Skip to content
Open
Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
7ce125a
Add metric DocumentCSAFRedRestricted
anatheka Apr 23, 2025
7b61616
Add category
anatheka May 28, 2025
45e84c6
Update structure
anatheka May 28, 2025
e84a6ff
Merge branch 'main' into 50-documentcsafredrestricted
anatheka Jun 24, 2025
835a72b
Merge branch 'main' into 50-documentcsafredrestricted
anatheka Jun 24, 2025
36c6d98
Add and update metric
anatheka Jun 25, 2025
0205ad8
Merge branch '50-documentcsafredrestricted' of github.com:Cybersecuri…
anatheka Jun 25, 2025
b2146ba
Merge branch 'main' into 50-documentcsafredrestricted
anatheka Jul 4, 2025
1888106
Merge branch 'main' into 50-documentcsafredrestricted
anatheka Jul 8, 2025
dc61124
Enhance yaml file; update metric
anatheka Jul 9, 2025
ea68a54
Merge branch '50-documentcsafredrestricted' of github.com:Cybersecuri…
anatheka Jul 9, 2025
9aaa0cb
Fix package path
anatheka Jul 9, 2025
7e28276
Update DocumentCSAFRedRestricted.yaml
anatheka Jul 25, 2025
feb82d0
Merge branch 'main' into 50-documentcsafredrestricted
anatheka Jul 25, 2025
16893a1
Merge branch 'main' into 50-documentcsafredrestricted
anatheka Jan 26, 2026
921f8af
Update DocumentCSAFRedRestricted.yaml
anatheka Jan 26, 2026
8ed9dfa
Clean up files
anatheka Jan 26, 2026
e76ec87
Merge branch 'main' into 50-documentcsafredrestricted
anatheka Jan 26, 2026
b112765
Fix merge
anatheka Jan 26, 2026
b64dc46
Clean up
anatheka Jan 26, 2026
e68d3fc
Merge branch 'main' into 50-documentcsafredrestricted
anatheka Jan 27, 2026
a1f7206
Merge branch 'main' into 50-documentcsafredrestricted
anatheka Jan 28, 2026
120345e
Merge branch 'main' into 50-documentcsafredrestricted
anatheka Jan 29, 2026
f34196c
Merge branch 'main' into 50-documentcsafredrestricted
anatheka Jan 30, 2026
09c0434
Add name and update ID
anatheka Jan 30, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# Metadata
id: DocumentCSAFRedRestricted
category: CSAF
description: This rule assesses whether a [SecurityAdvisoryDocument] that provides the property [RemoteDocumentLocation] is access protected by ensuring that the [p1:noAuthentication] property is not utilized.
version: 1.0

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be a string

@anatheka anatheka Jan 26, 2026

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, we do not need a string, the rego file already checks if one of the two labels are available. Furthermore it is checked if noAuthentication is available and that is the part which is not checked by the configuration values.

comments: A SecurityAdvisoryDocument labeled as "Amber" or "Red" must be protected by access controls. The specification can be found at https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#715-requirement-5-tlpamber-and-tlpred.
# Configuration data
Comment thread
anatheka marked this conversation as resolved.
Outdated
configuration:
p1:
operator: ==
targetValue: true
4 changes: 4 additions & 0 deletions metrics/CSAF/DocumentCSAFRedRestricted/data.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"operator": "==",
"target_value": true
}
25 changes: 25 additions & 0 deletions metrics/CSAF/DocumentCSAFRedRestricted/metric.rego
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
package metrics.csaf.document_csaf_red_restricted
Comment thread
anatheka marked this conversation as resolved.
Outdated

import data.compare
import rego.v1
import input as document

default applicable := false

default compliant := false

restricted := ["RED", "AMBER"]

applicable if {
# check resource type
"SecurityAdvisoryDocument" in document.type

# check, if document is restricted (i.e. RED/AMBER) labeled
document.labels.tlp in restricted
}

compliant if {
# RED/AMBER must NOT be freely accessible
auth := document.dataLocation.remoteDataLocation.authenticity
not auth.noAuthentication
}
43 changes: 43 additions & 0 deletions resources/jsonExamples/SecurityAdvisoryDocument.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
{
"creationTime": "2020-07-01T10:09:07Z",
"documentLocation": {
"remoteDocumentLocation": {
"authenticity": {
"certificateBasedAuthentication": {}
},
"path": "https://127.0.0.1:62479/.well-known/csaf/white/2020/some-id.json",
"transportEncryption": {
"cipherSuites": [
{
"authenticationMechanism": "",
"keyExchangeAlgorithm": "",
"macAlgorithm": "SHA-256",
"sessionCipher": "AES-128-GCM"
}
],
"enabled": true,
"enforced": false,
"protocol": "TLS",
"protocolVersion": 1.3
}
}
},
"filetype": "JSON",
"id": "some-id",
"labels": {
"tlp": "RED"
},
"name": "Buffer overflow in Test Product",
"raw": "",
"schemaValidation": {
"errors": [],
"format": "Common Security Advisory Framework",
"schemaUrl": "https://docs.oasis-open.org/csaf/csaf/v2.0/csaf_json_schema.json"
},
"securityFeatures": [],
"type": [
"SecurityAdvisoryDocument",
"Document",
"Resource"
]
}
Loading