define version with use cases and proposed json #20
Labels
enhancement
Request for improvement to an existing feature
Project:json format
CVE JSON Data Exchange Format
rfc
Request for comments
The information about product versions is critical for the users to identify if the products are affected. In order to include such information into the reporting format, the use cases need to be investigated.
Two lists are provided for these use cases: one for common use cases (which will be included into the reporting format), and the other for uncommon use cases (which won't be included). The list for the latter can be added with new cases, or modified by moving the case into the list of the former if AWG agree upon.
The list of the common use case:
For example, CVE-2017-3240, RDBMS Security component of Oracle Database Server, the supported version that is affected is 12.1.0.2
“version”: {
“individuals”: [
“strings of versions”, “strings separated by commas”
]
}
-prior to including all the releases
For example, CVE-2016-4694, Apache HTTP Server in Apple OS X before 10.12
“version”: {
“priortoall”: “string of priortoall version”
}
-prior to including the specified release
For example, CVE-2016-6307, OpenSSL 1.1.0 before 1.1.0a
“version”: {
“priortoone”: [
{
“branch”: “string of branch”
“release”: “string of release”
}
]
}
-internals
For example, CVE-2016-8740, Apache HTTP Server 2.4.17 through 2.4.23
“version”: {
“interval”: [
{
“startrelease”: “string of release”
“endrelease”: “string of release”
}
]
}
-earlier for all the releases
For example, MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Agent). Supported versions that are affected are 3.1.3.7856 and earlier
“version”: {
“earliertoall”: “string of release”
}
-ealier for the specified release
For example, CVE-2016-6307, MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier
“version”: {
“earliertoone”: [
{
“branch”: “string of branch”
“release”: “string of release”
}
]
}
The list of the uncommon use case:
??
Json schema for version inside product:
"version":{
“type”:”object”,
“properties”:{
“individuals”: {
“type”:”array”
“items”: { “type”:”string”}
}
}
The text was updated successfully, but these errors were encountered: