feat(CSAF2.1): #403 add mandatory test 6.2.39.2

Author: rainer-exxcellent

README.md

@@ -463,6 +463,7 @@ export const recommendedTest_6_2_18: DocumentTest
 export const recommendedTest_6_2_19: DocumentTest
 export const recommendedTest_6_2_20: DocumentTest
 export const recommendedTest_6_2_22: DocumentTest
+export const recommendedTest_6_2_39_2: DocumentTest
 ```
 
 [(back to top)](#bsi-csaf-validator-lib)

csaf_2_1/recommendedTests.js

@@ -31,3 +31,4 @@ export { recommendedTest_6_2_27 } from './recommendedTests/recommendedTest_6_2_2
 export { recommendedTest_6_2_28 } from './recommendedTests/recommendedTest_6_2_28.js'
 export { recommendedTest_6_2_29 } from './recommendedTests/recommendedTest_6_2_29.js'
 export { recommendedTest_6_2_38 } from './recommendedTests/recommendedTest_6_2_38.js'
+export { recommendedTest_6_2_39_2 } from './recommendedTests/recommendedTest_6_2_39_2.js'

csaf_2_1/recommendedTests/recommendedTest_6_2_39_2.js

@@ -0,0 +1,153 @@
+import Ajv from 'ajv/dist/jtd.js'
+import translations from '../../lib/language_specific_translation/translations.js'
+import bcp47 from 'bcp47'
+
+const ajv = new Ajv()
+
+/*
+  This is the jtd schema that needs to match the input document so that the
+  test is activated. If this schema doesn't match it normally means that the input
+  document does not validate against the csaf json schema or optional fields that
+  the test checks are not present.
+ */
+const inputSchema = /** @type {const} */ ({
+  additionalProperties: true,
+  properties: {
+    document: {
+      additionalProperties: true,
+      properties: {
+        category: { type: 'string' },
+      },
+      optionalProperties: {
+        lang: {
+          type: 'string',
+        },
+        notes: {
+          elements: {
+            additionalProperties: true,
+            optionalProperties: {
+              category: {
+                type: 'string',
+              },
+              title: {
+                type: 'string',
+              },
+            },
+          },
+        },
+      },
+    },
+  },
+})
+
+const validateSchema = ajv.compile(inputSchema)
+
+/**
+ * Checks if the document language is specified and not English
+ *
+ * @param {string | undefined} language - The language expression to check
+ * @returns {boolean} True if the language is valid, false otherwise
+ */
+export function isLangSpecifiedAndNotEnglish(language) {
+  return (
+    !!language && !(bcp47.parse(language)?.langtag.language.language === 'en')
+  )
+}
+
+/**
+ *  test whether exactly one item in document notes exists that has the given title.
+ *  and the given category.
+ * @param {({} & { category?: string | undefined; title?: string | undefined; } & Record<string, unknown>)[]} notes
+ * @param {string} titleToFind
+ * @param {string} category
+ * @returns {boolean} True if the language is valid, false otherwise
+ */
+function containsOneNoteWithTitleAndCategory(notes, titleToFind, category) {
+  return (
+    notes.filter(
+      (note) => note.category === category && note.title === titleToFind
+    ).length === 1
+  )
+}
+
+/**
+ * Get the language specific translation of the given i18nKey
+ * @param {{ document: { lang?: string; }; }} doc
+ * @param {string} i18nKey
+ * @return {string | undefined}
+ */
+export function getTranslationInDocumentLang(doc, i18nKey) {
+  if (!doc.document.lang) {
+    return undefined
+  }
+  const language = bcp47.parse(doc.document.lang)?.langtag.language.language
+
+  /** @type {Record<string, Record <string,string>>}*/
+  const translationByLang = translations.translation
+  if (!language || !translationByLang[language]) {
+    return undefined
+  } else {
+    return translationByLang[language][i18nKey]
+  }
+}
+
+/**
+ * If the document language is specified but not English, and the license_expression contains license
