Skip to content

Commit

Permalink
Merge pull request #673 from CVEProject/srl-563
Browse files Browse the repository at this point in the history 
#563 Update schemas to rc7. Remove unused RejectExisting schema file
  • Loading branch information
@jdaigneau5
jdaigneau5 authored May 17, 2022
2 parents 4f0a41c + 3ebc00b commit bdc30f7
Show file tree
Hide file tree
Showing 5 changed files with 83 additions and 181 deletions.
81 changes: 41 additions & 40 deletions src/controller/cve.controller/cna_container_schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@
"description": "A universal resource identifier (URI), according to [RFC 3986](https://tools.ietf.org/html/rfc3986).",
"type": "string",
"format": "uri",
"minLength": 1
"minLength": 1,
"maxLength": 2048
},
"uuidType": {
"description": "A version 4 (random) universally unique identifier (UUID) as defined by [RFC 4122](https://tools.ietf.org/html/rfc4122#section-4.1.3).",
Expand All @@ -26,11 +27,11 @@
"name": {
"description": "User created name for the reference, often the title of the page.",
"type": "string",
"maxLength": 500,
"maxLength": 512,
"minLength": 1
},
"tags": {
"description": "an array of one or more tags that describe the resource referenced by 'url'.",
"description": "An array of one or more tags that describe the resource referenced by 'url'.",
"type": "array",
"minItems": 1,
"uniqueItems": true,
Expand Down Expand Up @@ -76,21 +77,21 @@
"pattern": "^CVE-[0-9]{4}-[0-9]{4,19}$"
},
"orgId": {
"description": "a UUID for an organization participating in the CVE program. This UUID can be used to lookup the organization record in the user registry service.",
"description": "A UUID for an organization participating in the CVE program. This UUID can be used to lookup the organization record in the user registry service.",
"$ref": "#/definitions/uuidType"
},
"userId": {
"description": "a UUID for a user participating in the CVE program. This UUID can be used to lookup the user record in the user registry service.",
"description": "A UUID for a user participating in the CVE program. This UUID can be used to lookup the user record in the user registry service.",
"$ref": "#/definitions/uuidType"
},
"shortName": {
"description": "a 2-32 character name that can be used to complement an organization's UUID.",
"description": "A 2-32 character name that can be used to complement an organization's UUID.",
"type": "string",
"minLength": 2,
"maxLength": 32
},
"datestamp": {
"description": "Date/time format based on RFC3339 and ISO ISO8601",
"description": "Date/time format based on RFC3339 and ISO ISO8601.",
"type": "string",
"format": "date",
"pattern": "^((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30))$"
Expand Down Expand Up @@ -118,33 +119,19 @@
},
"providerMetadata": {
"type": "object",
"description": "will be updated to coordinate with CVE user registry, current identifier is an email address.",
"description": "Details related to the information container provider (CNA or ADP).",
"properties": {
"orgId": {
"$ref": "#/definitions/orgId",
"description": "the container provider's organizational UUID"
"description": "The container provider's organizational UUID"
},
"shortName": {
"$ref": "#/definitions/shortName",
"description": "the container provider's organizational short name"
"description": "The container provider's organizational short name"
},
"dateUpdated": {
"$ref": "#/definitions/timestamp",
"description": "Timestamp to be set by the system of record at time of submission. If updated is provided to the system of record it will be replaced by the current timestamp at the time of submission. If a provider has multiple contributions, they shall be consolidated to a final single contribution before submission, or the system of record will reject the input with, Rejected – simultaneous contributions by a single provider."
},
"dateAssigned": {
"$ref": "#/definitions/timestamp",
"description": "The date/time this CVE ID was associated with a vulnerability by a CNA."
},
"datePublic": {
"$ref": "#/definitions/timestamp",
"description": "if known, the date/time the vulnerability was disclosed publicly."
},
"title": {
"type": "string",
"description": "Short title - if the description is long we may want a short title to refer to",
"minLength": 1,
"maxLength": 128
"description": "Timestamp to be set by the system of record at time of submission. If dateUpdated is provided to the system of record it will be replaced by the current timestamp at the time of submission. If a provider has multiple contributions, they shall be consolidated to a final single contribution before submission, or the system of record will reject the input with, Rejected – simultaneous contributions by a single provider."
