Skip to content

Commit

Permalink
Merge pull request #450 from oasis-tcs/editor-revision-2022-02-23
Browse files Browse the repository at this point in the history
  • Loading branch information
@santosomar
santosomar authored Mar 3, 2022
2 parents ec75ef0 + 5d358fe commit 98992c1
Show file tree
Hide file tree
Showing 81 changed files with 2,079 additions and 534 deletions.
8 changes: 8 additions & 0 deletions csaf_2.0/examples/ROLIE/example-01-feed-tlp-white.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,14 @@
{
"rel": "self",
"href": "https://psirt.domain.tld/advisories/csaf/2020/2020-ESA-001.json"
},
{
"rel": "hash",
"href": "https://psirt.domain.tld/advisories/csaf/2020/2020-ESA-001.json.sha512"
},
{
"rel": "signature",
"href": "https://psirt.domain.tld/advisories/csaf/2020/2020-ESA-001.json.asc"
}
],
"published": "2021-01-01T11:00Z",
Expand Down
10 changes: 6 additions & 4 deletions csaf_2.0/examples/csaf/CVE-2018-0171-modified.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2483,10 +2483,12 @@
"vulnerabilities": [
{
"title": "Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability",
"id": {
"system_name": "Cisco Bug ID",
"text": "CSCvg76186"
},
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvg76186"
}
],
"notes": [
{
"title": "Summary",
Expand Down
2 changes: 1 addition & 1 deletion csaf_2.0/examples/csaf/cvrf-rhba-2018-0489-modified.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"document": {
"lang": "en",
"title": "Red Hat Bug Fix Advisory: Red Hat OpenShift Container Platform 3.9 RPM Release Advisory",
"category": "security_advisory",
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"publisher": {
"category": "vendor",
Expand Down
2 changes: 1 addition & 1 deletion csaf_2.0/examples/provider-metadata/example-01-provider-metadata.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
"list_on_CSAF_aggregators": true,
"metadata_version": "2.0",
"mirror_on_CSAF_aggregators": true,
"pgp_keys": [
"public_openpgp_keys": [
{
"fingerprint": "8F5F267907B2C4559DB360DB2294BA7D2B2298B1",
"url": "https://keys.example.net/vks/v1/by-fingerprint/8F5F267907B2C4559DB360DB2294BA7D2B2298B1"
Expand Down
137 changes: 104 additions & 33 deletions csaf_2.0/json_schema/csaf_json_schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,7 @@
"product_family",
"product_name",
"product_version",
"product_version_range",
"service_pack",
"specification",
"vendor"
Expand Down Expand Up @@ -207,8 +208,8 @@
"title": "Value of the cryptographic hash",
"description": "Contains the cryptographic hash value in hexadecimal representation.",
"type": "string",
"minLength": 32,
"pattern": "^[0-9a-fA-F]{32,}$",
"minLength": 32,
"examples": [
"37df33cb7464da5c7f077f4d56a32bc84987ec1d85b234537c1c1a4d4fc8d09dc29e2e762cb5203677bf849a2855a0283710f1f5fe1d6ce8d5ac85c645d0fcb3",
"4775203615d9534a8bfca96a93dc8b461a489f69124a130d786b42204f3341cc",
Expand All @@ -232,6 +233,19 @@
}
}
},
"model_numbers": {
"title": "List of models",
"description": "Contains a list of parts, or full model numbers.",
"type": "array",
"minItems": 1,
"uniqueItems": true,
"items": {
"title": "Model number",
"description": "Contains a part, or a full model number of the component to identify.",
"type": "string",
"minLength": 1
}
},
"purl": {
"title": "package URL representation",
"description": "The package URL (purl) attribute refers to a method for reliably identifying and locating software packages external to this specification.",
Expand All @@ -257,6 +271,7 @@
"description": "Contains a list of parts, or full serial numbers.",
"type": "array",
"minItems": 1,
"uniqueItems": true,
"items": {
"title": "Serial number",
"description": "Contains a part, or a full serial number of the component to identify.",
Expand Down Expand Up @@ -529,12 +544,13 @@
"title": "Document category",
"description": "Defines a short canonical name, chosen by the document producer, which will inform the end user as to the category of document.",
"type": "string",
"pattern": "^[^\\s\\-_\\.](.*[^\\s\\-_\\.])?$",
"minLength": 1,
"examples": [
"Example Company Security Notice",
"generic_csaf",
"security_advisory",
"vex"
"csaf_base",
"csaf_security_advisory",
"csaf_vex",
"Example Company Security Notice"
]
},
"csaf_version": {
Expand Down Expand Up @@ -774,6 +790,7 @@
