen/Hmv5sMeBQ== 5 | -------------------------------------------------------------------------------- /archive/meeting_minutes/2017 Meetings/20171025_meeting-11/csaf-minutes-20171025-meeting-11.html.minisig: -------------------------------------------------------------------------------- 1 | untrusted comment: signature from minisign secret key 2 | RWSNr0qlvj2nJ2EtS3xrnvGTrE9YZ0xs+VCL8OWJEDKS9QAGR3byAOopAONdqui+OTWTMyLHZzEWKAzFOS06lpckAL1FbayTpAY= 3 | trusted comment: TC CSAF minutes from meeting #11 on 2017-10-25(revision published in kavi after the meeting) 4 | TgTSVIfyCIcjwVCcSn4OfOa/EB/d9lWQ2eQLNz7xwWlQJJ1EBrbYROmsBGaUVcVBNBBBg18V48ZtcxtRma/aDw== 5 | -------------------------------------------------------------------------------- /archive/meeting_minutes/2017 Meetings/20171129_meeting-12/csaf-minutes-20171129-meeting-12.html.minisig: -------------------------------------------------------------------------------- 1 | untrusted comment: signature from minisign secret key 2 | RWSNr0qlvj2nJ0JfwXwnRZLZQgGjFMuxs6ymGNawFmWOG0ko31EC1X0VhVuftTzllMxMhYtFmmvaU2RgvoOCUg4Z5fXSzqU8Fgc= 3 | trusted comment: TC CSAF minutes from meeting #12 on 2017-11-29(revision published in kavi after the meeting) 4 | wWfkptJg7yrxEEBATiK23LRAovyMwDOL+qsfUF/hspOelhpHxqbER7+JZ9fFVqiPeyeNkUPvVvYEYvCzwY1eDg== 5 | -------------------------------------------------------------------------------- /archive/meeting_minutes/2018 Meetings/20180829_meeting-18/Minutes of 2018-08-29 Meeting #18.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/archive/meeting_minutes/2018 Meetings/20180829_meeting-18/Minutes of 2018-08-29 Meeting #18.pdf -------------------------------------------------------------------------------- /archive/meeting_minutes/2018 Meetings/20181031_meeting-20/Oasis Minutes of 2018-10-31 Meeting#20.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/archive/meeting_minutes/2018 Meetings/20181031_meeting-20/Oasis Minutes of 2018-10-31 Meeting#20.pdf -------------------------------------------------------------------------------- /archive/meeting_minutes/2018 Meetings/20181128_meeting-21/CSAF TC Nov 2018 Monthly Meeting.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/archive/meeting_minutes/2018 Meetings/20181128_meeting-21/CSAF TC Nov 2018 Monthly Meeting.pdf -------------------------------------------------------------------------------- /archive/meeting_minutes/2019 Meetings/Minutes of CSAF Monthly Meeting on 2018-11-28.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/archive/meeting_minutes/2019 Meetings/Minutes of CSAF Monthly Meeting on 2018-11-28.pdf -------------------------------------------------------------------------------- /archive/meeting_minutes/2019 Meetings/Minutes of CSAF Monthly Meeting on 2019-01-09.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/archive/meeting_minutes/2019 Meetings/Minutes of CSAF Monthly Meeting on 2019-01-09.pdf -------------------------------------------------------------------------------- /archive/meeting_minutes/2019 Meetings/Minutes of CSAF Monthly Meeting on 2019-01-30.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/archive/meeting_minutes/2019 Meetings/Minutes of CSAF Monthly Meeting on 2019-01-30.pdf -------------------------------------------------------------------------------- /archive/meeting_minutes/2019 Meetings/Minutes of CSAF Monthly Meeting on 2019-02-27.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/archive/meeting_minutes/2019 Meetings/Minutes of CSAF Monthly Meeting on 2019-02-27.pdf -------------------------------------------------------------------------------- /archive/meeting_minutes/2019 Meetings/Minutes of CSAF Monthly Meeting on 2019-03-27.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/archive/meeting_minutes/2019 Meetings/Minutes of CSAF Monthly Meeting on 2019-03-27.pdf -------------------------------------------------------------------------------- /archive/meeting_minutes/2019 Meetings/Minutes of CSAF Monthly Meeting on 2019-04-24.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/archive/meeting_minutes/2019 Meetings/Minutes of CSAF Monthly Meeting on 2019-04-24.pdf -------------------------------------------------------------------------------- /archive/meeting_minutes/2019 Meetings/Minutes of CSAF Monthly Meeting on 2019-5-29-19.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/archive/meeting_minutes/2019 Meetings/Minutes of CSAF Monthly Meeting on 2019-5-29-19.pdf -------------------------------------------------------------------------------- /archive/meeting_minutes/2019 Meetings/Minutes of CSAF Monthly Meeting on April 24 2019.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/archive/meeting_minutes/2019 Meetings/Minutes of CSAF Monthly Meeting on April 24 2019.pdf -------------------------------------------------------------------------------- /archive/meeting_minutes/2019 Meetings/Minutes of CSAF working Meeting on 2019 -7-17 .pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/archive/meeting_minutes/2019 Meetings/Minutes of CSAF working Meeting on 2019 -7-17 .pdf -------------------------------------------------------------------------------- /archive/meeting_minutes/2019 Meetings/Minutes of CSAF working Meeting on 2019-07-31.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/archive/meeting_minutes/2019 Meetings/Minutes of CSAF working Meeting on 2019-07-31.pdf -------------------------------------------------------------------------------- /archive/meeting_minutes/2019 Meetings/Minutes of CSAF working Meeting on 2019-4-10 final.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/archive/meeting_minutes/2019 Meetings/Minutes of CSAF working Meeting on 2019-4-10 final.pdf -------------------------------------------------------------------------------- /archive/meeting_minutes/2019 Meetings/Minutes of CSAF working Meeting on 2019-5-15-19.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/archive/meeting_minutes/2019 Meetings/Minutes of CSAF working Meeting on 2019-5-15-19.pdf -------------------------------------------------------------------------------- /csaf_2.0/README.md: -------------------------------------------------------------------------------- 1 | # CSAF 2.0 Sandbox 2 | The CSAF 2.0 sandbox allows the community to fully investigate and implement new capabilities before including them in an official release ensuring that only mature and implementable constructs are added to the standard. The latest schema draft is located under the csaf_2.0 folder. 3 | 4 | ## Repository Contributions, Participation, and Public Access 5 | Contributors to this repository are expected to be Members of the OASIS Common Security Advisory Framework (CSAF) Technical Committee, for any substantive contributions. Anyone wishing to participate in the TC's technical activity is invited to join as a TC Member. Additional information about how to contribute is documented at: 6 | https://github.com/oasis-tcs/csaf/blob/master/CONTRIBUTING.md 7 | -------------------------------------------------------------------------------- /csaf_2.0/cvrf_1_2_doc_elements.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/csaf_2.0/cvrf_1_2_doc_elements.png -------------------------------------------------------------------------------- /csaf_2.0/cvrf_1_2_errata.md: -------------------------------------------------------------------------------- 1 | # Overall Comments 2 | 3 | No description of best practices for xml:lang attribute. 4 | 5 | ## Typos 6 | 7 | ### Section 2.2.7 8 | 9 | Includes a paragraph that starts "A Note may also be annotated..." 10 | 11 | ### Section 2.2.10 12 | 13 | Regular expression for CVE should be: CVE-[0-9]{4}-[0-9]{4,} 14 | 15 | ### Section 4.5.2 16 | 17 | "Status Type Model" not linked to the corresponding section. 18 | 19 | ### Section 4.5.3 20 | 21 | "Version Type Model" is not linked to the corresponding section. 22 | 23 | ### Section 5.1 24 | 25 | Refers to prod:FullProductName twice in the paragraph starting "if given...". Presumably, the second use is suppose to be 26 | prod:Relationship. 27 | 28 | ### Section 5.1.3 29 | 30 | Refers to element "prod:Tree". Presumably intended as "prod:ProductTree". 31 | 32 | -------------------------------------------------------------------------------- /csaf_2.0/examples/ROLIE/example-01-category.json: -------------------------------------------------------------------------------- 1 | { 2 | "categories": { 3 | "category": [ 4 | { 5 | "term": "Example Company Product A" 6 | }, 7 | { 8 | "term": "Example Company Product B" 9 | } 10 | ] 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /csaf_2.0/examples/ROLIE/example-01-service.json: -------------------------------------------------------------------------------- 1 | { 2 | "service": { 3 | "workspace": [ 4 | { 5 | "title": "Public CSAF feed", 6 | "collection": [ 7 | { 8 | "title": "Example CSAF feed (TLP:WHITE)", 9 | "href": "https://psirt.domain.tld/advisories/csaf/feed-tlp-white.json", 10 | "categories": { 11 | "category": [ 12 | { 13 | "scheme": "urn:ietf:params:rolie:category:information-type", 14 | "term": "csaf" 15 | } 16 | ] 17 | } 18 | } 19 | ] 20 | } 21 | ] 22 | } 23 | } -------------------------------------------------------------------------------- /csaf_2.0/register/dot-well-dash-known-slash/csaf-aggregator.txt: -------------------------------------------------------------------------------- 1 | URI suffix: .well-known/csaf-aggregator/ 2 | Change controller: OASIS_OPEN 3 | Specification document(s): Common Security Advisory Framework Version 2.0 section 7.1.21 Requirement 21: List of CSAF providers, URL: https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html#7121-requirement-21-list-of-csaf-providers 4 | Related information: Common Security Advisory Framework Version 2.0 section 7 Distributing CSAF Documents, URL https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html#7-distributing-csaf-documents 5 | -------------------------------------------------------------------------------- /csaf_2.0/register/dot-well-dash-known-slash/csaf.txt: -------------------------------------------------------------------------------- 1 | URI suffix: .well-known/csaf/ 2 | Change controller: OASIS_OPEN 3 | Specification document(s): Common Security Advisory Framework Version 2.0 section 7.1.9 Requirement 9: Well-known URL for provider-metadata.json, URL https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html#719-requirement-9-well-known-url-for-provider-metadatajson 4 | Related information: Common Security Advisory Framework Version 2.0 section 7 Distributing CSAF Documents, URL https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html#7-distributing-csaf-documents 5 | -------------------------------------------------------------------------------- /csaf_2.0/register/rolie-information-type/csaf.md: -------------------------------------------------------------------------------- 1 | I suggest to register "csaf" as ROLIE feed type per the following record satisfying the requirements given at [RFC 8322, Section 8.4 "ROLIE Information Types Registry"](https://www.rfc-editor.org/rfc/rfc8322.html#section-8.4): 2 | 3 | ``` 4 | Name: csaf 5 | Index: 6 | Reference: https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#7115-requirement-15-rolie-feed 7 | ``` 8 | -------------------------------------------------------------------------------- /csaf_2.0/register/security-dot-txt/csaf.txt: -------------------------------------------------------------------------------- 1 | Field Name: CSAF 2 | Description: link to a provider-metadata.json resource of the Common Security Advisory Framework (CSAF) 3 | Multiple Appearances: yes 4 | Status: current 5 | Change controller: OASIS-OPEN 6 | Reference: Common Security Advisory Framework Version 2.0 section 7.1.8 "Requirement 8: security.txt" https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html#718-requirement-8-securitytxt 7 | -------------------------------------------------------------------------------- /csaf_2.0/submit/pdf/submission-request.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/csaf_2.0/submit/pdf/submission-request.pdf -------------------------------------------------------------------------------- /csaf_2.0/test/cpe/test-regex.js: -------------------------------------------------------------------------------- 1 | const { exit } = require('process') 2 | const fs = require('fs') 3 | 4 | const args = process.argv.slice(2); 5 | const obj = JSON.parse(fs.readFileSync(args[0], 'utf8')) 6 | 7 | const pattern = obj.$defs.full_product_name_t.properties.product_identification_helper.properties.cpe.pattern 8 | const r = new RegExp(pattern) 9 | 10 | console.log('Current regex to test:', '\n', pattern) 11 | 12 | const cpeStr = fs.readFileSync(args[1], 'utf8').split('\n') 13 | 14 | let failed = false 15 | 16 | cpeStr.forEach(element => { 17 | if (element.length > 0) { 18 | const result = (r.exec(element) != null) 19 | failed = failed | !result 20 | if (!result) { 21 | console.log(result, '\t', element) 22 | } 23 | } 24 | }); 25 | 26 | exit(failed) 27 | -------------------------------------------------------------------------------- /csaf_2.0/test/filenames/data/invalid/OASIS_CSAF_TC-CSAF_2.0-2021-5-1-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Filename (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-5-1-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /csaf_2.0/test/filenames/data/invalid/oasis-open_csaf_tc-csaf_20-2021-5-1-02.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Filename (failing example 2)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-5-1-02", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /csaf_2.0/test/filenames/data/invalid/oasis____csaf_tc-csaf_2_0-2021-5-1-03.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Filename (failing example 3)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS: #/CSAF_TC-CSAF_2.0-2021-5-1-03", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /csaf_2.0/test/filenames/data/valid/oasis_csaf_tc-csaf_2_0-2021-5-1-11.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Filename (valid example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-5-1-11", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | } 26 | } -------------------------------------------------------------------------------- /csaf_2.0/test/filenames/data/valid/oasis_csaf_tc-csaf_2_0-2021-5-1-12.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Filename (valid example 2)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-5-1-12", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | } 26 | } -------------------------------------------------------------------------------- /csaf_2.0/test/filenames/data/valid/oasis_csaf_tc-csaf_2_0-2021-5-1-13.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Filename (valid example 3)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS: #/CSAF_TC-CSAF_2.0-2021-5-1-13", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | } 26 | } -------------------------------------------------------------------------------- /csaf_2.0/test/filenames/run_invalid_tests.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | TESTPATH=$* 4 | 5 | FAIL=0 6 | 7 | # go to root of git repository 8 | cd `dirname $0`/../../.. 9 | 10 | check() { 11 | printf "%s" "Testing that filename of $1 is invalid ... " 12 | paikalta --labels FAILED,SUCCESS $1 && FAIL=1 13 | } 14 | 15 | test_all() { 16 | for i in ${TESTPATH} 17 | do 18 | check $i 19 | done 20 | } 21 | 22 | test_all 23 | 24 | exit ${FAIL} 25 | -------------------------------------------------------------------------------- /csaf_2.0/test/filenames/run_tests.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | TESTPATH=$* 4 | 5 | FAIL=0 6 | 7 | # go to root of git repository 8 | cd `dirname $0`/../../.. 9 | 10 | check() { 11 | printf "%s" "Testing filename of $1 ... " 12 | paikalta --labels SUCCESS,FAILED $1 || FAIL=1 13 | } 14 | 15 | test_all() { 16 | for i in ${TESTPATH} 17 | do 18 | check $i 19 | done 20 | } 21 | 22 | test_all 23 | 24 | exit ${FAIL} 25 | -------------------------------------------------------------------------------- /csaf_2.0/test/generate_strict_schema.py: -------------------------------------------------------------------------------- 1 | import jsonschema 2 | import simplejson as json 3 | import sys 4 | import jsonpath_rw 5 | from pprint import pprint 6 | 7 | if len(sys.argv)!=2: 8 | print("%s " % (sys.argv[0])) 9 | sys.exit(1) 10 | 11 | 12 | json_schema = sys.argv[1] 13 | with open(json_schema, 'r') as f: 14 | schema_data = f.read() 15 | schema = json.loads(schema_data) 16 | 17 | for i in jsonpath_rw.parse("$..* where properties").find(schema): 18 | i.value['additionalProperties'] = False 19 | 20 | # Don't forget to add it at the root level 21 | schema['additionalProperties'] = False 22 | 23 | print(json.dumps(schema, sort_keys=True, indent=2)) 24 | -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-03-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Informative test: Missing CVE (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-03-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | }, 26 | "vulnerabilities": [ 27 | { 28 | "title": "BlueKeep" 29 | } 30 | ] 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-03-11.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Informative test: Missing CVE (valid example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-03-11", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | }, 26 | "vulnerabilities": [ 27 | { 28 | "cve": "CVE-2019-0708", 29 | "title": "BlueKeep" 30 | } 31 | ] 32 | } 33 | -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-04-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Informative test: Missing CWE (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-04-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | }, 26 | "vulnerabilities": [ 27 | { 28 | "cve": "CVE-2019-0708", 29 | "title": "BlueKeep" 30 | } 31 | ] 32 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-08-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "lang": "en", 6 | "notes": [ 7 | { 8 | "category": "summary", 9 | "text": "Secruity researchers found multiple vulnerabilities in XYZ." 10 | } 11 | ], 12 | "publisher": { 13 | "category": "other", 14 | "name": "OASIS CSAF TC", 15 | "namespace": "https://csaf.io" 16 | }, 17 | "title": "Informative test: Spell check (failing example 1)", 18 | "tracking": { 19 | "current_release_date": "2021-07-21T10:00:00.000Z", 20 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-08-01", 21 | "initial_release_date": "2021-07-21T10:00:00.000Z", 22 | "revision_history": [ 23 | { 24 | "date": "2021-07-21T10:00:00.000Z", 25 | "number": "1", 26 | "summary": "Initial version." 27 | } 28 | ], 29 | "status": "final", 30 | "version": "1" 31 | } 32 | } 33 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-08-11.