csaf_distribution
csaf_distribution copied to clipboard
csaf-poc
Tools to download or provide CSAF (Common Security Advisory Framework) documents.
All overall work to get the next minor version released. It is _service+dev_ as need to deploy improvements.
This pull request includes initial support to mock CSAF Provider, which allows the writing of extensive tests that can test behaviors that cannot be tested with "simple" unit tests.
If a `provider-metadata.json` is loaded that violates the schema, an error message is printed. This error message does not list the reason for the violation.
As https://oasis-open.github.io/csaf-documentation/tools.html directly links to https://github.com/csaf-poc/csaf_distribution/blob/main/docs/csaf_downloader.md it makes sense to add two things to the page: a) a hint of simple usage example, aka "just use it with your domain"....
This should be done by checking if the entries match the patterns, and should be especially tailored towards https://github.com/csaf-poc/csaf_distribution/issues/559. [An explanation of the schema can be seen here.](https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3-schema-elements) [The relevant...
The library should be able to create a [full_product_name_t/name](https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3222-product-tree-property---full-product-names) via the concatenation of the overarching structures. (For comparison also see [secvisogram](https://github.com/BSI-Bund/secvisogram)).
There should be a function that returns a [VEX](https://docs.oasis-open.org/csaf/csaf/v2.0/csd01/csaf-v2.0-csd01.html#45-profile-5-vex)-mapping of the entire dataset that shows a combination of all products, productstatus, their vulnerabilities and justifications (via threats) or their remediations...
There should be a function to list all product_ids within the dataset along with the corresponding [full_product_name_t/name](https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#313-full-product-name-type) and [product_identification_helpers](https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3133-full-product-name-type---product-identification-helper). There should also be a function to list all product_identification_helpers and...
It would be beneficial to add a function for the creation of a new [product_id or group_id](https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3223-product-tree-property---product-groups) within the current dataset should none be provided when creating a new [full_product_name...
The following values should be able to be calculated - [ ] [The the CVSS-scores and severities as well as their validity based on all known data for all cvss-versions](https://www.first.org/cvss/v3-1/cvss-v31-specification_r1.pdf)...