"title": "Unique identifier for the document",
"description": "The ID is a simple label that provides for a wide range of numbering values, types, and schemes. Its value SHOULD be assigned and maintained by the original document issuing authority.",
"type": "string",
"pattern": "^[\\S](.*[\\S])?$",
"minLength": 1,
"examples": [
"Example Company - 2019-YH3234",
Expand Down Expand Up @@ -808,6 +825,12 @@
"type": "string",
"format": "date-time"
},
"legacy_version": {
"title": "Legacy version of the revision",
"description": "Contains the version string used in an existing document with the same content.",
"type": "string",
"minLength": 1
},
"number": {
"$ref": "#/$defs/version_t"
},
Expand Down Expand Up @@ -1005,34 +1028,82 @@
"type": "string",
"format": "date-time"
},
"id": {
"title": "ID",
"description": "Gives the document producer a place to publish a unique label or tracking ID for the vulnerability (if such information exists).",
"type": "object",
"required": [
"system_name",
"text"
],
"properties": {
"system_name": {
"title": "System name",
"description": "Indicates the name of the vulnerability tracking or numbering system.",
"type": "string",
"minLength": 1,
"examples": [
"Cisco Bug ID",
"GitHub Issue"
]
},
"text": {
"title": "Text",
"description": "Is unique label or tracking ID for the vulnerability (if such information exists).",
"type": "string",
"minLength": 1,
"examples": [
"CSCso66472",
"oasis-tcs/csaf#210"
]
"flags": {
"title": "List of flags",
"description": "Contains a list of machine readable flags.",
"type": "array",
"minItems": 1,
"uniqueItems": true,
"items": {
"title": "Flag",
"description": "Contains product specific information in regard to this vulnerability as a single machine readable flag.",
"type": "object",
"required": [
"label"
],
"properties": {
"date": {
"title": "Date of the flag",
"description": "Contains the date when assessment was done or the flag was assigned.",
"type": "string",
"format": "date-time"
},
"group_ids": {
"$ref": "#/$defs/product_groups_t"
},
"label": {
"title": "Label of the flag",
"description": "Specifies the machine readable label.",
"type": "string",
"enum": [
"component_not_present",
"inline_mitigations_already_exist",
"vulnerable_code_cannot_be_controlled_by_adversary",
"vulnerable_code_not_in_execute_path",
"vulnerable_code_not_present"
]
},
"product_ids": {
"$ref": "#/$defs/products_t"
}
}
}
},
"ids": {
"title": "List of IDs",
"description": "Represents a list of unique labels or tracking IDs for the vulnerability (if such information exists).",
"type": "array",
"minItems": 1,
"uniqueItems": true,
"items": {
"title": "ID",
"description": "Contains a single unique label or tracking ID for the vulnerability.",
"type": "object",
"required": [
"system_name",
"text"
],
"properties": {
"system_name": {
"title": "System name",
"description": "Indicates the name of the vulnerability tracking or numbering system.",
"type": "string",
"minLength": 1,
"examples": [
"Cisco Bug ID",
"GitHub Issue"
]
},
"text": {
"title": "Text",
"description": "Is unique label or tracking ID for the vulnerability (if such information exists).",
"type": "string",
"minLength": 1,
"examples": [
"CSCso66472",
"oasis-tcs/csaf#210"
]
}
}
}
},
Expand Down
10 changes: 5 additions & 5 deletions csaf_2.0/json_schema/provider_json_schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,21 +164,21 @@
"type": "boolean",
"default": true
},
"pgp_keys": {
"title": "List of PGP keys",
"description": "Contains a list of pgp keys used to sign CSAF documents.",
"public_openpgp_keys": {
"title": "List of public OpenPGP keys",
"description": "Contains a list of OpenPGP keys used to sign CSAF documents.",
"type": "array",
"items": {
"title": "PGP keys",
"description": "Contains all information about a pgp keys used to sign CSAF documents.",
"description": "Contains all information about an OpenPGP key used to sign CSAF documents.",
"type": "object",
"required": [
"url"
],
"properties": {
"fingerprint": {
"title": "Fingerprint of the key",
"description": "Contains the fingerprint of the pgp key.",
"description": "Contains the fingerprint of the OpenPGP key.",
"type": "string",
"minLength": 40,
"pattern": "^[0-9a-fA-F]{40,}$"
Expand Down
Loading

0 comments on commit 98992c1

Please sign in to comment.