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "lang": "en", 6 | "notes": [ 7 | { 8 | "category": "summary", 9 | "text": "Security researchers found multiple vulnerabilities in XYZ." 10 | } 11 | ], 12 | "publisher": { 13 | "category": "other", 14 | "name": "OASIS CSAF TC", 15 | "namespace": "https://csaf.io" 16 | }, 17 | "title": "Informative test: Spell check (valid example 1)", 18 | "tracking": { 19 | "current_release_date": "2021-07-21T10:00:00.000Z", 20 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-08-11", 21 | "initial_release_date": "2021-07-21T10:00:00.000Z", 22 | "revision_history": [ 23 | { 24 | "date": "2021-07-21T10:00:00.000Z", 25 | "number": "1", 26 | "summary": "Initial version." 27 | } 28 | ], 29 | "status": "final", 30 | "version": "1" 31 | } 32 | } 33 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-11-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: CWE (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-11-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | }, 26 | "vulnerabilities": [ 27 | { 28 | "cwe": { 29 | "id": "CWE-79", 30 | "name": "Improper Input Validation" 31 | } 32 | } 33 | ] 34 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-12-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "lang": "EZ", 6 | "publisher": { 7 | "category": "other", 8 | "name": "OASIS CSAF TC", 9 | "namespace": "https://csaf.io" 10 | }, 11 | "title": "Mandatory test: Language (failing example 1)", 12 | "tracking": { 13 | "current_release_date": "2021-07-21T10:00:00.000Z", 14 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-12-01", 15 | "initial_release_date": "2021-07-21T10:00:00.000Z", 16 | "revision_history": [ 17 | { 18 | "date": "2021-07-21T10:00:00.000Z", 19 | "number": "1", 20 | "summary": "Initial version." 21 | } 22 | ], 23 | "status": "final", 24 | "version": "1" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-14-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Sorted Revision History (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-23T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-14-01", 14 | "initial_release_date": "2021-07-22T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-22T10:00:00.000Z", 18 | "number": "2", 19 | "summary": "Second version." 20 | }, 21 | { 22 | "date": "2021-07-23T10:00:00.000Z", 23 | "number": "1", 24 | "summary": "Initial version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "1" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-14-02.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Sorted Revision History (failing example 2)", 11 | "tracking": { 12 | "current_release_date": "2021-07-23T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-14-02", 14 | "initial_release_date": "2021-07-22T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-22T10:00:00.000Z", 18 | "number": "2", 19 | "summary": "Second version." 20 | }, 21 | { 22 | "date": "2021-07-23T10:00:00.000Z", 23 | "number": "1", 24 | "summary": "Initial version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-14-03.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Sorted Revision History (failing example 3)", 11 | "tracking": { 12 | "current_release_date": "2021-07-23T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-14-03", 14 | "initial_release_date": "2021-07-22T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-23T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-22T10:00:00.000Z", 23 | "number": "2", 24 | "summary": "Second version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-14-04.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Sorted Revision History (failing example 4)", 11 | "tracking": { 12 | "current_release_date": "2021-07-23T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-14-04", 14 | "initial_release_date": "2021-07-22T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-22T10:00:00.000Z", 18 | "number": "2.0.0", 19 | "summary": "Second version." 20 | }, 21 | { 22 | "date": "2021-07-23T10:00:00.000Z", 23 | "number": "1.0.0", 24 | "summary": "Initial version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "1.0.0" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-14-05.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Sorted Revision History (failing example 5)", 11 | "tracking": { 12 | "current_release_date": "2021-07-23T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-14-05", 14 | "initial_release_date": "2021-07-22T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-22T10:00:00.000Z", 18 | "number": "2.0.0", 19 | "summary": "Second version." 20 | }, 21 | { 22 | "date": "2021-07-23T10:00:00.000Z", 23 | "number": "1.0.0", 24 | "summary": "Initial version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2.0.0" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-14-08.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Sorted Revision History (failing example 8)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.00010Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-14-08", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.00010Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "2", 24 | "summary": "Second version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "1" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-14-11.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Sorted Revision History (valid example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-23T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-14-11", 14 | "initial_release_date": "2021-07-22T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-23T10:00:00.000Z", 18 | "number": "2", 19 | "summary": "Second version." 20 | }, 21 | { 22 | "date": "2021-07-22T10:00:00.000Z", 23 | "number": "1", 24 | "summary": "Initial version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-14-12.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Sorted Revision History (valid example 2)", 11 | "tracking": { 12 | "current_release_date": "2021-07-22T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-14-12", 14 | "initial_release_date": "2021-07-22T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-22T10:00:00.000Z", 18 | "number": "2", 19 | "summary": "Second version." 20 | }, 21 | { 22 | "date": "2021-07-22T10:00:00.000Z", 23 | "number": "1", 24 | "summary": "Initial version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-14-13.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Sorted Revision History (valid example 3)", 11 | "tracking": { 12 | "current_release_date": "2021-07-22T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-14-13", 14 | "initial_release_date": "2021-07-22T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-22T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-22T10:00:00.000Z", 23 | "number": "2", 24 | "summary": "Second version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-14-14.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Sorted Revision History (valid example 4)", 11 | "tracking": { 12 | "current_release_date": "2021-07-23T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-14-14", 14 | "initial_release_date": "2021-07-22T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-22T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-23T10:00:00.000Z", 23 | "number": "2", 24 | "summary": "Second version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-14-15.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Sorted Revision History (valid example 5)", 11 | "tracking": { 12 | "current_release_date": "2021-07-23T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-14-15", 14 | "initial_release_date": "2021-07-22T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-23T10:00:00.000Z", 18 | "number": "2.0.0", 19 | "summary": "Second version." 20 | }, 21 | { 22 | "date": "2021-07-22T10:00:00.000Z", 23 | "number": "1.0.0", 24 | "summary": "Initial version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2.0.0" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-14-16.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Sorted Revision History (valid example 6)", 11 | "tracking": { 12 | "current_release_date": "2021-07-22T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-14-16", 14 | "initial_release_date": "2021-07-22T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-22T10:00:00.000Z", 18 | "number": "1.0.0", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-22T10:00:00.000Z", 23 | "number": "2.0.0", 24 | "summary": "Second version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2.0.0" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-14-19.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Sorted Revision History (valid example 9)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.00010Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-14-19", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.00010Z", 23 | "number": "2", 24 | "summary": "Second version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-15-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "translator", 7 | "name": "OASIS CSAF TC Translator", 8 | "namespace": "https://csaf.io/translator" 9 | }, 10 | "title": "Mandatory test: Translator (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-15-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | } 26 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-15-02.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "lang": "en-US", 6 | "publisher": { 7 | "category": "translator", 8 | "name": "OASIS CSAF TC Translator", 9 | "namespace": "https://csaf.io/translator" 10 | }, 11 | "title": "Mandatory test: Translator (failing example 2)", 12 | "tracking": { 13 | "current_release_date": "2021-07-21T10:00:00.000Z", 14 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-15-02", 15 | "initial_release_date": "2021-07-21T10:00:00.000Z", 16 | "revision_history": [ 17 | { 18 | "date": "2021-07-21T10:00:00.000Z", 19 | "number": "1", 20 | "summary": "Initial version." 21 | } 22 | ], 23 | "status": "final", 24 | "version": "1" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-15-11.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "translator", 7 | "name": "OASIS CSAF TC Translator", 8 | "namespace": "https://csaf.io/translator" 9 | }, 10 | "source_lang": "de-DE", 11 | "title": "Mandatory test: Translator (valid example 1)", 12 | "tracking": { 13 | "current_release_date": "2021-07-21T10:00:00.000Z", 14 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-15-11", 15 | "initial_release_date": "2021-07-21T10:00:00.000Z", 16 | "revision_history": [ 17 | { 18 | "date": "2021-07-21T10:00:00.000Z", 19 | "number": "1", 20 | "summary": "Initial version." 21 | } 22 | ], 23 | "status": "final", 24 | "version": "1" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-15-12.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "lang": "en-US", 6 | "publisher": { 7 | "category": "translator", 8 | "name": "OASIS CSAF TC Translator", 9 | "namespace": "https://csaf.io/translator" 10 | }, 11 | "source_lang": "de-DE", 12 | "title": "Mandatory test: Translator (valid example 2)", 13 | "tracking": { 14 | "current_release_date": "2021-07-21T10:00:00.000Z", 15 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-15-12", 16 | "initial_release_date": "2021-07-21T10:00:00.000Z", 17 | "revision_history": [ 18 | { 19 | "date": "2021-07-21T10:00:00.000Z", 20 | "number": "1", 21 | "summary": "Initial version." 22 | } 23 | ], 24 | "status": "final", 25 | "version": "1" 26 | } 27 | } 28 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-16-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Latest Document Version (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-16-01", 14 | "initial_release_date": "2021-07-21T09:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T09:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "2", 24 | "summary": "Second version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "1" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-16-02.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Latest Document Version (failing example 2)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-16-02", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "2", 24 | "summary": "Second version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "1" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-16-03.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Latest Document Version (failing example 3)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-16-03", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "2", 19 | "summary": "Second version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "1", 24 | "summary": "Initial version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "1" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-16-04.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Latest Document Version (failing example 4)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-16-04", 14 | "initial_release_date": "2021-07-21T09:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T09:00:00.000Z", 18 | "number": "1.0.0", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "2.0.0", 24 | "summary": "Second version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "1.0.0" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-16-05.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Latest Document Version (failing example 5)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-16-05", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "2.0.0", 19 | "summary": "Second version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "1.0.0", 24 | "summary": "Initial version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "1.0.0" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-16-08.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Latest Document Version (failing example 8)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-16-08", 14 | "initial_release_date": "2021-07-21T10:00:00.00000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.00000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "2", 24 | "summary": "Second version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "1" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-16-11.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Latest Document Version (valid example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-16-11", 14 | "initial_release_date": "2021-07-21T09:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T09:00:00.000Z", 18 | "number": "1.0.0", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "2.0.0", 24 | "summary": "Second version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2.0.0" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-16-12.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Latest Document Version (valid example 2)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-16-12", 14 | "initial_release_date": "2021-07-21T09:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T09:00:00.000Z", 18 | "number": "1.0.0", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "2.0.0", 24 | "summary": "Second version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2.0.0+21AF26D3" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-16-13.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Latest Document Version (valid example 3)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-16-13", 14 | "initial_release_date": "2021-07-21T09:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T09:00:00.000Z", 18 | "number": "1.0.0", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "2.0.0+143D5", 24 | "summary": "Second version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2.0.0+21AF26D3" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-16-14.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Latest Document Version (valid example 4)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-16-14", 14 | "initial_release_date": "2021-07-21T09:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T09:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "2", 24 | "summary": "Second version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-16-15.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Latest Document Version (valid example 5)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-16-15", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "2", 24 | "summary": "Second version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-16-16.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Latest Document Version (valid example 6)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-16-16", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "2", 19 | "summary": "Second version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "1", 24 | "summary": "Initial version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-16-17.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Latest Document Version (valid example 7)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-16-17", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "2.0.0", 19 | "summary": "Second version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "1.0.0", 24 | "summary": "Initial version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2.0.0" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-16-31.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Latest Document Version (valid example 10)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-16-31", 14 | "initial_release_date": "2021-07-21T10:00:00.00000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.00000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "2", 24 | "summary": "Second version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-17-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Document Status Draft (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-17-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "0.9.5", 19 | "summary": "Initial draft version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "0.9.5" 24 | } 25 | } 26 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-18-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Released Revision History (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-18-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-04-17T10:00:00.000Z", 18 | "number": "0", 19 | "summary": "First draft" 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "1", 24 | "summary": "Initial version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "1" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-20-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Non-draft Document Version (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-20-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1.0.0", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "interim", 23 | "version": "1.0.0-alpha" 24 | } 25 | } 26 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-21-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Missing Item in Revision History (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-21-01", 14 | "initial_release_date": "2021-04-22T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-04-22T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "3", 24 | "summary": "Some other changes." