egekorkan
commented
2 years ago The following in manual csv can also be automatically verified:
- [x] "td-expectedResponse-contentType","If the content type of the expected response differs from the content type of the form, the Form instance MUST include a name-value pair with the name response." -> just checking for response contentType should be diff from form contentType
- [x] "td-security-binding","If a Thing requires a specific access mechanism for an interaction, that mechanism MUST be specified in the security configuration of the Thing Description." -> anything not nosec is this
- [x] "td-security-in-query-over-uri","The value uri SHOULD be specified for the name in in a security scheme only if query is not applicable."
- [x] "well-known-operation-types-only","operations types SHOULD NOT be arbitrarily set by servients." -> This is simply checking that op exists in any form
- [x] "privacy-distributed-ids","TD identifiers SHOULD be generated using a distributed mechanism such as UUIDs that provides a high probability of uniqueness." -> This can be done by just checking for uuid?
- [x] "sec-body-name-json-pointer","When used in the context of a body security information location, the value of name MUST be in the form of a JSON pointer [[!RFC6901]] relative to the root of the input DataSchema for each interaction it is used with."
- [x] "sec-body-name-json-pointer-array","character to indicate a non-existent array element when it is necessary to insert an element after the last element of an existing array."
- [x] "sec-security-vocab-auto-in-no-name","If a value of auto is set for the in field of a SecurityScheme, then the name field SHOULD NOT be set." -> this should even be a part of the json schema, https://github.com/w3c/wot-thing-description/issues/1625
- [x] "sec-vuln-auto","The auto security scheme MAY be used if vulnerability scanning is a concern." this is just checking that auto is used
- [x] "td-security-combo-deprecation","However, the use of an array with multiple elements to combine security schemes in a security element is now deprecated, instead a ComboSecurityScheme SHOULD be used." -> this just checking that combo exists with allOf
- [x] "td-security-in-uri-variable","The URIs provided in interactions where a security scheme using uri as the value for in MUST be a URI template including the defined variable."
- [x] "td-security-uri-variables-distinct","The names of URI variables declared in a SecurityScheme MUST be distinct from all other URI variables declared in the TD." -> this needs scripting but it is looking if uri is used and checking if that is not part of normal uriVariables
- [x] "td-text-at-direction","Given that the Thing Description format is based on JSON-LD 1.1 [json-ld11], @direction with the string values ltr, rtl and null value null MAY be used inside the @context to indicate the default text direction for the human readable strings in the entire TD document" -> just checking for
@direction - [x] "tm-compose-instanceName","Optionally an instanceName MAY be provided to associate an individual name to the composed (sub-) Thing Model." -> This is just checking for instanceName
- [x] "tm-compose-name-collision","To avoid name collisions of the sub/child interaction names SHOULD rename the JSON name to the instanceName followed with '' and the interaction name of the sub/child Thing Model." -> this just checking for presence of `` inside a property name when there is a TM used in a TD
- [x] "tm-compose-submodel","f it is desired to provide information that a Thing Model consists of one or more (sub-)Thing Models, the links entries MUST use the "rel":"tm:submodel" that targets to the (sub-) Thing Models." -> just checking if tm:submodel exists
- [x] "tm-context-requirement","Additionally, in order to identify it as a JSON-LD document, Thing Model definitions MUST use the keyword @context at top level with same rules as a Thing Description." -> not even sure why this is not already done
- [x] "tm-placeholder-retyping","If a non string-based value of a JSON name-value pair has a placeholder, the value MUST be (temporarily) typed as string." -> A bit tricky but this is just checking that a placeholder is used for a term that is supposed to be an object
- [x] "tm-placeholder-usecase","In a case where TD instance terms, but not their values, are known in advance, the placeholder labeling MAY be used in a Thing Model." -> this is just checking that a placeholder is used somewhere
- [x] "tm-protocol-security-restriction","A Thing Model MAY NOT contain instance specific Protocol Binding and security information such as endpoint addresses." -> this is just checking that we have lacking forms, lacking security, lacking href etc.
- [x] "tm-tmRef-usecase","For importing pieces of definitions of one or more existing Thing Models, the tm:ref term is introduced that provides the location of an existing (sub-)definition that SHOULD be reused." -> just checking that tmRef is used
- [x] "tm-versioning","When the Thing Model definitions change over time, this SHOULD be reflected in the version container." -> this is just checking that version exists?
The following assertions can be verified automatically:
The value assigned to items in an instance of ArraySchema MUST be serialized as a JSON object or a JSON array containing JSON objects.and can be definitely implemented