Skip to content

Commit 9298a55

Browse files
authored
Merge pull request #1033 from oasis-tcs/20250603-fixes-to-produce-csd01-rc2
20250603 fixes to produce csd01 rc2
2 parents bf62791 + 22f584a commit 9298a55

10 files changed

+396
-40
lines changed

csaf_2.1/prose/edit/bin/toccata.py

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,14 @@
66

77
ENCODING = 'utf-8'
88
NL = '\n'
9+
SP = ' '
910
COLON = ':'
1011
DASH = '-'
1112
DOT = '.'
1213

14+
LANG_PATCH = '<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">'
15+
LOGO_TARGET = 'https://docs.oasis-open.org/templates/OASISLogo-v3.0.png'
16+
1317
TOC_STARTSWITH_TRIGGER = '<h1 id="table-of-contents'
1418
INTRO_STARTSWITH_TRIGGER = '<h1 id="1-introduction'
1519

@@ -91,6 +95,14 @@ def main(argv: list[str]) -> int:
9195
# print(toc_db[-1])
9296
the_toc = generate_toc(toc_db)
9397
# print(the_toc)
98+
99+
with open('../share/style/base.css', 'rt', encoding=ENCODING) as handle:
100+
base_css = handle.read()
101+
with open('../share/style/skin.css', 'rt', encoding=ENCODING) as handle:
102+
skin_css = handle.read()
103+
with open(LOGO_AT, 'rt', encoding=ENCODING) as handle:
104+
logo_data = handle.read().strip()
105+
94106
with open('build/tmp.html', 'rt', encoding=ENCODING) as handle:
95107
incoming = handle.readlines()
96108

@@ -109,6 +121,17 @@ def main(argv: list[str]) -> int:
109121
outgoing.append(line)
110122
outgoing.append(the_toc)
111123
continue
124+
if line.startswith('<html xmlns'):
125+
line = LANG_PATCH
126+
elif '</style>' in line:
127+
line = NL + base_css + NL + skin_css + NL + line
128+
elif 'style/base.css' in line:
129+
continue
130+
elif 'style/skin.css' in line:
131+
continue
132+
elif LOGO_TARGET in line:
133+
line = line.replace(LOGO_TARGET, logo_data)
134+
112135
outgoing.append(line)
113136

114137
with open('build/injected.html', 'wt', encoding=ENCODING) as handle:

csaf_2.1/prose/edit/etc/section-display-to-label.json

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -278,8 +278,8 @@
278278
"7.1.1": "requirement-1-valid-csaf-document",
279279
"7.1.2": "requirement-2-filename",
280280
"7.1.3": "requirement-3-tls",
281-
"7.1.4": "requirement-4-tlp-white",
282-
"7.1.5": "requirement-5-tlp-amber-and-tlp-red",
281+
"7.1.4": "requirement-4-tlp-clear",
282+
"7.1.5": "requirement-5-tlp-amber-tlp-amber-strict-and-tlp-red",
283283
"7.1.6": "requirement-6-no-redirects",
284284
"7.1.7": "requirement-7-provider-metadata-json",
285285
"7.1.8": "requirement-8-security-txt",
@@ -307,6 +307,11 @@
307307
"7.3": "retrieving-rules",
308308
"7.3.1": "finding-provider-metadata.json",
309309
"7.3.2": "retrieving-csaf-documents",
310+
"7.4": "transition-between-csaf-2-0-and-csaf-2-1",
311+
"7.4.1": "announcing-the-transition",
312+
"7.4.2": "transition-process-for-a-csaf-provider",
313+
"7.4.3": "archive-of-csaf-document-from-previous-version",
314+
"7.4.4": "transition-process-for-a-csaf-aggregator",
310315
"8": "safety-security-and-data-protection-considerations",
311316
"9": "conformance",
312317
"9.1": "conformance-targets",