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "3" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-21-02.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Missing Item in Revision History (failing example 2)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-21-02", 14 | "initial_release_date": "2021-04-22T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-04-22T10:00:00.000Z", 18 | "number": "2", 19 | "summary": "Second version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "3", 24 | "summary": "Some other changes." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "3" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-21-11.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Missing Item in Revision History (valid example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-21-11", 14 | "initial_release_date": "2021-04-22T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-04-22T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "2", 24 | "summary": "Some other changes." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-21-12.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Missing Item in Revision History (valid example 2)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-21-12", 14 | "initial_release_date": "2021-04-22T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-03-22T10:00:00.000Z", 18 | "number": "0", 19 | "summary": "Draft version." 20 | }, 21 | { 22 | "date": "2021-04-22T10:00:00.000Z", 23 | "number": "1", 24 | "summary": "Initial public release." 25 | } 26 | ], 27 | "status": "draft", 28 | "version": "1" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-21-13.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Missing Item in Revision History (valid example 3)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-21-13", 14 | "initial_release_date": "2021-04-22T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-04-22T10:00:00.000Z", 18 | "number": "1.0.0", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "1.1.0", 24 | "summary": "Some other changes." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "1.1.0" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-22-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Multiple Definition in Revision History (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-22-01", 14 | "initial_release_date": "2021-07-20T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-20T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "1", 24 | "summary": "Some other changes." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "1" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-23-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Multiple Use of Same CVE (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-23-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | }, 26 | "vulnerabilities": [ 27 | { 28 | "cve": "CVE-2017-0145" 29 | }, 30 | { 31 | "cve": "CVE-2017-0145" 32 | } 33 | ] 34 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-26-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "Security_Incident_Response", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Prohibited Document Category Name (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-26-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | } 26 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-27-03-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_informational_advisory", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Vulnerabilities (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-27-03-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | }, 26 | "vulnerabilities": [ 27 | { 28 | "title": "A vulnerability item that SHALL NOT exist" 29 | } 30 | ] 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-27-04-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_security_advisory", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Product Tree (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-27-04-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | }, 26 | "vulnerabilities": [ 27 | { 28 | "title": "A vulnerability item that can't reference any product as the product_tree does not exist." 29 | } 30 | ] 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-27-05-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_security_advisory", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Vulnerability Notes (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-27-05-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | }, 26 | "vulnerabilities": [ 27 | { 28 | "title": "A vulnerability item without a note" 29 | } 30 | ] 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-27-06-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_security_advisory", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Product Status (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-27-06-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | }, 26 | "vulnerabilities": [ 27 | { 28 | "title": "A vulnerability item without a product status" 29 | } 30 | ] 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-27-08-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_vex", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Vulnerability ID (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-27-08-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | }, 26 | "vulnerabilities": [ 27 | { 28 | "title": "A vulnerability item without a CVE or ID" 29 | } 30 | ] 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-27-11-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_security_advisory", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Vulnerabilities (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-27-11-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | }, 26 | "product_tree": { 27 | "full_product_names": [ 28 | { 29 | "product_id": "CSAFPID-9080700", 30 | "name": "Product A" 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-28-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "lang": "en-US", 6 | "publisher": { 7 | "category": "other", 8 | "name": "OASIS CSAF TC", 9 | "namespace": "https://csaf.io" 10 | }, 11 | "source_lang": "en-US", 12 | "title": "Mandatory test: Translation (failing example 1)", 13 | "tracking": { 14 | "current_release_date": "2021-07-21T10:00:00.000Z", 15 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-28-01", 16 | "initial_release_date": "2021-07-21T10:00:00.000Z", 17 | "revision_history": [ 18 | { 19 | "date": "2021-07-21T10:00:00.000Z", 20 | "number": "1", 21 | "summary": "Initial version." 22 | } 23 | ], 24 | "status": "final", 25 | "version": "1" 26 | } 27 | } 28 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-28-11.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "lang": "en-US", 6 | "publisher": { 7 | "category": "other", 8 | "name": "OASIS CSAF TC", 9 | "namespace": "https://csaf.io" 10 | }, 11 | "source_lang": "en-GB", 12 | "title": "Mandatory test: Translation (valid example 1)", 13 | "tracking": { 14 | "current_release_date": "2021-07-21T10:00:00.000Z", 15 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-28-11", 16 | "initial_release_date": "2021-07-21T10:00:00.000Z", 17 | "revision_history": [ 18 | { 19 | "date": "2021-07-21T10:00:00.000Z", 20 | "number": "1", 21 | "summary": "Initial version." 22 | } 23 | ], 24 | "status": "final", 25 | "version": "1" 26 | } 27 | } 28 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-30-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Mixed Integer and Semantic Versioning (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-30-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T09:00:00.000Z", 18 | "number": "1.0.0", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "2", 24 | "summary": "Second version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-30-11.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Mandatory test: Mixed Integer and Semantic Versioning (valid example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-30-11", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T09:00:00.000Z", 18 | "number": "1.0.0", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-21T10:00:00.000Z", 23 | "number": "2.0.0", 24 | "summary": "Second version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2.0.0" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/oasis_csaf_tc-csaf_2_0-2021-TEMPLATE.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Template for generating CSAF files for Validator examples", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-TEMPLATE", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-01-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Optional test: Unused Definition of Product ID (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-01-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | }, 26 | "product_tree": { 27 | "full_product_names": [ 28 | { 29 | "product_id": "CSAFPID-9080700", 30 | "name": "Product A" 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-04-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Optional test: Build Metadata in Revision History (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-04-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-04-23T10:00:00.000Z", 18 | "number": "1.0.0+exp.sha.ac00785", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1.0.0" 24 | } 25 | } 26 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-05-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Optional test: Older Initial Release Date than Revision History (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-05-01", 14 | "initial_release_date": "2021-04-22T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-05-06T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-21T11:00:00.000Z", 23 | "number": "2", 24 | "summary": "Second version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-06-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Optional test: Older Current Release Date than Revision History (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-05-06T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-06-01", 14 | "initial_release_date": "2021-05-06T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-05-06T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | }, 21 | { 22 | "date": "2021-07-21T11:00:00.000Z", 23 | "number": "2", 24 | "summary": "Second version." 25 | } 26 | ], 27 | "status": "final", 28 | "version": "2" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-07-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Optional test: Missing Date in Involvements (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-07-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | }, 26 | "vulnerabilities": [ 27 | { 28 | "involvements": [ 29 | { 30 | "party": "vendor", 31 | "status": "in_progress" 32 | } 33 | ] 34 | } 35 | ] 36 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-10-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "distribution": { 6 | "text": "Distribute freely." 7 | }, 8 | "publisher": { 9 | "category": "other", 10 | "name": "OASIS CSAF TC", 11 | "namespace": "https://csaf.io" 12 | }, 13 | "title": "Optional test: Missing TLP label (failing example 1)", 14 | "tracking": { 15 | "current_release_date": "2021-07-21T10:00:00.000Z", 16 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-10-01", 17 | "initial_release_date": "2021-07-21T10:00:00.000Z", 18 | "revision_history": [ 19 | { 20 | "date": "2021-07-21T10:00:00.000Z", 21 | "number": "1", 22 | "summary": "Initial version." 23 | } 24 | ], 25 | "status": "final", 26 | "version": "1" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-12-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Optional test: Missing Document Language (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-12-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | } 26 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-13-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "csaf_version": "2.0", 4 | "category": "csaf_base", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Optional test: Sorting (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-13-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | } 26 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-14-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "lang": "qtx", 6 | "publisher": { 7 | "category": "other", 8 | "name": "OASIS CSAF TC", 9 | "namespace": "https://csaf.io" 10 | }, 11 | "title": "Optional test: Use of Private Language (failing example 1)", 12 | "tracking": { 13 | "current_release_date": "2021-07-21T10:00:00.000Z", 14 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-14-01", 15 | "initial_release_date": "2021-07-21T10:00:00.000Z", 16 | "revision_history": [ 17 | { 18 | "date": "2021-07-21T10:00:00.000Z", 19 | "number": "1", 20 | "summary": "Initial version." 21 | } 22 | ], 23 | "status": "final", 24 | "version": "1" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-14-02.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "lang": "en", 6 | "publisher": { 7 | "category": "other", 8 | "name": "OASIS CSAF TC", 9 | "namespace": "https://csaf.io" 10 | }, 11 | "source_lang": "qcb", 12 | "title": "Optional test: Use of Private Language (failing example 2)", 13 | "tracking": { 14 | "current_release_date": "2021-07-21T10:00:00.000Z", 15 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-14-02", 16 | "initial_release_date": "2021-07-21T10:00:00.000Z", 17 | "revision_history": [ 18 | { 19 | "date": "2021-07-21T10:00:00.000Z", 20 | "number": "1", 21 | "summary": "Initial version." 22 | } 23 | ], 24 | "status": "final", 25 | "version": "1" 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-14-03.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "lang": "qdq", 6 | "publisher": { 7 | "category": "other", 8 | "name": "OASIS CSAF TC", 9 | "namespace": "https://csaf.io" 10 | }, 11 | "source_lang": "qcb", 12 | "title": "Optional test: Use of Private Language (failing example 3)", 13 | "tracking": { 14 | "current_release_date": "2021-07-21T10:00:00.000Z", 15 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-14-03", 16 | "initial_release_date": "2021-07-21T10:00:00.000Z", 17 | "revision_history": [ 18 | { 19 | "date": "2021-07-21T10:00:00.000Z", 20 | "number": "1", 21 | "summary": "Initial version." 22 | } 23 | ], 24 | "status": "final", 25 | "version": "1" 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-14-04.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "lang": "en-QM", 6 | "publisher": { 7 | "category": "other", 8 | "name": "OASIS CSAF TC", 9 | "namespace": "https://csaf.io" 10 | }, 11 | "title": "Optional test: Use of Private Language (failing example 4)", 12 | "tracking": { 13 | "current_release_date": "2021-07-21T10:00:00.000Z", 14 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-14-04", 15 | "initial_release_date": "2021-07-21T10:00:00.000Z", 16 | "revision_history": [ 17 | { 18 | "date": "2021-07-21T10:00:00.000Z", 19 | "number": "1", 20 | "summary": "Initial version." 21 | } 22 | ], 23 | "status": "final", 24 | "version": "1" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-14-05.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "lang": "en-XP", 6 | "publisher": { 7 | "category": "other", 8 | "name": "OASIS CSAF TC", 9 | "namespace": "https://csaf.io" 10 | }, 11 | "title": "Optional test: Use of Private Language (failing example 5)", 12 | "tracking": { 13 | "current_release_date": "2021-07-21T10:00:00.000Z", 14 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-14-05", 15 | "initial_release_date": "2021-07-21T10:00:00.000Z", 16 | "revision_history": [ 17 | { 18 | "date": "2021-07-21T10:00:00.000Z", 19 | "number": "1", 20 | "summary": "Initial version." 21 | } 22 | ], 23 | "status": "final", 24 | "version": "1" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-14-06.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "lang": "en-Qabc", 6 | "publisher": { 7 | "category": "other", 8 | "name": "OASIS CSAF TC", 9 | "namespace": "https://csaf.io" 10 | }, 11 | "title": "Optional test: Use of Private Language (failing example 6)", 12 | "tracking": { 13 | "current_release_date": "2021-07-21T10:00:00.000Z", 14 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-14-06", 15 | "initial_release_date": "2021-07-21T10:00:00.000Z", 16 | "revision_history": [ 17 | { 18 | "date": "2021-07-21T10:00:00.000Z", 19 | "number": "1", 20 | "summary": "Initial version." 21 | } 22 | ], 23 | "status": "final", 24 | "version": "1" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-14-07.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "lang": "en-AA", 6 | "publisher": { 7 | "category": "other", 8 | "name": "OASIS CSAF TC", 9 | "namespace": "https://csaf.io" 10 | }, 11 | "title": "Optional test: Use of Private Language (failing example 7)", 12 | "tracking": { 13 | "current_release_date": "2021-07-21T10:00:00.000Z", 14 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-14-07", 15 | "initial_release_date": "2021-07-21T10:00:00.000Z", 16 | "revision_history": [ 17 | { 18 | "date": "2021-07-21T10:00:00.000Z", 19 | "number": "1", 20 | "summary": "Initial version." 21 | } 22 | ], 23 | "status": "final", 24 | "version": "1" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-14-08.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "lang": "fr-ZZ", 6 | "publisher": { 7 | "category": "other", 8 | "name": "OASIS CSAF TC", 9 | "namespace": "https://csaf.io" 10 | }, 11 | "title": "Optional test: Use of Private Language (failing example 8)", 12 | "tracking": { 13 | "current_release_date": "2021-07-21T10:00:00.000Z", 14 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-14-08", 15 | "initial_release_date": "2021-07-21T10:00:00.000Z", 16 | "revision_history": [ 17 | { 18 | "date": "2021-07-21T10:00:00.000Z", 19 | "number": "1", 20 | "summary": "Initial version." 21 | } 22 | ], 23 | "status": "final", 24 | "version": "1" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-14-11.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "lang": "en-US", 6 | "publisher": { 7 | "category": "other", 8 | "name": "OASIS CSAF TC", 9 | "namespace": "https://csaf.io" 10 | }, 11 | "title": "Optional test: Use of Private Language (valid example 1)", 12 | "tracking": { 13 | "current_release_date": "2021-07-21T10:00:00.000Z", 14 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-14-11", 15 | "initial_release_date": "2021-07-21T10:00:00.000Z", 16 | "revision_history": [ 17 | { 18 | "date": "2021-07-21T10:00:00.000Z", 19 | "number": "1", 20 | "summary": "Initial version." 