Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cannot publish CVE v5 record with vendor, product, collectionURL and packageName #931

Closed
1 task done
tatianab opened this issue Nov 29, 2022 · 0 comments · Fixed by #935
Closed
1 task done

cannot publish CVE v5 record with vendor, product, collectionURL and packageName #931

tatianab opened this issue Nov 29, 2022 · 0 comments · Fixed by #935
Assignees
@jdaigneau5

Comments

@tatianab
Copy link

tatianab commented Nov 29, 2022
edited by jdaigneau5
Loading

Prerequisites

  • Put an X between the brackets on this line if you have done all of the following:
    • Checked the FAQs on the message board for common solutions: (TBD)
    • Checked that your issue isn't already filed.

Description

Based on my reading of https://github.com/CVEProject/cve-schema/blob/master/schema/v5.0/CVE_JSON_5.0_schema.json,
the fields vendor, product, collectionURL and packageName should all be able to be set within the same affected block. However, when I attempt to publish such a record via CVE Services API, validation fails.

Steps to Reproduce

  1. HTTP PUT "https://cveawg.mitre.org/api/cve/CVE-2022-41716/cna" with record https://github.com/golang/vulndb/blob/master/data/cve/v5/GO-2022-1095.json

Expected behavior:

Successful publish

Actual behavior:

Error

400 Bad Request: INVALID_JSON_SCHEMA: CVE cnaContainer JSON schema validation FAILED.
  /cnaContainer/affected/0: must match exactly one schema in oneOf
  /cnaContainer/affected/1: must match exactly one schema in oneOf
jdaigneau5 added a commit that referenced this issue Nov 30, 2022
@jdaigneau5
#931 Changed cna_container_schema.json to product oneOf to anyOf
32a1eea
@jdaigneau5 jdaigneau5 mentioned this issue Nov 30, 2022
Merged
slubar added a commit that referenced this issue Dec 1, 2022
@slubar
Merge pull request #935 from CVEProject/jd-931
d14bf94 
Resolves #931 Fixes CVE v5 schema submission bug related to 'product' field
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jdaigneau5 jdaigneau5

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Resolves #931 Fixes CVE v5 schema submission bug related to 'product' field CVEProject/cve-services
2 participants
@tatianab @jdaigneau5