feat(CSAF2.1): #287 add mandatory test 6.1.42 - Part of the PURL that differs is appended to the message.

Author: rainer-exxcellent

README.md

@@ -317,7 +317,6 @@ The following tests are not yet implemented and therefore missing:
 - Mandatory Test 6.1.26
 - Mandatory Test 6.1.27.13
 - Mandatory Test 6.1.27.18
-- Mandatory Test 6.1.27.19
 - Mandatory Test 6.1.44
 - Mandatory Test 6.1.45
 - Mandatory Test 6.1.46

csaf-validator-lib.iml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="WEB_MODULE" version="4">
+  <component name="NewModuleRootManager" inherit-compiler-output="true">
+    <exclude-output />
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>

csaf_2_1/mandatoryTests/mandatoryTest_6_1_42.js

@@ -81,36 +81,47 @@ const validate = ajv.compile(inputSchema)
 /**
  *
  * @param {PackageURL | null} firstPurl
- * @param {PackageURL} secondPurl
- * @return {boolean}
+ * @param {PackageURL | null} secondPurl
+ * @return {Array<string>} the parts of the PURLS that differ
  */
-function onlyDifferInQualifiers(firstPurl, secondPurl) {
-  return (
-    !!firstPurl &&
-    firstPurl.type === secondPurl.type &&
-    firstPurl.namespace === secondPurl.namespace &&
-    firstPurl.name === secondPurl.name &&
-    firstPurl.version === secondPurl.version
-  )
+function purlPartsThatDifferExceptQualifiers(firstPurl, secondPurl) {
+  /** @type {Array<string>}*/
+  const partsThatDiffer = []
+
+  if (firstPurl && secondPurl) {
+    if (firstPurl.type !== secondPurl.type) {
+      partsThatDiffer.push('type')
+    }
+    if (firstPurl.namespace !== secondPurl.namespace) {
+      partsThatDiffer.push('namespace')
+    }
+    if (firstPurl.name !== secondPurl.name) {
+      partsThatDiffer.push('name')
+    }
+    if (firstPurl.version !== secondPurl.version) {
+      partsThatDiffer.push('version')
+    }
+  }
+  return partsThatDiffer
 }
 
 /**
  * Validates all given PURLs and check whether the PURLs
  * differ only in qualifiers to the first URL
  *
  * @param {Array<string> | undefined} purls PURLs to check
- * @return {Array<number>} indexes of the PURLs that differ
+ * @return {Array<{index:number, purlParts: Array<string> }>} indexes and parts of the PURLs that differ
  */
 export function checkPurls(purls) {
-  /** @type {Array<number>}*/
+  /** @type {Array<{index:number, purlParts: Array<string> }>} */
   const invalidPurls = []
   if (purls) {
     /** @type {Array<PackageURL | null>} */
     const packageUrls = purls.map((purl) => {
       try {
         return PackageURL.fromString(purl)
       } catch (e) {
-        // ignore
+        // ignore, tested in CSAF 2.1 test 6.1.13
         return null
       }
     })
@@ -121,9 +132,13 @@ export function checkPurls(purls) {
     if (packageUrls.length > 1) {
       const firstPurl = packageUrls[0]
       for (let i = 1; i < packageUrls.length; i++) {
-        const packageUrl = packageUrls[i]
-        if (!packageUrl || !onlyDifferInQualifiers(firstPurl, packageUrl)) {
-          invalidPurls.push(i)
+        /** @type {Array<string>}*/
+        const purlParts = purlPartsThatDifferExceptQualifiers(
+          firstPurl,
+          packageUrls[i]
+        )
+        if (purlParts.length > 0) {
+          invalidPurls.push({ index: i, purlParts: purlParts })
         }
       }
     }
@@ -183,15 +198,14 @@ export function mandatoryTest_6_1_42(doc) {
    * @param {FullProductName} fullProductName The "full product name" object.
    */
   function checkFullProductName(prefix, fullProductName) {
-    const invalidPurlsIndexes = checkPurls(
+    const invalidPurls = checkPurls(
       fullProductName.product_identification_helper?.purls
     )
-    invalidPurlsIndexes.forEach((invalidPurlIndex) => {
+    invalidPurls.forEach((invalidPurl) => {
       ctx.isValid = false
       ctx.errors.push({
-        instancePath: `${prefix}/product_identification_helper/purls/${invalidPurlIndex}`,
-        message:
-          'the PURL differs from the first PURL in other parts than just the qualifiers',
+        instancePath: `${prefix}/product_identification_helper/purls/${invalidPurl.index}`,
+        message: `the PURL differs from the first PURL in the following part(s): ${invalidPurl.purlParts.join()}`,
       })
     })
   }
@@ -205,15 +219,14 @@ export function mandatoryTest_6_1_42(doc) {
    * @param {Branch} branch The "branch" object.
    */
   function checkBranch(prefix, branch) {
-    const invalidPurlsIndexes = checkPurls(
+    const invalidPurls = checkPurls(
       branch.product?.product_identification_helper?.purls
     )
-    invalidPurlsIndexes.forEach((invalidPurlIndex) => {
+    invalidPurls.forEach((invalidPurl) => {
       ctx.isValid = false
       ctx.errors.push({
-        instancePath: `${prefix}/product/product_identification_helper/purls/${invalidPurlIndex}`,
-        message:
-          'the PURL differs from the first PURL in other parts than just the qualifiers',
+        instancePath: `${prefix}/product/product_identification_helper/purls/${invalidPurl.index}`,
+        message: `the PURL differs from the first PURL in the following parts: ${invalidPurl.purlParts.join()}`,
       })
     })
     branch.branches?.forEach((branch, index) => {