21 | } 22 | ], 23 | "status": "final", 24 | "version": "1" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-14-12.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "lang": "en-US", 6 | "publisher": { 7 | "category": "other", 8 | "name": "OASIS CSAF TC", 9 | "namespace": "https://csaf.io" 10 | }, 11 | "source_lang": "de-DE", 12 | "title": "Optional test: Use of Private Language (valid example 2)", 13 | "tracking": { 14 | "current_release_date": "2021-07-21T10:00:00.000Z", 15 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-14-12", 16 | "initial_release_date": "2021-07-21T10:00:00.000Z", 17 | "revision_history": [ 18 | { 19 | "date": "2021-07-21T10:00:00.000Z", 20 | "number": "1", 21 | "summary": "Initial version." 22 | } 23 | ], 24 | "status": "final", 25 | "version": "1" 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-15-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "lang": "i-default", 6 | "publisher": { 7 | "category": "other", 8 | "name": "OASIS CSAF TC", 9 | "namespace": "https://csaf.io" 10 | }, 11 | "title": "Optional test: Use of Default Language (failing example 1)", 12 | "tracking": { 13 | "current_release_date": "2021-07-21T10:00:00.000Z", 14 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-15-01", 15 | "initial_release_date": "2021-07-21T10:00:00.000Z", 16 | "revision_history": [ 17 | { 18 | "date": "2021-07-21T10:00:00.000Z", 19 | "number": "1", 20 | "summary": "Initial version." 21 | } 22 | ], 23 | "status": "final", 24 | "version": "1" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-15-02.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "lang": "en", 6 | "publisher": { 7 | "category": "other", 8 | "name": "OASIS CSAF TC", 9 | "namespace": "https://csaf.io" 10 | }, 11 | "source_lang": "i-default", 12 | "title": "Optional test: Use of Default Language (failing example 2)", 13 | "tracking": { 14 | "current_release_date": "2021-07-21T10:00:00.000Z", 15 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-15-02", 16 | "initial_release_date": "2021-07-21T10:00:00.000Z", 17 | "revision_history": [ 18 | { 19 | "date": "2021-07-21T10:00:00.000Z", 20 | "number": "1", 21 | "summary": "Initial version." 22 | } 23 | ], 24 | "status": "final", 25 | "version": "1" 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-15-11.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "lang": "en", 6 | "publisher": { 7 | "category": "other", 8 | "name": "OASIS CSAF TC", 9 | "namespace": "https://csaf.io" 10 | }, 11 | "title": "Optional test: Use of Default Language (valid example 1)", 12 | "tracking": { 13 | "current_release_date": "2021-07-21T10:00:00.000Z", 14 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-15-11", 15 | "initial_release_date": "2021-07-21T10:00:00.000Z", 16 | "revision_history": [ 17 | { 18 | "date": "2021-07-21T10:00:00.000Z", 19 | "number": "1", 20 | "summary": "Initial version." 21 | } 22 | ], 23 | "status": "final", 24 | "version": "1" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-17-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "publisher": { 6 | "category": "other", 7 | "name": "OASIS CSAF TC", 8 | "namespace": "https://csaf.io" 9 | }, 10 | "title": "Optional test: CVE in field IDs (failing example 1)", 11 | "tracking": { 12 | "current_release_date": "2021-07-21T10:00:00.000Z", 13 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-17-01", 14 | "initial_release_date": "2021-07-21T10:00:00.000Z", 15 | "revision_history": [ 16 | { 17 | "date": "2021-07-21T10:00:00.000Z", 18 | "number": "1", 19 | "summary": "Initial version." 20 | } 21 | ], 22 | "status": "final", 23 | "version": "1" 24 | } 25 | }, 26 | "vulnerabilities": [ 27 | { 28 | "ids": [ 29 | { 30 | "system_name": "CVE Project", 31 | "text": "CVE-2021-44228" 32 | } 33 | ] 34 | } 35 | ] 36 | } -------------------------------------------------------------------------------- /csaf_2.0/test/validator/data/optional/oasis_csaf_tc-csaf_2_0-2021-6-2-20-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "document": { 3 | "category": "csaf_base", 4 | "csaf_version": "2.0", 5 | "custom_property": "any", 6 | "publisher": { 7 | "category": "other", 8 | "name": "OASIS CSAF TC", 9 | "namespace": "https://csaf.io" 10 | }, 11 | "title": "Optional test: Additional Properties (failing example 1)", 12 | "tracking": { 13 | "current_release_date": "2021-07-21T10:00:00.000Z", 14 | "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-2-20-01", 15 | "initial_release_date": "2021-07-21T10:00:00.000Z", 16 | "revision_history": [ 17 | { 18 | "date": "2021-07-21T10:00:00.000Z", 19 | "number": "1", 20 | "summary": "Initial version." 21 | } 22 | ], 23 | "status": "final", 24 | "version": "1" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /csaf_2.1/README.md: -------------------------------------------------------------------------------- 1 | # Seeding the next version of CSAF 2 | 3 | This folder serves as a showcase of an improved way 4 | to edit, verify, and validate the next version of CSAF. 5 | 6 | The main goals are (for now): 7 | 8 | - extract examples to ensure validation 9 | - refactor the source markdown into smaller chunks (per sections) 10 | - set uo a binder text file that declares the order of concatenation of these source files 11 | - automatically derive the section numbering from the order and an AST traversal 12 | - generate the single elephant GFM+gh_cosmetics user facing delivery item from these source 13 | - empower the editors by enfocing semantic references 14 | - use vale for developer documentation spell checks 15 | - use markdownlint to validate the sourc emarkdown files 16 | - use pandoc and filters to generate html and pdf user facing delivery items 17 | -------------------------------------------------------------------------------- /csaf_2.1/examples/ROLIE/example-01-category.json: -------------------------------------------------------------------------------- 1 | { 2 | "categories": { 3 | "category": [ 4 | { 5 | "term": "Example Company Product A" 6 | }, 7 | { 8 | "term": "Example Company Product B" 9 | } 10 | ] 11 | } 12 | } -------------------------------------------------------------------------------- /csaf_2.1/examples/ROLIE/example-01-service.json: -------------------------------------------------------------------------------- 1 | { 2 | "service": { 3 | "workspace": [ 4 | { 5 | "title": "Public CSAF feed", 6 | "collection": [ 7 | { 8 | "title": "Example CSAF feed (TLP:CLEAR)", 9 | "href": "https://psirt.domain.tld/advisories/csaf/feed-tlp-clear.json", 10 | "categories": { 11 | "category": [ 12 | { 13 | "scheme": "urn:ietf:params:rolie:category:information-type", 14 | "term": "csaf" 15 | } 16 | ] 17 | } 18 | } 19 | ] 20 | } 21 | ] 22 | } 23 | } -------------------------------------------------------------------------------- /csaf_2.1/json_schema/meta.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://json-schema.org/draft/2020-12/schema", 3 | "$id": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/meta.json", 4 | "$dynamicAnchor": "meta", 5 | "$vocabulary": { 6 | "https://json-schema.org/draft/2020-12/vocab/core": true, 7 | "https://json-schema.org/draft/2020-12/vocab/format-assertion": true 8 | }, 9 | "allOf": [ 10 | { "$ref": "https://json-schema.org/draft/2020-12/meta/core" }, 11 | { "$ref": "https://json-schema.org/draft/2020-12/meta/format-assertion" } 12 | ] 13 | } -------------------------------------------------------------------------------- /csaf_2.1/language_specific_translation/translations.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://raw.githubusercontent.com/oasis-tcs/csaf/master/csaf_2.1/test/language_specific_translation/translations_json_schema.json", 3 | "translation_version": "2.1", 4 | "translation": { 5 | "de": { 6 | "license": "Lizenz", 7 | "product_description": "Produktbeschreibung", 8 | "reasoning_for_supersession": "Begründung für die Ersetzung", 9 | "reasoning_for_withdrawal": "Begründung für die Zurückziehung", 10 | "superseding_document": "Ersetzendes Dokument" 11 | } 12 | } 13 | } -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/bin/png-logo-to-data-url.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | # Transform PNG logo from OASIS into a DATA-URL format we can embed into the HTML 3 | # shellcheck disable=SC2002 4 | outfile="logo-data-url.txt" 5 | tool="$0" 6 | : "${1?"usage: $tool path-to-png-file"}" 7 | printf "%s" "data:image/png;base64,$(cat "$1" | base64 | tr -d '\r\n')" > "${outfile}" 8 | printf "INFO: tool(%s) wrote data-url representation of (%s) into (%s) at (%s)\n" "$0" "$1" "${outfile}" "${PWD}" 9 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/etc/vale.ini: -------------------------------------------------------------------------------- 1 | MinAlertLevel = suggestion 2 | 3 | [*] 4 | BasedOnStyles = Vale 5 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/design-considerations-03-date-time.md: -------------------------------------------------------------------------------- 1 | ## Date and Time 2 | 3 | This standard uses the `date-time` format as defined in JSON Schema Draft 2020-12 Section 7.3.1. 4 | In accordance with [cite](#RFC3339) and [cite](#ISO8601-1), the following rules apply: 5 | 6 | * The letter `T` separating the date and time SHALL be upper case. 7 | * The separator between date and time MUST be the letter `T`. 8 | * The letter `Z` indicating the timezone UTC SHALL be upper case. 9 | * Fractions of seconds are allowed as specified in the standards mention above with the full stop (`.`) as separator. 10 | * Leap seconds MUST NOT be used. 11 | > While a full support of RFC 3339 would be preferred, significant challenges have been mentioned by implementers as most libraries are lacking 12 | > the support for leap seconds. 13 | > To ensure interoperability, the decision was made to prohibit leap seconds. 14 | * Empty timezones MUST NOT be used. 15 | * The ABNF of RFC 3339, section 5.6 applies. 16 | 17 | ------- 18 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/distributing-00.md: -------------------------------------------------------------------------------- 1 | # Distributing CSAF documents 2 | 3 | This section lists requirements and roles defined for distributing CSAF documents. 4 | The first subsection provides all requirements - the second one the roles. 5 | It is mandatory to fulfill the basic role "CSAF publisher". The last section provides specific rules for the process of retrieving CSAF documents. 6 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/introduction-00.md: -------------------------------------------------------------------------------- 1 | # Introduction 2 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/introduction-01-ipr-policy.md: -------------------------------------------------------------------------------- 1 | ## IPR Policy 2 | 3 | This specification is provided under the [Non-Assertion](https://www.oasis-open.org/policies-guidelines/ipr/#Non-Assertion-Mode) Mode of 4 | the [OASIS IPR Policy](https://www.oasis-open.org/policies-guidelines/ipr/), the mode chosen when the Technical Committee was established. 5 | For information on whether any patents have been disclosed that may be essential to implementing this specification, 6 | and any offers of patent licensing terms, please refer to the Intellectual Property Rights section of the TC's 7 | web page ([https://www.oasis-open.org/committees/csaf/ipr.php](https://www.oasis-open.org/committees/csaf/ipr.php)). 8 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/introduction-02-terminology.md: -------------------------------------------------------------------------------- 1 | ## Terminology 2 | 3 | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", 4 | "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [cite](#RFC2119) and [cite](#RFC8174) when, 5 | and only when, they appear in all capitals, as shown here. 6 | 7 | For purposes of this document, the following terms and definitions apply: 8 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/introduction-05-typographical-conventions.md: -------------------------------------------------------------------------------- 1 | ## Typographical Conventions 2 | 3 | Keywords defined by this specification use this `monospaced` font. 4 | 5 | ``` 6 | Normative source code uses this paragraph style. 7 | ``` 8 | 9 | Some sections of this specification are illustrated with non-normative examples introduced with "Example" or "Examples" like so: 10 | 11 | *Example 1:* 12 | 13 | ``` 14 | Informative examples also use this paragraph style but preceded by the text "Example(s)". 15 | ``` 16 | 17 | All examples in this document are informative only. 18 | 19 | All other text is normative unless otherwise labeled e.g. like the following informative comment: 20 | 21 | > This is a pure informative comment that may be present, because the information conveyed is deemed useful advice or 22 | > common pitfalls learned from implementer or operator experience and often given including the rationale. 23 | 24 | ------- 25 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/schema-elements-01-defs-06-product-group-id.md: -------------------------------------------------------------------------------- 1 | ### Product Group ID Type 2 | 3 | The Product Group ID Type (`product_group_id_t`) of value type `string` with 1 or more characters is a reference token for product group instances. 4 | The value is a token required to identify a group of products so that it can be referred to from other parts in the document. 5 | There is no predefined or required format for the Product Group ID (`product_group_id`) as long as it uniquely identifies 6 | a product group in the context of the current document. 7 | 8 | ``` 9 | "product_group_id_t": { 10 | // ... 11 | }, 12 | ``` 13 | 14 | *Examples 1:* 15 | 16 | ``` 17 | CSAFGID-0001 18 | CSAFGID-0002 19 | CSAFGID-0020 20 | ``` 21 | 22 | > Even though the standard does not require a specific format it is recommended to use different prefixes for the Product ID and 23 | > the Product Group ID to support reading and parsing the document. 24 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/schema-elements-01-defs-07-product-groups.md: -------------------------------------------------------------------------------- 1 | ### Product Groups Type 2 | 3 | List of Product Group ID (`product_groups_t`) of value type `array` with 1 or more unique items (a `set`) of type 4 | Product Group ID (`product_group_id_t`) specifies a list of `product_group_ids` to give context to the parent item. 5 | 6 | ``` 7 | "product_groups_t": { 8 | // ... 9 | "items": { 10 | // ... 11 | } 12 | }, 13 | ``` 14 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/schema-elements-01-defs-08-product-id.md: -------------------------------------------------------------------------------- 1 | ### Product ID Type 2 | 3 | The Product ID Type (`product_id_t`) of value type `string` with 1 or more characters is a reference token for product instances. 4 | The value is a token required to identify a `full_product_name` so that it can be referred to from other parts in the document. 5 | There is no predefined or required format for the Product ID (`product_id`) as long as it uniquely identifies a product in the context of 6 | the current document. 7 | 8 | ``` 9 | "product_id_t": { 10 | // ... 11 | }, 12 | ``` 13 | 14 | *Examples 1:* 15 | 16 | ``` 17 | CSAFPID-0004 18 | CSAFPID-0008 19 | ``` 20 | 21 | > Even though the standard does not require a specific format it is recommended to use different prefixes for the Product ID and 22 | > the Product Group ID to support reading and parsing the document. 23 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/schema-elements-01-defs-09-products.md: -------------------------------------------------------------------------------- 1 | ### Products Type 2 | 3 | List of Product IDs (`products_t`) of value type `array` with 1 or more unique items (a `set`) of type 4 | Product ID (`product_id_t`) specifies a list of `product_ids` to give context to the parent item. 5 | 6 | ``` 7 | "products_t": { 8 | // ... 9 | "items": { 10 | // ... 11 | } 12 | }, 13 | ``` 14 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/schema-elements-02-properties.md: -------------------------------------------------------------------------------- 1 | ## Properties 2 | 3 | These final four subsections document the four properties of a CSAF document. 4 | The two mandatory properties `$schema` and `document`, as well as the optional properties `product_tree` and `vulnerabilities` in that order. 5 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/schema-elements-02-props-01-schema.md: -------------------------------------------------------------------------------- 1 | ### Schema Property 2 | 3 | JSON schema (`$schema`) of value type `string` and `enum` with format `uri` contains the URL of the CSAF JSON schema which the document promises to be valid for. 4 | The single valid value for this `enum` is: 5 | 6 | ``` 7 | https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json 8 | ``` 9 | 10 | > This value allows for tools to identify that a JSON document is meant to be valid against this schema. 11 | > Tools can use that to support users by automatically checking whether the CSAF adheres to the JSON schema identified by this URL. 12 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/table-of-contents.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/csaf_2.1/prose/edit/src/table-of-contents.md -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-00.md: -------------------------------------------------------------------------------- 1 | # Tests 2 | 3 | The first three subsections list a number of tests which all will have a short description and an excerpt of an example which fails the test. 4 | The forth subsection groups tests into preset. 5 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mandatory.md: -------------------------------------------------------------------------------- 1 | ## Mandatory Tests 2 | 3 | Mandatory tests MUST NOT fail at a valid CSAF document. 4 | A program MUST handle a test failure as an error. 5 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-02-multiple-definition-of-product-id.md: -------------------------------------------------------------------------------- 1 | ### Multiple Definition of Product ID 2 | 3 | For each Product ID (type `/$defs/product_id_t`) in Full Product Name elements (type: `/$defs/full_product_name_t`) it 4 | MUST be tested that the `product_id` was not already defined within the same document. 