GEN-14 requires every <File> in a SWID tag to provide a @size attribute. However, at times, files will be known to vary in deployments, typically due to being compiled as part of the installation process. To account for files that vary, the @n8060:mutable attribute was defined in NISTIR 8060. A varying file is likely to not have a @size known.
At one point, I thought that @n8060:mutable was respected in the GEN-14 test. However, in today's master branch (commit c5b7df1), a mutable file triggers a validation failure.
Who is the bug affecting?
Generators of SWID tags, typically primary SWID tags.
What is affected by this bug?
The validation process ignores necessary semantics.
When does this occur?
Any SWID tag <File ... n8060:mutable="true" /> lacking a @size will trigger this bug.
Review validation-result.xml, especially the element at XPath base-requirement[@id="GEN-14"]/status. It contains FAIL, but should probably contain NOT_APPLICABLE.
Describe the bug
GEN-14 requires every
<File>
in a SWID tag to provide a@size
attribute. However, at times, files will be known to vary in deployments, typically due to being compiled as part of the installation process. To account for files that vary, the@n8060:mutable
attribute was defined in NISTIR 8060. A varying file is likely to not have a@size
known.At one point, I thought that
@n8060:mutable
was respected in the GEN-14 test. However, in today'smaster
branch (commit c5b7df1), a mutable file triggers a validation failure.Who is the bug affecting?
Generators of SWID tags, typically primary SWID tags.
What is affected by this bug?
The validation process ignores necessary semantics.
When does this occur?
Any SWID tag
<File ... n8060:mutable="true" />
lacking a@size
will trigger this bug.How do we replicate the issue?
swidval
.validation-result.xml
, especially the element at XPathbase-requirement[@id="GEN-14"]/status
. It containsFAIL
, but should probably containNOT_APPLICABLE
.Expected behavior (i.e. solution)
Validation should not fail.
Other Comments