}
},
"required": [
Expand Down Expand Up @@ -197,7 +184,7 @@
"type": "string",
"description": "Name of the affected product.",
"minLength": 1,
"maxLength": 2058
"maxLength": 2048
},
"collectionURL": {
"description": "URL identifying a package collection (determines meaning of packageName).",
Expand Down Expand Up @@ -272,7 +259,7 @@
"type": "string",
"description": "Name or identifier of the affected software package as used in the package collection.",
"minLength": 1,
"maxLength": 2058
"maxLength": 2048
},
"cpes": {
"type": "array",
Expand All @@ -284,7 +271,7 @@
"description": "Common Platform Enumeration (CPE) Name in either 2.2 or 2.3 format",
"pattern": "([c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9._\\-~%]*){0,6})|(cpe:2\\.3:[aho*\\-](:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[*\\-]))(:(((\\?*|\\*?)([a-zA-Z0-9\\-._]|(\\\\[\\\\*?!\"#$%&'()+,/:;<=>@\\[\\]\\^`{|}~]))+(\\?*|\\*?))|[*\\-])){4})",
"minLength": 1,
"maxLength": 2000
"maxLength": 2048
}
},
"modules": {
Expand All @@ -295,7 +282,7 @@
"type": "string",
"description": "Name of the affected component, feature, module, sub-component, sub-product, API, command, utility, program, or functionality (optional).",
"minLength": 1,
"maxLength": 4000
"maxLength": 4096
}
},
"programFiles": {
Expand All @@ -322,7 +309,7 @@
"type": "string",
"description": "Name of the affected source code file, function, method, subroutine, or procedure.",
"minLength": 1,
"maxLength": 4000
"maxLength": 4096
}
}
}
Expand Down Expand Up @@ -474,7 +461,7 @@
"type": "string",
"description": "Plain text description.",
"minLength": 1,
"maxLength": 4000
"maxLength": 4096
},
"supportingMedia": {
"type": "array",
Expand Down Expand Up @@ -559,14 +546,14 @@
"type": "string",
"description": "string description of problemType, or title from CWE or OWASP",
"minLength": 1,
"maxLength": 4000
"maxLength": 4096
},
"cweId": {
"type": "string",
"description": "CWE ID of the CWE that best describes this problemType entry",
"minLength": 5,
"maxLength": 9,
"pattern": "^CWE-[1-9][0-9]+$"
"pattern": "^CWE-[1-9][0-9]*$"
},
"type": {
"type": "string",
Expand Down Expand Up @@ -594,7 +581,7 @@
"$ref": "#/definitions/reference"
},
"minItems": 1,
"maxItems": 500,
"maxItems": 512,
"uniqueItems": true
},
"impacts": {
Expand Down Expand Up @@ -675,7 +662,7 @@
"default": "GENERAL",
"description": "Description of the scenario this metrics object applies to. If no specific scenario is given, GENERAL is used as the default and applies when no more specific metric matches.",
"minLength": 1,
"maxLength": 4000
"maxLength": 4096
}
},
"required": [
Expand Down Expand Up @@ -1463,7 +1450,7 @@
"description": "A summary of the event.",
"type": "string",
"minLength": 1,
"maxLength": 4000
"maxLength": 4096
}
}
}
Expand All @@ -1483,7 +1470,7 @@
"value": {
"type": "string",
"minLength": 1,
"maxLength": 4000
"maxLength": 4096
},
"user": {
"description": "UUID of the user being credited if present in the CVE User Registry (optional). This UUID can be used to lookup the user record in the user registry service.",
Expand Down Expand Up @@ -1567,7 +1554,7 @@
"type": "string",
"description": "Identifier of the item in the taxonomy. Used as the subject of the relationship.",
"minLength": 1,
"maxLength": 2000
"maxLength": 2048
},
"relationshipName": {
"type": "string",
Expand All @@ -1579,7 +1566,7 @@
"type": "string",
"description": "The target of the relationship. Can be the CVE ID or another taxonomy identifier",
"minLength": 1,
"maxLength": 2000
"maxLength": 2048
}
}
}
Expand Down Expand Up @@ -1626,6 +1613,20 @@
"providerMetadata": {
"$ref": "#/definitions/providerMetadata"
},
"dateAssigned": {
"$ref": "#/definitions/timestamp",
"description": "The date/time this CVE ID was associated with a vulnerability by a CNA."
},
"datePublic": {
"$ref": "#/definitions/timestamp",
"description": "if known, the date/time the vulnerability was disclosed publicly."
},
"title": {
"type": "string",
"description": "A title, headline, or a brief phrase summarizing the of the CVE record. Eg., Buffer overflow in Example Soft.",
"minLength": 1,
"maxLength": 256
},
"descriptions": {
"$ref": "#/definitions/descriptions"
},
Expand Down Expand Up @@ -1678,7 +1679,7 @@
"references"
],
"patternProperties": {
"^x_": {}
"^x_[^.]*$": {}
},
"additionalProperties": false
}
Expand Down
Loading

0 comments on commit bdc30f7

Please sign in to comment.