5 | 6 | The relevant paths for this test are: 7 | 8 | ``` 9 | /product_tree/branches[](/branches[])*/product/product_id 10 | /product_tree/full_product_names[]/product_id 11 | /product_tree/relationships[]/full_product_name/product_id 12 | ``` 13 | 14 | *Example 1 (which fails the test):* 15 | 16 | ``` 17 | "product_tree": { 18 | "full_product_names": [ 19 | { 20 | "product_id": "CSAFPID-9080700", 21 | "name": "Product A" 22 | }, 23 | { 24 | "product_id": "CSAFPID-9080700", 25 | "name": "Product B" 26 | } 27 | ] 28 | } 29 | ``` 30 | 31 | > `CSAFPID-9080700` was defined twice. 32 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-08-invalid-cvss.md: -------------------------------------------------------------------------------- 1 | ### Invalid CVSS 2 | 3 | It MUST be tested that the given CVSS object is valid according to the referenced schema. 4 | 5 | The relevant paths for this test are: 6 | 7 | ``` 8 | /vulnerabilities[]/metrics[]/content/cvss_v2 9 | /vulnerabilities[]/metrics[]/content/cvss_v3 10 | /vulnerabilities[]/metrics[]/content/cvss_v4 11 | ``` 12 | 13 | *Example 1 (which fails the test):* 14 | 15 | ``` 16 | "cvss_v3": { 17 | "version": "3.1", 18 | "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", 19 | "baseScore": 6.5 20 | } 21 | ``` 22 | 23 | > The required element `baseSeverity` is missing. 24 | 25 | > A tool MAY add one or more of the missing properties `version`, `baseScore` and `baseSeverity` based on 26 | > the values given in `vectorString` as quick fix. 27 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-11-cwe.md: -------------------------------------------------------------------------------- 1 | ### CWE{#mandatory-tests--cwe} 2 | 3 | For each CWE it MUST be tested that the given CWE exists and is valid in the `version` provided. 4 | Any `id` that refers to a CWE Category or View MUST fail the test. 5 | 6 | The relevant path for this test is: 7 | 8 | ``` 9 | /vulnerabilities[]/cwes[] 10 | ``` 11 | 12 | *Example 1 (which fails the test):* 13 | 14 | ``` 15 | "cwes": [ 16 | { 17 | "id": "CWE-79", 18 | "name": "Improper Input Validation", 19 | "version": "4.13" 20 | } 21 | ] 22 | ``` 23 | 24 | > The `CWE-79` exists. However, its name in version `4.13` is `Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')`. 25 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-12-language.md: -------------------------------------------------------------------------------- 1 | ### Language 2 | 3 | For each element of type `/$defs/lang_t` it MUST be tested that the language code is valid and exists. 4 | 5 | The relevant paths for this test are: 6 | 7 | ``` 8 | /document/lang 9 | /document/source_lang 10 | ``` 11 | 12 | *Example 1 (which fails the test):* 13 | 14 | ``` 15 | "lang": "EZ" 16 | ``` 17 | 18 | > `EZ` is not a valid language. It is the subtag for the region "Eurozone". 19 | 20 | > For any deprecated subtag, a tool MAY replace it with its preferred value as a quick fix. 21 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-13-purl.md: -------------------------------------------------------------------------------- 1 | ### PURL 2 | 3 | It MUST be tested that all given purls are valid. 4 | 5 | The relevant paths for this test are: 6 | 7 | ``` 8 | /product_tree/branches[](/branches[])*/product/product_identification_helper/purls[] 9 | /product_tree/full_product_names[]/product_identification_helper/purls[] 10 | /product_tree/relationships[]/full_product_name/product_identification_helper/purls[] 11 | ``` 12 | 13 | *Example 1 (which fails the test):* 14 | 15 | ``` 16 | "product_tree": { 17 | "full_product_names": [ 18 | { 19 | "name": "Product A", 20 | "product_id": "CSAFPID-9080700", 21 | "product_identification_helper": { 22 | "purls": [ 23 | "pkg:maven/@1.3.4" 24 | ] 25 | } 26 | } 27 | ] 28 | } 29 | ``` 30 | 31 | > Any valid purl has a name component. 32 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-14-sorted-revision-history.md: -------------------------------------------------------------------------------- 1 | ### Sorted Revision History 2 | 3 | It MUST be tested that the value of `number` of items of the revision history are sorted ascending when the items are sorted 4 | ascending by `date` and as a second level criteria `number`. 5 | As the timestamps might use different timezones, the sorting MUST take timezones into account. 6 | 7 | The relevant path for this test is: 8 | 9 | ``` 10 | /document/tracking/revision_history 11 | ``` 12 | 13 | *Example 1 (which fails the test):* 14 | 15 | ``` 16 | "revision_history": [ 17 | { 18 | "date": "2024-01-22T10:00:00.000Z", 19 | "number": "2", 20 | "summary": "Second version." 21 | }, 22 | { 23 | "date": "2024-01-23T10:00:00.000Z", 24 | "number": "1", 25 | "summary": "Initial version." 26 | } 27 | ] 28 | ``` 29 | 30 | > The first item has a higher version number than the second. 31 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-15-translator.md: -------------------------------------------------------------------------------- 1 | ### Translator 2 | 3 | It MUST be tested that `/document/source_lang` is present and set if the value `translator` is used for `/document/publisher/category`. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /document/source_lang 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "document": { 15 | // ... 16 | "publisher": { 17 | "category": "translator", 18 | "name": "CSAF TC Translator", 19 | "namespace": "https://csaf.io/translator" 20 | }, 21 | "title": "Mandatory test: Translator (failing example 1)", 22 | // ... 23 | } 24 | ``` 25 | 26 | > The required element `source_lang` is missing. 27 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-17-document-status-draft.md: -------------------------------------------------------------------------------- 1 | ### Document Status Draft 2 | 3 | It MUST be tested that document status is `draft` if the document version is `0` or `0.y.z` or contains the pre-release part. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /document/tracking/status 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "tracking": { 15 | // ... 16 | "status": "final", 17 | "version": "0.9.5" 18 | } 19 | ``` 20 | 21 | > The `/document/tracking/version` is `0.9.5` but the document status is `final`. 22 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-18-released-revision-history.md: -------------------------------------------------------------------------------- 1 | ### Released Revision History 2 | 3 | It MUST be tested that no item of the revision history has a `number` of `0` or `0.y.z` when the document status is `final` or `interim`. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /document/tracking/revision_history[]/number 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "tracking": { 15 | // ... 16 | "revision_history": [ 17 | { 18 | "date": "2023-09-17T10:00:00.000Z", 19 | "number": "0", 20 | "summary": "First draft" 21 | }, 22 | { 23 | "date": "2024-01-21T10:00:00.000Z", 24 | "number": "1", 25 | "summary": "Initial version." 26 | } 27 | ], 28 | "status": "final", 29 | "version": "1" 30 | } 31 | ``` 32 | 33 | > The document status is `final` but the revision history includes an item which has `0` as value for `number`. 34 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-19-revision-history-entries-for-pre-release-versions.md: -------------------------------------------------------------------------------- 1 | ### Revision History Entries for Pre-release Versions 2 | 3 | It MUST be tested that no item of the revision history has a `number` which includes pre-release information. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /document/tracking/revision_history[]/number 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "revision_history": [ 15 | { 16 | "date": "2023-08-22T10:00:00.000Z", 17 | "number": "1.0.0-rc", 18 | "summary": "Release Candidate for initial version." 19 | }, 20 | { 21 | "date": "2023-08-23T10:00:00.000Z", 22 | "number": "1.0.0", 23 | "summary": "Initial version." 24 | } 25 | ] 26 | ``` 27 | 28 | > The revision history contains an item which has a `number` that indicates that this is pre-release. 29 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-20-non-draft-document-version.md: -------------------------------------------------------------------------------- 1 | ### Non-draft Document Version 2 | 3 | It MUST be tested that document version does not contain a pre-release part if the document status is `final` or `interim`. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /document/tracking/version 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "tracking": { 15 | // ... 16 | "status": "interim", 17 | "version": "1.0.0-alpha" 18 | } 19 | ``` 20 | 21 | > The document status is `interim` but the document version contains the pre-release part `-alpha`. 22 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-22-multiple-definition-in-revision-history.md: -------------------------------------------------------------------------------- 1 | ### Multiple Definition in Revision History 2 | 3 | It MUST be tested that items of the revision history do not contain the same version number. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /document/tracking/revision_history 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "revision_history": [ 15 | { 16 | "date": "2024-01-20T10:00:00.000Z", 17 | "number": "1", 18 | "summary": "Initial version." 19 | }, 20 | { 21 | "date": "2024-01-21T10:00:00.000Z", 22 | "number": "1", 23 | "summary": "Some other changes." 24 | } 25 | ] 26 | ``` 27 | 28 | > The revision history contains two items with the version number `1`. 29 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-23-multiple-use-of-same-cve.md: -------------------------------------------------------------------------------- 1 | ### Multiple Use of Same CVE 2 | 3 | It MUST be tested that a CVE is not used in multiple vulnerability items. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /vulnerabilities[]/cve 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "vulnerabilities": [ 15 | { 16 | "cve": "CVE-2017-0145" 17 | }, 18 | { 19 | "cve": "CVE-2017-0145" 20 | } 21 | ] 22 | ``` 23 | 24 | > The vulnerabilities array contains two items with the same CVE identifier `CVE-2017-0145`. 25 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-24-multiple-definition-in-involvements.md: -------------------------------------------------------------------------------- 1 | ### Multiple Definition in Involvements 2 | 3 | It MUST be tested that items of the list of involvements do not contain the same `party` regardless of its `status` more than once at any `date`. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /vulnerabilities[]/involvements 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "vulnerabilities": [ 15 | { 16 | "involvements": [ 17 | { 18 | "date": "2023-08-23T10:00:00.000Z", 19 | "party": "vendor", 20 | "status": "completed" 21 | }, 22 | { 23 | "date": "2023-08-23T10:00:00.000Z", 24 | "party": "vendor", 25 | "status": "in_progress", 26 | "summary": "The vendor has released a mitigation and is working to fully resolve the issue." 27 | } 28 | ] 29 | } 30 | ] 31 | ``` 32 | 33 | > The list of involvements contains two items with the same tuple `party` and `date`. 34 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-28-translation.md: -------------------------------------------------------------------------------- 1 | ### Translation 2 | 3 | It MUST be tested that the given source language and document language are not the same. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /document/lang 9 | /document/source_lang 10 | ``` 11 | 12 | *Example 1 (which fails the test):* 13 | 14 | ``` 15 | "document": { 16 | // ... 17 | "lang": "en-US", 18 | // ... 19 | "source_lang": "en-US", 20 | // ... 21 | } 22 | ``` 23 | 24 | > The document language and the source language have the same value `en-US`. 25 | > 26 | > Note: A translation from `en-US` to `en-GB` would pass the test. 27 | 28 | > A tool MAY remove the source language as quick fix. 29 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-29-remediation-without-product-reference.md: -------------------------------------------------------------------------------- 1 | ### Remediation without Product Reference 2 | 3 | For each item in `/vulnerabilities[]/remediations` it MUST be tested that it includes at least one of the elements `group_ids` or `product_ids`. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /vulnerabilities[]/remediations[] 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "remediations": [ 15 | { 16 | "category": "no_fix_planned", 17 | "details": "These products are end-of-life. Therefore, no fix will be provided." 18 | } 19 | ] 20 | ``` 21 | 22 | > The given remediation does not specify to which products it should be applied. 23 | 24 | > A tool MAY add all products of the affected group of this vulnerability to the remediation as quick fix. 25 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-32-flag-without-product-reference.md: -------------------------------------------------------------------------------- 1 | ### Flag without Product Reference 2 | 3 | For each item in `/vulnerabilities[]/flags` it MUST be tested that it includes at least one of the elements `group_ids` or `product_ids`. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /vulnerabilities[]/flags[] 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "flags": [ 15 | { 16 | "label": "component_not_present" 17 | } 18 | ] 19 | ``` 20 | 21 | > The given flag does not specify to which products it should be applied. 22 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-36-contradicting-product-status-remediation-combination.md: -------------------------------------------------------------------------------- 1 | ### Contradicting Product Status Remediation Combination 2 | 3 | For each item in `/vulnerabilities[]/remediations` it MUST be tested that a product is not member of a contradicting product status group. 4 | This takes indirect relations through product groups into account. 5 | 6 | The relevant path for this test is: 7 | 8 | ``` 9 | /vulnerabilities[]/remediations[] 10 | ``` 11 | 12 | *Example 1 (which fails the test):* 13 | 14 | ``` 15 | "product_status": { 16 | "known_not_affected": [ 17 | "CSAFPID-9080700" 18 | ] 19 | }, 20 | "remediations": [ 21 | { 22 | "category": "vendor_fix", 23 | "details": "Update to version >=14.3 to fix the vulnerability.", 24 | "product_ids": [ 25 | "CSAFPID-9080700" 26 | ] 27 | } 28 | ] 29 | ``` 30 | 31 | > For the product with product ID `CSAFPID-908070` a `vendor_fix` is given but the product was not affected at all. 32 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-38-non-public-sharing-group-with-max-uuid.md: -------------------------------------------------------------------------------- 1 | ### Non-Public Sharing Group with Max UUID 2 | 3 | It MUST be tested that a CSAF document using Max UUID as sharing group ID has the TLP label `CLEAR`. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /document/distribution/tlp/label 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "distribution": { 15 | "sharing_group": { 16 | "id": "ffffffff-ffff-ffff-ffff-ffffffffffff", 17 | "name": "Public" 18 | }, 19 | "tlp": { 20 | "label": "RED" 21 | } 22 | }, 23 | ``` 24 | 25 | > The sharing group uses the Max UUID but the CSAF document is labeled as `TLP:RED`. 26 | 27 | > A tool MAY remove the property `sharing_group` as a quick fix. 28 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-39-public-sharing-group-with-no-max-uuid.md: -------------------------------------------------------------------------------- 1 | ### Public Sharing Group with no Max UUID 2 | 3 | It MUST be tested that a CSAF document with the TLP label `CLEAR` use the Max UUID as sharing group ID if any. 4 | The test SHALL pass if no sharing group is present or the Nil UUID is used and the document status is `draft`. 5 | 6 | The relevant path for this test is: 7 | 8 | ``` 9 | /document/distribution/sharing_group/id 10 | ``` 11 | 12 | *Example 1 (which fails the test):* 13 | 14 | ``` 15 | "distribution": { 16 | "sharing_group": { 17 | "id": "5868d6be-b28a-404e-a245-0b5093b31b8b" 18 | }, 19 | "tlp": { 20 | "label": "CLEAR" 21 | } 22 | }, 23 | ``` 24 | 25 | > The sharing group is present for the `TLP:CLEAR` document but it differs from the Max UUID. 26 | 27 | > A tool MAY update the sharing group id as a quick fix. 28 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-40-invalid-sharing-group-name.md: -------------------------------------------------------------------------------- 1 | ### Invalid Sharing Group Name 2 | 3 | It MUST be tested that the value of sharing group name does not equal the reserved values from section [sec](#document-property-distribution-sharing-group) if the precondition is not fulfilled. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /document/distribution/sharing_group/name 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "distribution": { 15 | "sharing_group": { 16 | "id": "5868d6be-b28a-404e-a245-0b5093b31b8b", 17 | "name": "Public" 18 | }, 19 | // ... 20 | }, 21 | ``` 22 | 23 | > The sharing group name is `Public` but it does not use the Max UUID. 24 | 25 | > A tool MAY update the sharing group name as a quick fix. 26 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-41-missing-sharing-group-name.md: -------------------------------------------------------------------------------- 1 | ### Missing Sharing Group Name 2 | 3 | It MUST be tested that the sharing group name exists and equals the predefined reserved value from section [sec](#document-property-distribution-sharing-group) if the precondition is fulfilled. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /document/distribution/sharing_group/name 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "distribution": { 15 | "sharing_group": { 16 | "id": "ffffffff-ffff-ffff-ffff-ffffffffffff" 17 | }, 18 | // ... 19 | }, 20 | ``` 21 | 22 | > The Max UUID is used but the sharing group name does not exist. 23 | 24 | > A tool MAY add the corresponding sharing group name as a quick fix. 25 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-43-use-of-multiple-stars-in-model-number.md: -------------------------------------------------------------------------------- 1 | ### Use of Multiple Stars in Model Number 2 | 3 | For each model number it MUST be tested that the it does not contain multiple unescaped stars. 4 | 5 | > Multiple `*` that match zero or multiple characters within a model number introduce ambiguity and are therefore prohibited. 6 | 7 | The relevant paths for this test are: 8 | 9 | ``` 10 | /product_tree/branches[](/branches[])*/product/product_identification_helper/model_numbers[] 11 | /product_tree/full_product_names[]/product_id/product_identification_helper/model_numbers[] 12 | /product_tree/relationships[]/full_product_name/product_id/product_identification_helper/model_numbers[] 13 | ``` 14 | 15 | *Example 1 (which fails the test):* 16 | 17 | ``` 18 | "model_numbers": [ 19 | "P*A*" 20 | ] 21 | ``` 22 | 23 | > The model number contains two unescaped stars. 