Clarification on why test case 6-1-31-12 in CSAF2.0 is supposed to be valid #825
Description
I am struggling to understand why https://github.com/oasis-tcs/csaf/blob/master/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-31-12.json is supposed to be valid. It contains the product version string after-eight, which is (in my opinion) a clear violation of the test as its written, since the test specifies that the following strings should not be contained in the name:
<
<=
>
>=
after
all
before
earlier
later
prior
versions
The exact wording is "To implement this test it is deemed sufficient that, when converted to lower case, the value of name does not contain any of the following strings". after-eight clearly contains the string after.
I suspect that what is meant that they should not be present as individual tokens separated by whitespace, e.g. "after-eight" is valid and "after eight" is not. However, that is not what the test specifies and it is also treacherous ground because words as well as symbols are included in the "exclude list", so if one chooses to tokenize according to words, e.g. with whitespaces "> 4.2" would be invalid, but ">4.2" would not be. And even then if you consider "word boundaries" in terms of Regex, "after-eight" would still be considered two words and not one.