Skip to content

Add comprehensive ADP (Authorized Data Publishers) support tests#118

Open
jgamblin wants to merge 2 commits intoRedHatProductSecurity:masterfrom
jgamblin:enhance-adp-support
Open

Add comprehensive ADP (Authorized Data Publishers) support tests#118
jgamblin wants to merge 2 commits intoRedHatProductSecurity:masterfrom
jgamblin:enhance-adp-support

Conversation

@jgamblin
Copy link
Copy Markdown

@jgamblin jgamblin commented Mar 24, 2026

Summary

This PR adds comprehensive test coverage for ADP (Authorized Data Publishers) containers. The ADP publishing functionality was already implemented in cvelib, but this PR ensures it works correctly for various ADP use cases including the SADP pilot and other ADP analyses.

Changes

Test Data Files

  • adp-basic-example.json: Minimal ADP container with required metadata and references
  • adp-advanced-example.json: Advanced ADP with affected products, descriptions, and multiple references

Test Coverage

Added TestAdpSupport class with 7 comprehensive tests:

  1. test_adp_basic_schema_validation: Validates basic ADP containers
  2. test_adp_advanced_schema_validation: Validates advanced ADP with multiple properties
  3. test_adp_minimal_required_fields: Tests minimal required field compliance
  4. test_adp_with_metrics_and_descriptions: ADP containers with descriptions and metrics
  5. test_adp_container_extraction: Verifies correct extraction from full CVE records
  6. test_adp_multiple_references: ADP with multiple reference URLs
  7. test_adp_with_affected_products: ADP documenting affected products (SADP pilot use case)

Key Features Tested

✅ Basic ADP container validation
✅ Advanced ADP with descriptions and references
✅ ADP with affected product information
✅ ADP container extraction from full CVE records
✅ Schema compliance for various ADP content types
✅ SADP pilot use cases (affected products, descriptions)
✅ Multiple reference support

Testing

  • All 44 tests pass (37 existing + 7 new)
  • Covers basic, advanced, and edge case scenarios
  • Validates schema compliance for ADP containers
  • Tests integration with existing ADP publishing functionality

Implementation Notes

The ADP publishing feature was already implemented in cvelib with:

  • CveApi.publish_adp() method for publishing ADP containers
  • cli.publish-adp command for CLI access
  • Full schema validation support
  • Interactive mode support for confirmations

This PR enhances the test coverage to ensure the implementation works correctly for various ADP use cases, particularly for:

  • SADP (Shared Authorized Data Publisher) pilot programs
  • Alternative Data Publishers with custom content
  • ADP containers with metrics (SSVC, CVSS)
  • ADP containers documenting affected products

Resolves

Closes #114 - New feature: ADP support

jgamblin added 2 commits March 24, 2026 09:33
@jgamblin
Add support for CVE Schema 5.2.0
81711b3 
- Download and integrate CVE Schema 5.2.0 bundled schema file
- Extract container-specific schemas for ADP, CNA published, and CNA rejected
- Update README compatibility statement to note 5.2.0 support
- All existing tests pass with new schema
@jgamblin
Add comprehensive ADP (Authorized Data Publishers) support tests
f67be79 
- Add TestAdpSupport class with 7 comprehensive tests
- Create adp-basic-example.json and adp-advanced-example.json test data
- Test ADP containers with various content types:
  - Minimal required fields
  - With descriptions and metrics
  - With affected products (SADP pilot use case)
  - With multiple references
  - ADP container extraction from full records
- Verify schema validation for all ADP container types
- All 44 tests pass successfully (37 existing + 7 new)
@jgamblin jgamblin mentioned this pull request Mar 24, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

New feature: ADP support

1 participant

@jgamblin