24 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-44-use-of-multiple-stars-in-serial-number.md: -------------------------------------------------------------------------------- 1 | ### Use of Multiple Stars in Serial Number 2 | 3 | For each serial number it MUST be tested that the it does not contain multiple unescaped stars. 4 | 5 | > Multiple `*` that match zero or multiple characters within a serial number introduce ambiguity and are therefore prohibited. 6 | 7 | The relevant paths for this test are: 8 | 9 | ``` 10 | /product_tree/branches[](/branches[])*/product/product_identification_helper/serial_numbers[] 11 | /product_tree/full_product_names[]/product_id/product_identification_helper/serial_numbers[] 12 | /product_tree/relationships[]/full_product_name/product_id/product_identification_helper/serial_numbers[] 13 | ``` 14 | 15 | *Example 1 (which fails the test):* 16 | 17 | ``` 18 | "serial_numbers": [ 19 | "P*A*" 20 | ] 21 | ``` 22 | 23 | > The serial number contains two unescaped stars. 24 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-46-invalid-ssvc.md: -------------------------------------------------------------------------------- 1 | ### Invalid SSVC 2 | 3 | It MUST be tested that the given SSVC object is valid according to the referenced schema. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /vulnerabilities[]/metrics[]/content/ssvc_v1 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "ssvc_v1": { 15 | "id": "CVE-1900-0001", 16 | "schemaVersion": "1-0-1", 17 | "timestamp": "2024-01-24T10:00:00.000Z" 18 | } 19 | ``` 20 | 21 | > The required element `selections` is missing. 22 | 23 | > A tool MAY add the missing property `id` based on the values given in `cve` respectively `ids[]/text` as quick fix. 24 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-50-product-version-range-rules.md: -------------------------------------------------------------------------------- 1 | ### Product Version Range Rules 2 | 3 | For each element of type `/$defs/branches_t` with `category` of `product_version_range`, it MUST be tested that the value of `name` complies with 4 | the rules given in section [sec](#branches-type-name-under-product-version-range). 5 | 6 | The relevant path for this test is: 7 | 8 | ``` 9 | /product_tree/branches[](/branches[])*/name 10 | ``` 11 | 12 | *Example 1 (which fails the test):* 13 | 14 | ``` 15 | { 16 | "category": "product_version_range", 17 | "name": "all versions < 4.2.0", 18 | // ... 19 | } 20 | ``` 21 | 22 | > The version range given does not comply with the rules given in section [sec](#branches-type-name-under-product-version-range). 23 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-54-license-expression.md: -------------------------------------------------------------------------------- 1 | ### License Expression 2 | 3 | It MUST be tested that the license expression is valid. 4 | 5 | > To implement this test, it it deemed sufficient to check for the ABNF defined in annex B of [cite](#SPDX301) and 6 | > the restriction on the `DocumentRef` part given in [sec](#document-property-license-expression) 7 | 8 | The relevant path for this test is: 9 | 10 | ``` 11 | /document/license_expression 12 | ``` 13 | 14 | *Example 1 (which fails the test):* 15 | 16 | ``` 17 | "license_expression": "This is a license text that should not be here.", 18 | ``` 19 | 20 | > The license expression contains a license text instead of a SPDX license expression. 21 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-01-mndtr-55-license-text.md: -------------------------------------------------------------------------------- 1 | ### License Text 2 | 3 | If the document language is English or unspecified, 4 | and the `license_expression` contains license identifiers or exceptions that are not listed in the SPDX license list or Aboutcode's "ScanCode LicenseDB", 5 | it MUST be tested that exactly one item in document notes exists that has the title `License`. 6 | The category of this item MUST be `legal_disclaimer`. 7 | 8 | The relevant path for this test is: 9 | 10 | ``` 11 | /document/notes 12 | ``` 13 | 14 | *Example 1 (which fails the test):* 15 | 16 | ``` 17 | "document": { 18 | // ... 19 | "license_expression": "LicenseRef-www.example.com-no-work-pd", 20 | "notes": [ 21 | { 22 | "category": "other", 23 | "text": "This is not a work and therefore it can't be licensed. Use it as public domain.", 24 | "title": "License" 25 | } 26 | ], 27 | // ... 28 | } 29 | ``` 30 | 31 | > The note has the correct title. However, it uses the wrong category. 32 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-rcmmndd-03-missing-metric.md: -------------------------------------------------------------------------------- 1 | ### Missing Metric 2 | 3 | For each Product ID (type `/$defs/product_id_t`) in the Product Status groups Affected it MUST be tested that 4 | a metric object exists which covers this product. 5 | 6 | The relevant paths for this test are: 7 | 8 | ``` 9 | /vulnerabilities[]/product_status/first_affected[] 10 | /vulnerabilities[]/product_status/known_affected[] 11 | /vulnerabilities[]/product_status/last_affected[] 12 | ``` 13 | 14 | *Example 1 (which fails the test):* 15 | 16 | ``` 17 | "product_tree": { 18 | "full_product_names": [ 19 | { 20 | "product_id": "CSAFPID-9080700", 21 | "name": "Product A" 22 | } 23 | ] 24 | }, 25 | "vulnerabilities": [ 26 | { 27 | "product_status": { 28 | "first_affected": [ 29 | "CSAFPID-9080700" 30 | ] 31 | } 32 | } 33 | ] 34 | ``` 35 | 36 | > `CSAFPID-9080700` has in Product Status `first_affected` but there is no metric object which covers this Product ID. 37 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-rcmmndd-04-build-metadata-in-revision-history.md: -------------------------------------------------------------------------------- 1 | ### Build Metadata in Revision History 2 | 3 | For each item in revision history it MUST be tested that `number` does not include build metadata. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /document/tracking/revision_history[]/number 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "revision_history": [ 15 | { 16 | "date": "2023-08-23T10:00:00.000Z", 17 | "number": "1.0.0+exp.sha.ac00785", 18 | "summary": "Initial version." 19 | } 20 | ] 21 | ``` 22 | 23 | > The revision history contains an item which has a `number` that includes the build metadata `+exp.sha.ac00785`. 24 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-rcmmndd-07-missing-date-in-involvements.md: -------------------------------------------------------------------------------- 1 | ### Missing Date in Involvements 2 | 3 | For each item in the list of involvements it MUST be tested that it includes the property `date`. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /vulnerabilities[]/involvements 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "vulnerabilities": [ 15 | { 16 | "involvements": [ 17 | { 18 | "party": "vendor", 19 | "status": "in_progress" 20 | } 21 | ] 22 | } 23 | ] 24 | ``` 25 | 26 | > The list of involvements contains an item which does not contain the property `date`. 27 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-rcmmndd-10-missing-tlp-label.md: -------------------------------------------------------------------------------- 1 | ### Missing TLP label (obsolete){#missing-tlp-label} 2 | 3 | > The TLP label is now required by the schema. Therefore, the recommended test is obsolete. 4 | > This section is kept to document that change and keep the numbering of the remaining sections stable. 5 | > The test is excluded from any preset and requirement to be executed. 6 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-rcmmndd-12-missing-document-language.md: -------------------------------------------------------------------------------- 1 | ### Missing Document Language 2 | 3 | It MUST be tested that the document language is present and set. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /document/lang 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "document": { 15 | "category": "csaf_base", 16 | "csaf_version": "2.1", 17 | "distribution": { 18 | "tlp": { 19 | "label": "CLEAR" 20 | } 21 | }, 22 | "publisher": { 23 | // ... 24 | }, 25 | // ... 26 | } 27 | ``` 28 | 29 | > The document language is not defined. 30 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-rcmmndd-13-sorting.md: -------------------------------------------------------------------------------- 1 | ### Sorting{#recommended-tests--sorting} 2 | 3 | It MUST be tested that all keys in a CSAF document are sorted alphabetically. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | / 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "document": { 15 | "csaf_version": "2.1", 16 | "category": "csaf_base", 17 | // ... 18 | } 19 | ``` 20 | 21 | > The key `csaf_version` is not at the right place. 22 | 23 | > A tool MAY sort the keys as a quick fix. 24 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-rcmmndd-14-use-of-private-language.md: -------------------------------------------------------------------------------- 1 | ### Use of Private Language 2 | 3 | For each element of type `/$defs/lang_t` it MUST be tested that the language code does not contain subtags reserved for private use. 4 | 5 | The relevant paths for this test are: 6 | 7 | ``` 8 | /document/lang 9 | /document/source_lang 10 | ``` 11 | 12 | *Example 1 (which fails the test):* 13 | 14 | ``` 15 | "lang": "qtx" 16 | ``` 17 | 18 | > The language code `qtx` is reserved for private use. 19 | 20 | > A tool MAY remove such subtag as a quick fix. 21 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-rcmmndd-15-use-of-default-language.md: -------------------------------------------------------------------------------- 1 | ### Use of Default Language 2 | 3 | For each element of type `/$defs/lang_t` it MUST be tested that the language code is not `i-default`. 4 | 5 | The relevant paths for this test are: 6 | 7 | ``` 8 | /document/lang 9 | /document/source_lang 10 | ``` 11 | 12 | *Example 1 (which fails the test):* 13 | 14 | ``` 15 | "lang": "i-default" 16 | ``` 17 | 18 | > The language code `i-default` is used. 19 | 20 | > A tool MAY remove such element as a quick fix. 21 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-rcmmndd-16-missing-product-identification-helper.md: -------------------------------------------------------------------------------- 1 | ### Missing Product Identification Helper 2 | 3 | For each element of type `/$defs/full_product_name_t` it MUST be tested that it includes the property `product_identification_helper`. 4 | 5 | The relevant paths for this test are: 6 | 7 | ``` 8 | /product_tree/branches[](/branches[])*/product 9 | /product_tree/full_product_names[] 10 | /product_tree/relationships[]/full_product_name 11 | ``` 12 | 13 | *Example 1 (which fails the test):* 14 | 15 | ``` 16 | "full_product_names": [ 17 | { 18 | "product_id": "CSAFPID-9080700", 19 | "name": "Product A" 20 | } 21 | ] 22 | ``` 23 | 24 | > The product `CSAFPID-9080700` does not provide any Product Identification Helper at all. 25 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-rcmmndd-17-cve-in-field-ids.md: -------------------------------------------------------------------------------- 1 | ### CVE in field IDs 2 | 3 | For each item in `/vulnerabilities[]/ids` it MUST be tested that it is not a CVE ID. 4 | 5 | > It is sufficient to check, whether the property `text` matches the regex `^CVE-[0-9]{4}-[0-9]{4,}$`. 6 | 7 | The relevant paths for this test are: 8 | 9 | ``` 10 | /vulnerabilities[]/ids[] 11 | ``` 12 | 13 | *Example 1 (which fails the test):* 14 | 15 | ``` 16 | "ids": [ 17 | { 18 | "system_name": "CVE Project", 19 | "text": "CVE-2021-44228" 20 | } 21 | ] 22 | ``` 23 | 24 | > The `CVE-2021-44228` is listed in an item of the `ids` array instead under `cve`. 25 | 26 | > A tool MAY set such element as value for the `cve` property as a quick fix, if that didn't exist before. 27 | > Alternatively, it MAY remove such element as a quick fix. 28 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-rcmmndd-18-product-version-range-without-vers.md: -------------------------------------------------------------------------------- 1 | ### Product Version Range without vers 2 | 3 | For each element of type `/$defs/branches_t` with `category` of `product_version_range` it MUST be tested that 4 | the value of `name` conforms the vers specification. 5 | 6 | > To implement this test it is deemed sufficient that the value of `name` matches the following regex: 7 | > 8 | > ``` 9 | > ^vers:[a-z\\.\\-\\+][a-z0-9\\.\\-\\+]*/.+ 10 | > ``` 11 | 12 | The relevant paths for this test are: 13 | 14 | ``` 15 | /product_tree/branches[](/branches[])*/name 16 | ``` 17 | 18 | *Example 1 (which fails the test):* 19 | 20 | ``` 21 | "branches": [ 22 | { 23 | "category": "product_version_range", 24 | "name": ">4.2", 25 | // ... 26 | } 27 | ] 28 | ``` 29 | 30 | > The version range `>4.2` is a valid vsl but not valid according to the vers specification. 31 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-rcmmndd-21-same-timestamps-in-revision-history.md: -------------------------------------------------------------------------------- 1 | ### Same Timestamps in Revision History 2 | 3 | It MUST be tested that the timestamps of all items in the revision history are pairwise disjoint. 4 | As the timestamps might use different timezones, the comparison MUST take timezones into account. 5 | 6 | The relevant path for this test is: 7 | 8 | ``` 9 | /document/tracking/revision_history[]/date 10 | ``` 11 | 12 | *Example 1 (which fails the test):* 13 | 14 | ``` 15 | "revision_history": [ 16 | { 17 | "date": "2024-01-21T10:00:00.000Z", 18 | "number": "2.0.0", 19 | "summary": "Second version." 20 | }, 21 | { 22 | "date": "2024-01-21T10:00:00.000Z", 23 | "number": "1.0.0", 24 | "summary": "Initial version." 25 | } 26 | ] 27 | ``` 28 | 29 | > The first and second revision have the same timestamp. 30 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-rcmmndd-22-document-tracking-id-in-title.md: -------------------------------------------------------------------------------- 1 | ### Document Tracking ID in Title 2 | 3 | It MUST be tested that the `/document/title` does not contain the `/document/tracking/id`. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /document/title 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "title": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-22-01: Recommended test: Document Tracking ID in Title (failing example 1)", 15 | "tracking": { 16 | // ... 17 | "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-22-01", 18 | // ... 19 | } 20 | ``` 21 | 22 | > The document title contains the document tracking id. 23 | 24 | > A tool MAY remove the document tracking id from the document title. 25 | > It SHOULD also remove any separating characters including whitespace, colon, dash and brackets. 26 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-rcmmndd-23-usage-of-deprecated-cwe.md: -------------------------------------------------------------------------------- 1 | ### Usage of Deprecated CWE 2 | 3 | For each item in the CWE array it MUST be tested that the CWE is not deprecated in the given version. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /vulnerabilities[]/cwes[] 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "cwes": [ 15 | { 16 | "id": "CWE-596", 17 | "name": "DEPRECATED: Incorrect Semantic Object Comparison", 18 | "version": "4.13" 19 | } 20 | ] 21 | ``` 22 | 23 | > The `CWE-596` is deprecated in version `4.13`. 24 | 25 | > A tool MAY suggest to replace the deprecated CWE with its replacement or closest equivalent. 26 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-rcmmndd-25-usage-of-cwe-not-allowed-for-vulnerability-mapping.md: -------------------------------------------------------------------------------- 1 | ### Usage of CWE Not Allowed for Vulnerability Mapping 2 | 3 | For each item in the CWE array it MUST be tested that the vulnerability mapping is allowed. 4 | 5 | > Currently, this includes the two usage state `Allowed` and `Allowed-with-Review`. 6 | 7 | The relevant path for this test is: 8 | 9 | ``` 10 | /vulnerabilities[]/cwes[] 11 | ``` 12 | 13 | *Example 1 (which fails the test):* 14 | 15 | ``` 16 | "cwes": [ 17 | { 18 | "id": "CWE-20", 19 | "name": "Improper Input Validation", 20 | "version": "4.13" 21 | } 22 | ] 23 | ``` 24 | 25 | > The usage of CWE-20 is discouraged as "is commonly misused in low-information vulnerability reports when lower-level CWEs could be used instead, or when more details about the vulnerability are available". [cite](https://cwe.mitre.org/data/definitions/20.html#Vulnerability_Mapping_Notes_20) 26 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-rcmmndd-28-sage-of-max-uuid.md: -------------------------------------------------------------------------------- 1 | ### Usage of Max UUID 2 | 3 | It MUST be tested that the Max UUID is not used as sharing group id. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /document/distribution/sharing_group/id 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "distribution": { 15 | "sharing_group": { 16 | "id": "ffffffff-ffff-ffff-ffff-ffffffffffff", 17 | "name": "Public" 18 | }, 19 | // ... 20 | }, 21 | ``` 22 | 23 | > The sharing group id uses the Max UUID. 24 | 25 | > A tool MAY remove the property `sharing_group` as a quick fix. 26 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-rcmmndd-29-usage-of-nil-uuid.md: -------------------------------------------------------------------------------- 1 | ### Usage of Nil UUID 2 | 3 | It MUST be tested that the Nil UUID is not used as sharing group id. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /document/distribution/sharing_group/id 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "distribution": { 15 | "sharing_group": { 16 | "id": "ffffffff-ffff-ffff-ffff-ffffffffffff", 17 | "name": "Public" 18 | }, 19 | // ... 20 | }, 21 | ``` 22 | 23 | > The sharing group id uses the Nil UUID. 24 | 25 | > A tool MAY remove the property `sharing_group` as a quick fix. 26 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-rcmmndd-30-usage-of-sharing-group-on-tlp-clear.md: -------------------------------------------------------------------------------- 1 | ### Usage of Sharing Group on TLP:CLEAR{#usage-of-sharing-group-on-tlp-clear} 2 | 3 | It MUST be tested that no sharing group is used if the document is `TLP:CLEAR`. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /document/distribution/sharing_group 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "distribution": { 15 | "sharing_group": { 16 | "id": "ffffffff-ffff-ffff-ffff-ffffffffffff", 17 | "name": "Public" 18 | }, 19 | "tlp": { 20 | "label": "CLEAR" 21 | } 22 | }, 23 | ``` 24 | 25 | > The CSAF document is `TLP:CLEAR` but a sharing group is given. 