+ * identifiers or exceptions that are not listed in the SPDX license list or Aboutcode's "ScanCode LicenseDB",
+ * it MUST be tested that exactly one item in document notes exists that has the language specific translation
+ * of the term License as title. The category of this item MUST be legal_disclaimer.
+ * If no language-specific translation has been recorded, the test MUST be skipped
+ * and output information to the user that no such translation is known.
+ *
+ * @param {unknown} doc
+ */
+export function recommendedTest_6_2_39_2(doc) {
+  /*
+      The `ctx` variable holds the state that is accumulated during the test run and is
+      finally returned by the function.
+     */
+  const ctx = {
+    warnings:
+      /** @type {Array<{ instancePath: string; message: string }>} */ ([]),
+  }
+
+  const noteCategory = 'description'
+
+  if (!validateSchema(doc) || doc.document.category !== 'csaf_withdrawn') {
+    return ctx
+  }
+
+  const withdrawalInDocLang = getTranslationInDocumentLang(
+    doc,
+    'reasoning_for_withdrawal'
+  )
+  if (!withdrawalInDocLang) {
+    ctx.warnings.push({
+      instancePath: '/document/notes',
+      message:
+        'no language specific translation for "Reasoning for Withdrawal" has been recorded',
+    })
+    return ctx
+  }
+
+  if (isLangSpecifiedAndNotEnglish(doc.document.lang)) {
+    const notes = doc.document.notes
+    if (
+      !notes ||
+      !containsOneNoteWithTitleAndCategory(
+        notes,
+        withdrawalInDocLang,
+        'description'
+      )
+    ) {
+      ctx.warnings.push({
+        instancePath: '/document/notes',
+        message:
+          `for document category "csaf_withdrawn" exactly one note must exist ` +
+          `with note category "${noteCategory}" and title "${withdrawalInDocLang}`,
+      })
+    }
+  }
+
+  return ctx
+}

lib/language_specific_translation/translations.js

@@ -0,0 +1,17 @@
+/**
+ * JavaScript version of JSON file: csaf_2.1/language_specific_translation/translations.json
+ */
+export default {
+  $schema:
+    'https://raw.githubusercontent.com/oasis-tcs/csaf/master/csaf_2.1/test/language_specific_translation/translations_json_schema.json',
+  translation_version: '2.1',
+  translation: {
+    de: {
+      license: 'Lizenz',
+      product_description: 'Produktbeschreibung',
+      reasoning_for_supersession: 'Begründung für die Ersetzung',
+      reasoning_for_withdrawal: 'Begründung für die Zurückziehung',
+      superseding_document: 'Ersetzendes Dokument',
+    },
+  },
+}

tests/csaf_2_1/oasis.js

@@ -58,7 +58,6 @@ const excluded = [
   '6.2.36',
   '6.2.37',
   '6.2.39.1',
-  '6.2.39.2',
   '6.2.39.3',
   '6.2.39.4',
   '6.2.40',

tests/csaf_2_1/recommendedTest_6_2_39_2.js

@@ -0,0 +1,39 @@
+import {
+  getTranslationInDocumentLang,
+  recommendedTest_6_2_39_2,
+} from '../../csaf_2_1/recommendedTests/recommendedTest_6_2_39_2.js'
+import { expect } from 'chai'
+import assert from 'node:assert'
+
+describe('recommendedTest_6_2_39_2', function () {
+  it('only runs on relevant documents', function () {
+    assert.equal(recommendedTest_6_2_39_2({}).warnings.length, 0)
+  })
+
+  it('only runs on valid language', function () {
+    assert.equal(
+      recommendedTest_6_2_39_2({
+        document: { lang: '123', license_expression: 'MIT' },
+      }).warnings.length,
+      0
+    )
+  })
+
+  it('check get ReasoningForWithdrawal in document lang', function () {
+    expect(
+      getTranslationInDocumentLang(
+        { document: { lang: 'de' } },
+        'reasoning_for_withdrawal'
+      )
+    ).to.eq('Begründung für die Zurückziehung')
+    expect(
+      getTranslationInDocumentLang(
+        { document: { lang: 'es' } },
+        'reasoning_for_withdrawal'
+      )
+    ).to.eq(undefined)
+    expect(
+      getTranslationInDocumentLang({ document: {} }, 'reasoning_for_withdrawal')
+    ).to.eq(undefined)
+  })
+})