csaf_2.1/prose/edit/etc/section-label-to-display.json

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,8 @@
1313
"additional-presets": "6.4.3",
1414
"additional-properties": "6.2.20",
1515
"affected-products": "6.1.27.12",
16+
"announcing-the-transition": "7.4.1",
17+
"archive-of-csaf-document-from-previous-version": "7.4.3",
1618
"array-length": "C.2",
1719
"branch-categories": "6.3.9",
1820
"branch-recursion": "5.5",
@@ -241,8 +243,8 @@
241243
"requirement-22-two-disjoint-issuing-parties": "7.1.22",
242244
"requirement-23-mirror": "7.1.23",
243245
"requirement-3-tls": "7.1.3",
244-
"requirement-4-tlp-white": "7.1.4",
245-
"requirement-5-tlp-amber-and-tlp-red": "7.1.5",
246+
"requirement-4-tlp-clear": "7.1.4",
247+
"requirement-5-tlp-amber-tlp-amber-strict-and-tlp-red": "7.1.5",
246248
"requirement-6-no-redirects": "7.1.6",
247249
"requirement-7-provider-metadata-json": "7.1.7",
248250
"requirement-8-security-txt": "7.1.8",
@@ -270,6 +272,9 @@
270272
"string-length": "C.3",
271273
"terminology": "1.2",
272274
"tests": "6",
275+
"transition-between-csaf-2-0-and-csaf-2-1": "7.4",
276+
"transition-process-for-a-csaf-aggregator": "7.4.4",
277+
"transition-process-for-a-csaf-provider": "7.4.2",
273278
"translation": "6.1.28",
274279
"translator": "6.1.15",
275280
"typographical-conventions": "1.5",

csaf_2.1/prose/edit/src/distributing-01-requirements.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ However, there MUST be one copy of the document available for people without acc
2929
> Reasoning: If an advisory is already in the media, an end user should not be forced to collect the pieces of information from a
3030
> press release but be able to retrieve the CSAF document.
3131
32-
### Requirement 5: TLP:AMBER, TLP:AMBER+STRICT and TLP:RED
32+
### Requirement 5: TLP:AMBER, TLP:AMBER+STRICT and TLP:RED{#requirement-5-tlp-amber-tlp-amber-strict-and-tlp-red}
3333