26 | 27 | > A tool MAY remove the property `sharing_group` as a quick fix. 28 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-rcmmndd-38-usage-of-deprecated-profile.md: -------------------------------------------------------------------------------- 1 | ### Usage of Deprecated Profile 2 | 3 | It MUST be tested that the `/document/category` does not start with `csaf_deprecated_`. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /document/category 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "category": "csaf_deprecated_security_advisory", 15 | 16 | ``` 17 | 18 | > The document category starts with `csaf_deprecated_`. 19 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-rcmmndd-43-missing-license-expression.md: -------------------------------------------------------------------------------- 1 | ### Missing License Expression 2 | 3 | It MUST be tested that the license expression is present and set. 4 | 5 | The relevant path for this test is: 6 | 7 | ``` 8 | /document/license_expression 9 | ``` 10 | 11 | *Example 1 (which fails the test):* 12 | 13 | ``` 14 | "document": { 15 | // ... 16 | "lang": "en-US", 17 | "publisher": { 18 | // ... 19 | }, 20 | // ... 21 | } 22 | ``` 23 | 24 | > The license expression is not defined. 25 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-rcmmndd-44-deprecated-license-identifier.md: -------------------------------------------------------------------------------- 1 | ### Deprecated License Identifier 2 | 3 | It MUST be tested that all license identifier and exceptions used are not deprecated. 4 | This SHALL be tested for the SPDX license list and Aboutcode's "ScanCode LicenseDB". 5 | The test MAY be skipped for other license inventoring entities. 6 | 7 | The relevant path for this test is: 8 | 9 | ``` 10 | /document/license_expression 11 | ``` 12 | 13 | *Example 1 (which fails the test):* 14 | 15 | ``` 16 | "license_expression": "GFDL-1.1", 17 | ``` 18 | 19 | > The license identifier `GFDL-1.1` was deprecated as of version 3.0. 20 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-rcmmndd-45-non-existing-license-identifier.md: -------------------------------------------------------------------------------- 1 | ### Non-Existing License Identifier 2 | 3 | It MUST be tested that all license identifier and exceptions used exist. 4 | This SHALL be tested for the SPDX license list and Aboutcode's "ScanCode LicenseDB". 5 | The test MAY be skipped for other license inventoring entities. 6 | 7 | The relevant path for this test is: 8 | 9 | ``` 10 | /document/license_expression 11 | ``` 12 | 13 | *Example 1 (which fails the test):* 14 | 15 | ``` 16 | "license_expression": "A-License-Identifier-That-Does-Not-Exist", 17 | ``` 18 | 19 | > The license identifier does not exist in the SPDX license list. 20 | -------------------------------------------------------------------------------- /csaf_2.1/prose/edit/src/tests-02-recommended.md: -------------------------------------------------------------------------------- 1 | ## Recommended Tests 2 | 3 | Recommended tests SHOULD NOT fail at a valid CSAF document without a good reason. Failing such a test does not make the CSAF document invalid. 4 | These tests may include information about features which are still supported but expected to be deprecated in a future version of CSAF. 5 | A program MUST handle a test failure as a warning. 6 | -------------------------------------------------------------------------------- /csaf_2.1/prose/media/OASISLogo-v3.0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/csaf_2.1/prose/media/OASISLogo-v3.0.png -------------------------------------------------------------------------------- /csaf_2.1/prose/media/README.md: -------------------------------------------------------------------------------- 1 | # The media Folder 2 | 3 | This foilder and its artifacts shall support the online rendering of the initial prose document. 4 | 5 | The file resource image1.png is from 6 | -------------------------------------------------------------------------------- /csaf_2.1/prose/share/README.md: -------------------------------------------------------------------------------- 1 | # CSAF v2.1 Prose - User Facing Delivery Items 2 | 3 | This `share` folder provides the user facing delivery items we build from the sources in the `edit` folder. 4 | 5 | First we generate an experimental "GFM + cosmetics" format file - a.k.a. the "Elephant". 6 | 7 | During the editorial phase of the v2.1 life cycle the HTML and PDF delivery items will be added too. 8 | -------------------------------------------------------------------------------- /csaf_2.1/submit/README.md: -------------------------------------------------------------------------------- 1 | # Submission request to advance CSAF v2.1 to an International Standard 2 | 3 | TBD 4 | -------------------------------------------------------------------------------- /csaf_2.1/test/cpe/data/invalid/cpe.txt: -------------------------------------------------------------------------------- 1 | PREFIXcpe:/o:redhat:rhel_aus:7.6::server 2 | cpe:/o:redhat:rhel_aus:7.6::server::SUFFIX 3 | PREFIXcpe:2.3:a:admin_management_xtended_project:admin_management_xtended:0.8:*:*:*:*:wordpress:*:* 4 | cpe:2.3:a:admin_management_xtended_project:admin_management_xtended:0.8:*:*:*:*:wordpress:*:*" 5 | cpe:2.3:a:admin_management_xtended_project:admin_management_xtended:0.8:*:*:*:*:wordpress:*:** 6 | cpe:2.3:a:???:*:*:*:*:de:*:*:*:* 7 | cpe:2.3:a:?*:*:*:*:*:de:*:*:*:* 8 | cpe:2.3:a:???@\"???:*:*:*:*:de:*:*:*:* 9 | cpe:2.3:a:??"???:*:*:*:*:de:*:*:*:* 10 | -------------------------------------------------------------------------------- /csaf_2.1/test/cpe/data/valid/cpe.txt: -------------------------------------------------------------------------------- 1 | cpe:2.3:a:admin_management_xtended_project:admin_management_xtended:0.8:*:*:*:*:wordpress:*:*other* 2 | cpe:2.3:a:admin_management_xtended_project:admin_management_xtended:0.8:*:*:*:*:wordpress:*:*other???? 3 | cpe:/o:redhat:rhel_aus:7.6::server 4 | cpe:2.3:a:?\??:*:*:*:*:de:*:*:*:* 5 | cpe:2.3:a:?\*:*:*:*:*:de:*:*:*:* 6 | cpe:2.3:a:?\\:*:*:*:*:de:*:*:*:* 7 | cpe:2.3:a:?\\*:*:*:*:*:de:*:*:*:* 8 | cpe:2.3:a:???0\*:*:*:*:*:de:*:*:*:* 9 | cpe:2.3:a:???\@\"???:*:*:*:*:de:*:*:*:* 10 | cpe:2.3:a:???\'\%:*:*:*:*:de-DE:*:*:*:* 11 | -------------------------------------------------------------------------------- /csaf_2.1/test/cpe/run_local_tests.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | SCHEMA=csaf_2.1/json_schema/csaf.json 4 | VALIDATOR=csaf_2.1/test/cpe/test-regex.js 5 | DATA_VALID=csaf_2.1/test/cpe/data/valid/cpe.txt 6 | DATA_INVALID=csaf_2.1/test/cpe/data/invalid/cpe.txt 7 | 8 | FAIL=0 9 | 10 | # go to root of git repository 11 | cd "$(dirname "$0")"/../../.. || exit 12 | 13 | 14 | validate() { 15 | printf "Testing file %s against cpe regex from %s ... \n" "$1" "$SCHEMA" 16 | if node "$VALIDATOR" "$SCHEMA" "$1" "$2"; then 17 | printf "SUCCESS\n" 18 | else 19 | printf "FAILED\n" 20 | FAIL=1 21 | fi 22 | 23 | } 24 | 25 | echo -n "Test conforming (not necessary existing) CPEs... " 26 | DATA=$DATA_VALID 27 | validate $DATA true 28 | printf "done\n" 29 | 30 | echo -n "Test non-conforming CPEs... " 31 | DATA=$DATA_INVALID 32 | validate $DATA false 33 | printf "done\n" 34 | 35 | 36 | exit $FAIL 37 | -------------------------------------------------------------------------------- /csaf_2.1/test/cpe/test-regex.js: -------------------------------------------------------------------------------- 1 | const { exit } = require('process') 2 | const fs = require('fs') 3 | 4 | const args = process.argv.slice(2); 5 | const obj = JSON.parse(fs.readFileSync(args[0], 'utf8')) 6 | 7 | const pattern = obj.$defs.full_product_name_t.properties.product_identification_helper.properties.cpe.pattern 8 | const r = new RegExp(pattern) 9 | 10 | console.log('Current regex to test:', '\n', pattern) 11 | 12 | const cpeStr = fs.readFileSync(args[1], 'utf8').split('\n') 13 | const assertion = !((args[2] ?? true) === "false") 14 | 15 | let failed = false 16 | 17 | cpeStr.forEach(element => { 18 | if (element.length > 0) { 19 | const result = (r.exec(element) != null) 20 | failed = failed | (result !== assertion) 21 | if (result !== assertion) { 22 | console.log(result,'but expected', assertion, '\t', element) 23 | } 24 | } 25 | }); 26 | 27 | exit(failed) 28 | -------------------------------------------------------------------------------- /csaf_2.1/test/filenames/data/invalid/OASIS_CSAF_TC-CSAF_2.1-2024-5-1-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "category": "csaf_base", 5 | "csaf_version": "2.1", 6 | "distribution": { 7 | "tlp": { 8 | "label": "CLEAR" 9 | } 10 | }, 11 | "publisher": { 12 | "category": "other", 13 | "name": "OASIS CSAF TC", 14 | "namespace": "https://csaf.io" 15 | }, 16 | "title": "Filename (failing example 1)", 17 | "tracking": { 18 | "current_release_date": "2024-01-24T10:00:00.000Z", 19 | "id": "OASIS_CSAF_TC-CSAF_2.1-2024-5-1-01", 20 | "initial_release_date": "2024-01-24T10:00:00.000Z", 21 | "revision_history": [ 22 | { 23 | "date": "2024-01-24T10:00:00.000Z", 24 | "number": "1", 25 | "summary": "Initial version." 26 | } 27 | ], 28 | "status": "final", 29 | "version": "1" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /csaf_2.1/test/filenames/data/invalid/oasis-open_csaf_tc-csaf_21-2024-5-1-02.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "category": "csaf_base", 5 | "csaf_version": "2.1", 6 | "distribution": { 7 | "tlp": { 8 | "label": "CLEAR" 9 | } 10 | }, 11 | "publisher": { 12 | "category": "other", 13 | "name": "OASIS CSAF TC", 14 | "namespace": "https://csaf.io" 15 | }, 16 | "title": "Filename (failing example 2)", 17 | "tracking": { 18 | "current_release_date": "2024-01-24T10:00:00.000Z", 19 | "id": "OASIS_CSAF_TC-CSAF_2.1-2024-5-1-02", 20 | "initial_release_date": "2024-01-24T10:00:00.000Z", 21 | "revision_history": [ 22 | { 23 | "date": "2024-01-24T10:00:00.000Z", 24 | "number": "1", 25 | "summary": "Initial version." 26 | } 27 | ], 28 | "status": "final", 29 | "version": "1" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /csaf_2.1/test/filenames/data/invalid/oasis____csaf_tc-csaf_2_1-2024-5-1-03.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "category": "csaf_base", 5 | "csaf_version": "2.1", 6 | "distribution": { 7 | "tlp": { 8 | "label": "CLEAR" 9 | } 10 | }, 11 | "publisher": { 12 | "category": "other", 13 | "name": "OASIS CSAF TC", 14 | "namespace": "https://csaf.io" 15 | }, 16 | "title": "Filename (failing example 3)", 17 | "tracking": { 18 | "current_release_date": "2024-01-24T10:00:00.000Z", 19 | "id": "OASIS: #/CSAF_TC-CSAF_2.1-2024-5-1-03", 20 | "initial_release_date": "2024-01-24T10:00:00.000Z", 21 | "revision_history": [ 22 | { 23 | "date": "2024-01-24T10:00:00.000Z", 24 | "number": "1", 25 | "summary": "Initial version." 26 | } 27 | ], 28 | "status": "final", 29 | "version": "1" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /csaf_2.1/test/filenames/data/valid/oasis_csaf_tc-csaf_2_1-2024-5-1-11.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "category": "csaf_base", 5 | "csaf_version": "2.1", 6 | "distribution": { 7 | "tlp": { 8 | "label": "CLEAR" 9 | } 10 | }, 11 | "publisher": { 12 | "category": "other", 13 | "name": "OASIS CSAF TC", 14 | "namespace": "https://csaf.io" 15 | }, 16 | "title": "Filename (valid example 1)", 17 | "tracking": { 18 | "current_release_date": "2024-01-24T10:00:00.000Z", 19 | "id": "OASIS_CSAF_TC-CSAF_2.1-2024-5-1-11", 20 | "initial_release_date": "2024-01-24T10:00:00.000Z", 21 | "revision_history": [ 22 | { 23 | "date": "2024-01-24T10:00:00.000Z", 24 | "number": "1", 25 | "summary": "Initial version." 26 | } 27 | ], 28 | "status": "final", 29 | "version": "1" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /csaf_2.1/test/filenames/data/valid/oasis_csaf_tc-csaf_2_1-2024-5-1-12.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "category": "csaf_base", 5 | "csaf_version": "2.1", 6 | "distribution": { 7 | "tlp": { 8 | "label": "CLEAR" 9 | } 10 | }, 11 | "publisher": { 12 | "category": "other", 13 | "name": "OASIS CSAF TC", 14 | "namespace": "https://csaf.io" 15 | }, 16 | "title": "Filename (valid example 2)", 17 | "tracking": { 18 | "current_release_date": "2024-01-24T10:00:00.000Z", 19 | "id": "OASIS_CSAF_TC-CSAF_2.1-2024-5-1-12", 20 | "initial_release_date": "2024-01-24T10:00:00.000Z", 21 | "revision_history": [ 22 | { 23 | "date": "2024-01-24T10:00:00.000Z", 24 | "number": "1", 25 | "summary": "Initial version." 26 | } 27 | ], 28 | "status": "final", 29 | "version": "1" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /csaf_2.1/test/filenames/data/valid/oasis_csaf_tc-csaf_2_1-2024-5-1-13.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "category": "csaf_base", 5 | "csaf_version": "2.1", 6 | "distribution": { 7 | "tlp": { 8 | "label": "CLEAR" 9 | } 10 | }, 11 | "publisher": { 12 | "category": "other", 13 | "name": "OASIS CSAF TC", 14 | "namespace": "https://csaf.io" 15 | }, 16 | "title": "Filename (valid example 3)", 17 | "tracking": { 18 | "current_release_date": "2024-01-24T10:00:00.000Z", 19 | "id": "OASIS: #/CSAF_TC-CSAF_2.1-2024-5-1-13", 20 | "initial_release_date": "2024-01-24T10:00:00.000Z", 21 | "revision_history": [ 22 | { 23 | "date": "2024-01-24T10:00:00.000Z", 24 | "number": "1", 25 | "summary": "Initial version." 26 | } 27 | ], 28 | "status": "final", 29 | "version": "1" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /csaf_2.1/test/filenames/run_invalid_tests.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | TESTPATH=$* 4 | 5 | FAIL=0 6 | 7 | # go to root of git repository 8 | cd `dirname $0`/../../.. 9 | 10 | check() { 11 | printf "%s" "Testing that filename of $1 is invalid ... " 12 | paikalta --labels FAILED,SUCCESS $1 && FAIL=1 13 | } 14 | 15 | test_all() { 16 | for i in ${TESTPATH} 17 | do 18 | check $i 19 | done 20 | } 21 | 22 | test_all 23 | 24 | exit ${FAIL} 25 | -------------------------------------------------------------------------------- /csaf_2.1/test/filenames/run_tests.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | TESTPATH=$* 4 | 5 | FAIL=0 6 | 7 | # go to root of git repository 8 | cd `dirname $0`/../../.. 9 | 10 | check() { 11 | printf "%s" "Testing filename of $1 ... " 12 | paikalta --labels SUCCESS,FAILED $1 || FAIL=1 13 | } 14 | 15 | test_all() { 16 | for i in ${TESTPATH} 17 | do 18 | check $i 19 | done 20 | } 21 | 22 | test_all 23 | 24 | exit ${FAIL} 25 | -------------------------------------------------------------------------------- /csaf_2.1/test/generate_strict_schema.py: -------------------------------------------------------------------------------- 1 | import jsonschema 2 | import simplejson as json 3 | import sys 4 | import jsonpath_rw 5 | from pprint import pprint 6 | 7 | if len(sys.argv)!=2: 8 | print("%s " % (sys.argv[0])) 9 | sys.exit(1) 10 | 11 | 12 | json_schema = sys.argv[1] 13 | with open(json_schema, 'r') as f: 14 | schema_data = f.read() 15 | schema = json.loads(schema_data) 16 | 17 | for i in jsonpath_rw.parse("$..* where properties").find(schema): 18 | i.value['additionalProperties'] = False 19 | 20 | # Don't forget to add it at the root level 21 | schema['additionalProperties'] = False 22 | 23 | print(json.dumps(schema, sort_keys=True, indent=2)) 24 | -------------------------------------------------------------------------------- /csaf_2.1/test/language_specific_translation/run_Tests.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | SCHEMA=csaf_2.1/test/language_specific_translation/translations_json_schema.json 4 | META_SCHEMA=csaf_2.1/json_schema/meta.json 5 | VALIDATOR=csaf_2.1/test/validator.py 6 | TESTPATH=csaf_2.1/language_specific_translation/ 7 | TESTFILE=translations.json 8 | 9 | FAIL=0 10 | 11 | # go to root of git repository 12 | cd `dirname $0`/../../.. 13 | 14 | validate() { 15 | printf "%s" "Testing file $1 against schema ${SCHEMA} ... " 16 | if python3 $VALIDATOR $SCHEMA $1 ${META_SCHEMA}; then 17 | printf "%s\n" SUCCESS 18 | else 19 | printf "%s\n" FAILED 20 | FAIL=1 21 | fi 22 | 23 | } 24 | 25 | validate "${TESTPATH}${TESTFILE}" 26 | 27 | exit ${FAIL} 28 | -------------------------------------------------------------------------------- /csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-12-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "category": "csaf_base", 5 | "csaf_version": "2.1", 6 | "distribution": { 7 | "tlp": { 8 | "label": "CLEAR" 9 | } 10 | }, 11 | "lang": "EZ", 12 | "publisher": { 13 | "category": "other", 14 | "name": "OASIS CSAF TC", 15 | "namespace": "https://csaf.io" 16 | }, 17 | "title": "Mandatory Test: Language (failing example 1)", 18 | "tracking": { 19 | "current_release_date": "2024-01-24T10:00:00.000Z", 20 | "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-12-01", 21 | "initial_release_date": "2024-01-24T10:00:00.000Z", 22 | "revision_history": [ 23 | { 24 | "date": "2024-01-24T10:00:00.000Z", 25 | "number": "1", 26 | "summary": "Initial version." 27 | } 28 | ], 29 | "status": "final", 30 | "version": "1" 31 | } 32 | } 33 | } -------------------------------------------------------------------------------- /csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-15-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "category": "csaf_base", 5 | "csaf_version": "2.1", 6 | "distribution": { 7 | "tlp": { 8 | "label": "CLEAR" 9 | } 10 | }, 11 | "publisher": { 12 | "category": "translator", 13 | "name": "OASIS CSAF TC Translator", 14 | "namespace": "https://csaf.io/translator" 15 | }, 16 | "title": "Mandatory Test: Translator (failing example 1)", 17 | "tracking": { 18 | "current_release_date": "2024-01-24T10:00:00.000Z", 19 | "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-15-01", 20 | "initial_release_date": "2024-01-24T10:00:00.000Z", 21 | "revision_history": [ 22 | { 23 | "date": "2024-01-24T10:00:00.000Z", 24 | "number": "1", 25 | "summary": "Initial version." 26 | } 27 | ], 28 | "status": "final", 29 | "version": "1" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-17-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "category": "csaf_base", 5 | "csaf_version": "2.1", 6 | "distribution": { 7 | "tlp": { 8 | "label": "CLEAR" 9 | } 10 | }, 11 | "publisher": { 12 | "category": "other", 13 | "name": "OASIS CSAF TC", 14 | "namespace": "https://csaf.io" 15 | }, 16 | "title": "Mandatory Test: Document Status Draft (failing example 1)", 17 | "tracking": { 18 | "current_release_date": "2024-01-24T10:00:00.000Z", 19 | "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-17-01", 20 | "initial_release_date": "2024-01-24T10:00:00.000Z", 21 | "revision_history": [ 22 | { 23 | "date": "2024-01-24T10:00:00.000Z", 24 | "number": "0.9.5", 25 | "summary": "Initial draft version." 