search

oasis-tcs / csaf

OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secondary artifacts like meeting minutes and productivity code
https://github.com/oasis-tcs/csaf
Other
150 stars 40 forks source link

Clarification on why test case 6-1-31-12 in CSAF2.0 is supposed to be valid #825

Open oxisto opened 1 week ago

oxisto commented 1 week ago

I am struggling to understand why https://github.com/oasis-tcs/csaf/blob/master/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-31-12.json is supposed to be valid. It contains the product version string after-eight, which is (in my opinion) a clear violation of the test as its written, since the test specifies that the following strings should not be contained in the name:

<
<=
>
>=
after
all
before
earlier
later
prior
versions

The exact wording is "To implement this test it is deemed sufficient that, when converted to lower case, the value of name does not contain any of the following strings". after-eight clearly contains the string after.

I suspect that what is meant that they should not be present as individual tokens separated by whitespace, e.g. "after-eight" is valid and "after eight" is not. However, that is not what the test specifies and it is also treacherous ground because words as well as symbols are included in the "exclude list", so if one chooses to tokenize according to words, e.g. with whitespaces "> 4.2" would be invalid, but ">4.2" would not be. And even then if you consider "word boundaries" in terms of Regex, "after-eight" would still be considered two words and not one.

tschmidtb51 commented 4 days ago

I guess that is also relevant for CSAF 2.1. Indeed, this is not clearly stated what was meant:

So "overall" is not in scope but "all other" would be.

tschmidtb51 commented 4 days ago

@oxisto If you have a suggestion, how to improve the wording, please state it in this issue.

oxisto commented 4 days ago

To implement this test it is deemed sufficient that, when converted to lower case, the value of name

a) does not contain any of the following operators:

<
<=
>
>=

b) and when interpreted as individual words (separated by whitespace) does not contain the following keywords:

after
all
before
earlier
later
prior
versions
oxisto commented 4 days ago

@oxisto If you have a suggestion, how to improve the wording, please state it in this issue.

I gave it a try, not 100 % happy with that yet, I would also suggest to include the "overall" example, that I think makes it quite clear what is meant.