3434
CSAF documents labeled TLP:AMBER, TLP:AMBER+STRICT or TLP:RED MUST be access protected.
3535
If they are provided via a web server this SHALL be done under a different path than for TLP:CLEAR,
@@ -166,7 +166,7 @@ The use of the scheme "HTTPS" is required. See [cite](#RFC8615) for more details
166166
https://www.example.com/.well-known/csaf/provider-metadata.json
167167
```
168168

169-
As specified in [sec](#transition-between-csaf-20-and-csaf-21), the value of `canonical_url` MAY differ from the URL that was
169+
As specified in [sec](#transition-between-csaf-2-0-and-csaf-2-1), the value of `canonical_url` MAY differ from the URL that was
170170
requested as a part of this requirement.
171171
Such state is intended and MUST NOT be reported as error.
172172

csaf_2.1/prose/edit/src/distributing-04-transition-20-21.md

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
## Transition between CSAF 2.0 and CSAF 2.1
1+
## Transition between CSAF 2.0 and CSAF 2.1{#transition-between-csaf-2-0-and-csaf-2-1}
22

33
This subsection details the process that SHOULD be followed when transitioning the distribution of documents from CSAF 2.0 to CSAF 2.1.
44
Different scenarios can be encountered:
@@ -15,7 +15,6 @@ Different scenarios can be encountered:
1515

1616
In the last scenario, a temporary parallel distribution of CSAF 2.0 and CSAF 2.1 documents and provider metadata is RECOMMENDED.
1717
The provider SHOULD announce a transition period containing three points in time:
18-
1918
- The begin of the transition period, where the provider is starting to serve CSAF 2.1 documents, while CSAF 2.0 being authoritative.
2019
> It is expected that the CSAF 2.1 files can be used in production from this point onward.
2120
- The roll-over-date at which CSAF 2.1 becomes authoritative but CSAF 2.0 is still supported.
@@ -47,12 +46,12 @@ The following process SHOULD be followed:
4746
- At the begin of the transition period, a `provider-metadata.json` in conformance to CSAF 2.0 SHOULD be placed at `/.well-known/csaf/provider-metadata.json`.
4847
- The content of the resource SHALL be equal to the resource accessible at `/.well-known/csaf/v2.0/provider-metadata.json`.
4948
- For file-based distribution servers, this MAY be achieved by using a symlink.
50-
Redirects SHALL NOT be used (cf. to requirement [sec](requirement-9-well-known-url-for-provider-metadata-json))
49+
Redirects SHALL NOT be used (cf. to requirement [sec](#requirement-9-well-known-url-for-provider-metadata-json))
5150
- Sometime before the roll-over-date, all existing CSAF 2.0 documents SHOULD be converted to CSAF 2.1.
5251
- A the roll-over-date, a `provider-metadata.json` in conformance to CSAF 2.1 SHOULD be placed at `/.well-known/csaf/provider-metadata.json`.
5352
- The content of the resource SHALL be equal to the resource accessible at `/.well-known/csaf/v2.1/provider-metadata.json`.
5453
- For file-based distribution servers, this MAY be achieved by using a symlink.
55-
Redirects SHALL NOT be used (cf. to requirement [sec](requirement-9-well-known-url-for-provider-metadata-json))
54+
Redirects SHALL NOT be used (cf. to requirement [sec](#requirement-9-well-known-url-for-provider-metadata-json))
5655
- At the end of the transition period, the URL of the CSAF 2.0 `provider-metadata.json` SHOULD be removed from the `security.txt`.
5756
- The unmaintained CSAF 2.0 directory structure and files SHOULD be removed or made inaccessible.
5857
- The CSAF 2.0 documents MAY be archived.

csaf_2.1/prose/edit/src/introduction-03-normative-references.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,9 @@ RFC3339
2727
RFC4180
2828
: Shafranovich, Y., "Common Format and MIME Type for Comma-Separated Values (CSV) Files", RFC 4180, DOI 10.17487/RFC4180, October 2005, <https://www.rfc-editor.org/info/rfc4180>.
2929

30+
RFC7230
31+
: Roy T. Fielding and Julian Reschke, "Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing", RFC 7230, DOI 10.17487/RFC7230, June 2014, <https://www.rfc-editor.org/info/rfc7230>.
32+
3033
RFC7464
3134
: Williams, N., "JavaScript Object Notation (JSON) Text Sequences", RFC 7464, DOI 10.17487/RFC7464, February 2015, <https://www.rfc-editor.org/info/rfc7464>.
3235

@@ -40,4 +43,4 @@ RFC9562
4043
: Davis, K., Peabody, B., and P. Leach, "Universally Unique IDentifiers (UUIDs)", RFC 9562, DOI 10.17487/RFC9562, May 2024, <https://www.rfc-editor.org/info/rfc9562>.
4144

4245
SPDX301
43-
: _The System Package Data Exchange® (SPDX®) Specification Version 3.0.1_, Linux Foundation and its Contributors, 2024, <https://spdx.github.io/spdx-spec/>.
46+
: _The System Package Data Exchange® (SPDX®) Specification Version 3.0.1_, Linux Foundation and its Contributors, 2024, <https://spdx.github.io/spdx-spec/>.

csaf_2.1/prose/edit/src/introduction-04-informative-references.md

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ CVRF-v1.2
2828
: _CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2_. Edited by Stefan Hagen. 13 September 2017. OASIS Committee Specification 01. https://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/csaf-cvrf-v1.2-cs01.html. Latest version: https://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/csaf-cvrf-v1.2.html.
2929

3030
CVSS2
31-
: _A Complete Guide to the Common Vulnerability Scoring System Version 2.0_, P. Mell, K. Scarfone, S. Romanosky, Editors, First.org, Inc., June 2007, https://www.first.org/cvss/cvss-v2-guide.pdf.
31+
: _A Complete Guide to the Common Vulnerability Scoring System Version 2.0_, P. Mell, K. Scarfone, S. Romanosky, Editors, First.org, Inc., June 2007, https://www.first.org/cvss/v2/cvss-v2-guide.pdf.
3232

3333
CVSS30
3434
: _Common Vulnerability Scoring System v3.0: Specification Document_, FIRST.Org, Inc., June 2019, https://www.first.org/cvss/v3.0/cvss-v30-specification_v1.9.pdf.
@@ -84,9 +84,6 @@ RFC4880
8484
RFC7231
8585
: Fielding, R., Ed., and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content", RFC 7231, DOI 10.17487/RFC7231, June 2014, <https://www.rfc-editor.org/info/rfc7231>.
8686

87-
RFC7464
88-
: N. Williams., "JavaScript Object Notation (JSON) Text Sequences", RFC 7464, DOI 10.17487/RFC7464, February 2015, <https://www.rfc-editor.org/info/rfc7464>.
89-
9087
RFC8322
9188
: Field, J., Banghart, S., and D. Waltermire, "Resource-Oriented Lightweight Information Exchange (ROLIE)", RFC 8322, DOI 10.17487/RFC8322, February 2018, <https://www.rfc-editor.org/info/rfc8322>.
9289

csaf_2.1/prose/edit/src/tests-04-presets.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ Additional presets are defined as follows:
4848
> This is intended to be used for browser-based tools as external requests may result in CORS issues.
4949
> Request over network to a tool that is delivered with or an install requirement for a CSAF validator are not considered external.
5050
- Set: `full` excluding tests [sec](#use-of-non-self-referencing-urls-failing-to-resolve)
51-
and [sec](use-of-self-referencing-urls-failing-to-resolve)
51+
and [sec](#use-of-self-referencing-urls-failing-to-resolve)
5252
- `consistent-revision-history`:
5353
- Description: Any test that is related to the revision history and ensures consistence within it.
5454
- Set:

0 commit comments

Comments
 (0)