26 | } 27 | ], 28 | "status": "final", 29 | "version": "0.9.5" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-20-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "category": "csaf_base", 5 | "csaf_version": "2.1", 6 | "distribution": { 7 | "tlp": { 8 | "label": "CLEAR" 9 | } 10 | }, 11 | "publisher": { 12 | "category": "other", 13 | "name": "OASIS CSAF TC", 14 | "namespace": "https://csaf.io" 15 | }, 16 | "title": "Mandatory Test: Non-draft Document Version (failing example 1)", 17 | "tracking": { 18 | "current_release_date": "2024-01-24T10:00:00.000Z", 19 | "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-20-01", 20 | "initial_release_date": "2024-01-24T10:00:00.000Z", 21 | "revision_history": [ 22 | { 23 | "date": "2024-01-24T10:00:00.000Z", 24 | "number": "1.0.0", 25 | "summary": "Initial version." 26 | } 27 | ], 28 | "status": "interim", 29 | "version": "1.0.0-alpha" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-26-11.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "category": "csaf_base", 5 | "csaf_version": "2.1", 6 | "distribution": { 7 | "tlp": { 8 | "label": "CLEAR" 9 | } 10 | }, 11 | "publisher": { 12 | "category": "other", 13 | "name": "OASIS CSAF TC", 14 | "namespace": "https://csaf.io" 15 | }, 16 | "title": "Mandatory Test: Prohibited Document Category Name (valid example 1)", 17 | "tracking": { 18 | "current_release_date": "2024-01-24T10:00:00.000Z", 19 | "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-26-11", 20 | "initial_release_date": "2024-01-24T10:00:00.000Z", 21 | "revision_history": [ 22 | { 23 | "date": "2024-01-24T10:00:00.000Z", 24 | "number": "1", 25 | "summary": "Initial version." 26 | } 27 | ], 28 | "status": "final", 29 | "version": "1" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-37-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "category": "csaf_base", 5 | "csaf_version": "2.1", 6 | "distribution": { 7 | "tlp": { 8 | "label": "CLEAR" 9 | } 10 | }, 11 | "publisher": { 12 | "category": "other", 13 | "name": "OASIS CSAF TC", 14 | "namespace": "https://csaf.io" 15 | }, 16 | "title": "Mandatory Test: Date and Time (failing example 1)", 17 | "tracking": { 18 | "current_release_date": "2024-01-24 10:00:00.000Z", 19 | "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-37-01", 20 | "initial_release_date": "2024-01-24 10:00:00.000Z", 21 | "revision_history": [ 22 | { 23 | "date": "2024-01-24 10:00:00.000Z", 24 | "number": "1", 25 | "summary": "Initial version." 26 | } 27 | ], 28 | "status": "final", 29 | "version": "1" 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-37-02.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "category": "csaf_base", 5 | "csaf_version": "2.1", 6 | "distribution": { 7 | "tlp": { 8 | "label": "CLEAR" 9 | } 10 | }, 11 | "publisher": { 12 | "category": "other", 13 | "name": "OASIS CSAF TC", 14 | "namespace": "https://csaf.io" 15 | }, 16 | "title": "Mandatory Test: Date and Time (failing example 2)", 17 | "tracking": { 18 | "current_release_date": "2024-01-24T10:00:00.000", 19 | "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-37-02", 20 | "initial_release_date": "2024-01-24T10:00:00.000z", 21 | "revision_history": [ 22 | { 23 | "date": "2024-01-24T10:00:00.000+00:10:21", 24 | "number": "1", 25 | "summary": "Initial version." 26 | } 27 | ], 28 | "status": "final", 29 | "version": "1" 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-37-11.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "category": "csaf_base", 5 | "csaf_version": "2.1", 6 | "distribution": { 7 | "tlp": { 8 | "label": "CLEAR" 9 | } 10 | }, 11 | "publisher": { 12 | "category": "other", 13 | "name": "OASIS CSAF TC", 14 | "namespace": "https://csaf.io" 15 | }, 16 | "title": "Mandatory Test: Date and Time (valid example 1)", 17 | "tracking": { 18 | "current_release_date": "2024-01-24T10:00:00.000Z", 19 | "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-37-11", 20 | "initial_release_date": "2024-01-24T10:00:00.000Z", 21 | "revision_history": [ 22 | { 23 | "date": "2024-01-24T10:00:00.000Z", 24 | "number": "1", 25 | "summary": "Initial version." 26 | } 27 | ], 28 | "status": "final", 29 | "version": "1" 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-38-14.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "category": "csaf_base", 5 | "csaf_version": "2.1", 6 | "distribution": { 7 | "tlp": { 8 | "label": "GREEN" 9 | } 10 | }, 11 | "publisher": { 12 | "category": "other", 13 | "name": "OASIS CSAF TC", 14 | "namespace": "https://csaf.io" 15 | }, 16 | "title": "Mandatory Test: Non-Public Sharing Group with Max UUID (valid example 4)", 17 | "tracking": { 18 | "current_release_date": "2024-01-24T10:00:00.000Z", 19 | "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-38-14", 20 | "initial_release_date": "2024-01-24T10:00:00.000Z", 21 | "revision_history": [ 22 | { 23 | "date": "2024-01-24T10:00:00.000Z", 24 | "number": "1", 25 | "summary": "Initial version." 26 | } 27 | ], 28 | "status": "final", 29 | "version": "1" 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /csaf_2.1/test/validator/data/oasis_csaf_tc-csaf_2_1-2024-TEMPLATE.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "category": "csaf_base", 5 | "csaf_version": "2.1", 6 | "distribution": { 7 | "tlp": { 8 | "label": "CLEAR" 9 | } 10 | }, 11 | "publisher": { 12 | "category": "other", 13 | "name": "OASIS CSAF TC", 14 | "namespace": "https://csaf.io" 15 | }, 16 | "title": "Template for generating CSAF files for Validator examples", 17 | "tracking": { 18 | "current_release_date": "2024-01-24T10:00:00.000Z", 19 | "id": "OASIS_CSAF_TC-CSAF_2.1-2024-TEMPLATE", 20 | "initial_release_date": "2024-01-24T10:00:00.000Z", 21 | "revision_history": [ 22 | { 23 | "date": "2024-01-24T10:00:00.000Z", 24 | "number": "1", 25 | "summary": "Initial version." 26 | } 27 | ], 28 | "status": "final", 29 | "version": "1" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /csaf_2.1/test/validator/data/recommended/oasis_csaf_tc-csaf_2_1-2024-6-2-12-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "category": "csaf_base", 5 | "csaf_version": "2.1", 6 | "distribution": { 7 | "tlp": { 8 | "label": "CLEAR" 9 | } 10 | }, 11 | "publisher": { 12 | "category": "other", 13 | "name": "OASIS CSAF TC", 14 | "namespace": "https://csaf.io" 15 | }, 16 | "title": "Recommended Test: Missing Document Language (failing example 1)", 17 | "tracking": { 18 | "current_release_date": "2024-01-24T10:00:00.000Z", 19 | "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-12-01", 20 | "initial_release_date": "2024-01-24T10:00:00.000Z", 21 | "revision_history": [ 22 | { 23 | "date": "2024-01-24T10:00:00.000Z", 24 | "number": "1", 25 | "summary": "Initial version." 26 | } 27 | ], 28 | "status": "final", 29 | "version": "1" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /csaf_2.1/test/validator/data/recommended/oasis_csaf_tc-csaf_2_1-2024-6-2-13-01.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "csaf_version": "2.1", 5 | "category": "csaf_base", 6 | "distribution": { 7 | "tlp": { 8 | "label": "CLEAR" 9 | } 10 | }, 11 | "publisher": { 12 | "category": "other", 13 | "name": "OASIS CSAF TC", 14 | "namespace": "https://csaf.io" 15 | }, 16 | "title": "Recommended Test: Sorting (failing example 1)", 17 | "tracking": { 18 | "current_release_date": "2024-01-24T10:00:00.000Z", 19 | "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-13-01", 20 | "initial_release_date": "2024-01-24T10:00:00.000Z", 21 | "revision_history": [ 22 | { 23 | "date": "2024-01-24T10:00:00.000Z", 24 | "number": "1", 25 | "summary": "Initial version." 26 | } 27 | ], 28 | "status": "final", 29 | "version": "1" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /csaf_2.1/test/validator/data/recommended/oasis_csaf_tc-csaf_2_1-2024-6-2-15-11.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "category": "csaf_base", 5 | "csaf_version": "2.1", 6 | "distribution": { 7 | "tlp": { 8 | "label": "CLEAR" 9 | } 10 | }, 11 | "lang": "en", 12 | "publisher": { 13 | "category": "other", 14 | "name": "OASIS CSAF TC", 15 | "namespace": "https://csaf.io" 16 | }, 17 | "title": "Recommended Test: Use of Default Language (valid example 1)", 18 | "tracking": { 19 | "current_release_date": "2024-01-24T10:00:00.000Z", 20 | "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-15-11", 21 | "initial_release_date": "2024-01-24T10:00:00.000Z", 22 | "revision_history": [ 23 | { 24 | "date": "2024-01-24T10:00:00.000Z", 25 | "number": "1", 26 | "summary": "Initial version." 27 | } 28 | ], 29 | "status": "final", 30 | "version": "1" 31 | } 32 | } 33 | } -------------------------------------------------------------------------------- /csaf_2.1/test/validator/data/recommended/oasis_csaf_tc-csaf_2_1-2024-6-2-22-11.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "category": "csaf_base", 5 | "csaf_version": "2.1", 6 | "distribution": { 7 | "tlp": { 8 | "label": "CLEAR" 9 | } 10 | }, 11 | "publisher": { 12 | "category": "other", 13 | "name": "OASIS CSAF TC", 14 | "namespace": "https://csaf.io" 15 | }, 16 | "title": "Recommended Test: Document Tracking ID in Title (valid example 1)", 17 | "tracking": { 18 | "current_release_date": "2024-01-21T10:00:00.000Z", 19 | "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-22-11", 20 | "initial_release_date": "2024-01-21T10:00:00.000Z", 21 | "revision_history": [ 22 | { 23 | "date": "2024-01-21T10:00:00.000Z", 24 | "number": "1", 25 | "summary": "Initial version." 26 | } 27 | ], 28 | "status": "final", 29 | "version": "1" 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /csaf_2.1/test/validator/data/recommended/oasis_csaf_tc-csaf_2_1-2024-6-2-28-11.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "category": "csaf_base", 5 | "csaf_version": "2.1", 6 | "distribution": { 7 | "tlp": { 8 | "label": "CLEAR" 9 | } 10 | }, 11 | "publisher": { 12 | "category": "other", 13 | "name": "OASIS CSAF TC", 14 | "namespace": "https://csaf.io" 15 | }, 16 | "title": "Recommended Test: Usage of Max UUID (valid example 1)", 17 | "tracking": { 18 | "current_release_date": "2024-01-24T10:00:00.000Z", 19 | "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-28-11", 20 | "initial_release_date": "2024-01-24T10:00:00.000Z", 21 | "revision_history": [ 22 | { 23 | "date": "2024-01-24T10:00:00.000Z", 24 | "number": "1", 25 | "summary": "Initial version." 26 | } 27 | ], 28 | "status": "final", 29 | "version": "1" 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /csaf_2.1/test/validator/data/recommended/oasis_csaf_tc-csaf_2_1-2024-6-2-29-12.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "category": "csaf_base", 5 | "csaf_version": "2.1", 6 | "distribution": { 7 | "tlp": { 8 | "label": "AMBER" 9 | } 10 | }, 11 | "publisher": { 12 | "category": "other", 13 | "name": "OASIS CSAF TC", 14 | "namespace": "https://csaf.io" 15 | }, 16 | "title": "Recommended Test: Usage of Nil UUID (valid example 2)", 17 | "tracking": { 18 | "current_release_date": "2024-01-24T10:00:00.000Z", 19 | "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-29-12", 20 | "initial_release_date": "2024-01-24T10:00:00.000Z", 21 | "revision_history": [ 22 | { 23 | "date": "2024-01-24T10:00:00.000Z", 24 | "number": "1", 25 | "summary": "Initial version." 26 | } 27 | ], 28 | "status": "draft", 29 | "version": "1" 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /csaf_2.1/test/validator/data/recommended/oasis_csaf_tc-csaf_2_1-2024-6-2-30-11.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json", 3 | "document": { 4 | "category": "csaf_base", 5 | "csaf_version": "2.1", 6 | "distribution": { 7 | "tlp": { 8 | "label": "CLEAR" 9 | } 10 | }, 11 | "publisher": { 12 | "category": "other", 13 | "name": "OASIS CSAF TC", 14 | "namespace": "https://csaf.io" 15 | }, 16 | "title": "Recommended Test: Usage of Sharing Group on TLP:CLEAR (valid example 1)", 17 | "tracking": { 18 | "current_release_date": "2024-01-24T10:00:00.000Z", 19 | "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-2-30-11", 20 | "initial_release_date": "2024-01-24T10:00:00.000Z", 21 | "revision_history": [ 22 | { 23 | "date": "2024-01-24T10:00:00.000Z", 24 | "number": "1", 25 | "summary": "Initial version." 26 | } 27 | ], 28 | "status": "final", 29 | "version": "1" 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /cvrf_1.2/CVRF_repositories.md: -------------------------------------------------------------------------------- 1 | # Existing CVRF Repositories 2 | 3 | The following is a list of existing CVRF repositories from different vendors, MITRE, and the community. 4 | 5 | - MITRE: [Repository](https://cve.mitre.org/data/downloads/index.html) 6 | - REDHAT: [Repository](https://www.redhat.com/security/data/cvrf) and [API](https://access.redhat.com/documentation/en-us/red_hat_security_data_api/1.0/html-single/red_hat_security_data_api/index#cvrf) 7 | - CISCO: [Repository](https://tools.cisco.com/security/center/cvrfListing.x) and [openVuln API](https://developer.cisco.com/psirt) 8 | - MICROSOFT: [API](https://github.com/microsoft/MSRC-Microsoft-Security-Updates-API) 9 | - ORACLE: CVRF files can be downloaded at the "Reference" section of each security advisory. 10 | -------------------------------------------------------------------------------- /cvrf_1.2/README.md: -------------------------------------------------------------------------------- 1 | # CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 2 | 3 | This directory contains material which is related to CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2. As CSAF CVRF 1.2 was superseeded by CSAF 2.0, the files are not longer updated. 4 | They may contain information that is not longer valid. They serve historic purposes. 5 | -------------------------------------------------------------------------------- /cvrf_1.2/artifact_linkage/tc-csaf_artifact-linkage-concepts.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/artifact_linkage/tc-csaf_artifact-linkage-concepts.pdf -------------------------------------------------------------------------------- /cvrf_1.2/contributions/CVRF-dictionary-1.1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/contributions/CVRF-dictionary-1.1.pdf -------------------------------------------------------------------------------- /cvrf_1.2/contributions/CVRF-mindmap-1.1-2.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/contributions/CVRF-mindmap-1.1-2.pdf -------------------------------------------------------------------------------- /cvrf_1.2/contributions/ICASI_CVRF1.1_White_Paper-2.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/contributions/ICASI_CVRF1.1_White_Paper-2.pdf -------------------------------------------------------------------------------- /cvrf_1.2/contributions/cvrf1.1/catalog: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-1.2-csd01-wd01-2017-05-24.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-1.2-csd01-wd01-2017-05-24.zip -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-csd02-wd01-2017-08-30-html.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-csd02-wd01-2017-08-30-html.zip -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-csd02-wd01-2017-08-30.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-csd02-wd01-2017-08-30.docx -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-csd02-wd01-2017-08-30.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-csd02-wd01-2017-08-30.pdf -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-03-10.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-03-10.docx -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-03-10.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-03-10.pdf -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-03-24.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-03-24.docx -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-03-24.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-03-24.pdf -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-03-29-final.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-03-29-final.docx -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.docx -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image001.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image001.png -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image002.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image002.png -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image003.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image003.png -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image004.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image004.png -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image005.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image005.png -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image006.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image006.png -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image007.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image007.png -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image008.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image008.png -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image009.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image009.png -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image010.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image010.png -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image011.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image011.png -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image012.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image012.png -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image013.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image013.png -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image014.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image014.png -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image015.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.fld/image015.png -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.html -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-2017-05-24.pdf -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-20170312.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-20170312.docx -------------------------------------------------------------------------------- /cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-20170312.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/cvrf_1.2/csaf_cvrf/csaf-cvrf-v1.2-wd01-20170312.pdf -------------------------------------------------------------------------------- /notes/images/image_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oasis-tcs/csaf/9298a55785bdcc95d8d958003b1ffbeaac593811/notes/images/image_1.png --------------------------------------------------------------------------------