From 055384022a09fbcf5b7967423b02f439462ff379 Mon Sep 17 00:00:00 2001 From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Date: Tue, 30 Aug 2022 23:49:55 +0200 Subject: [PATCH 1/6] Tests - addresses parts of oasis-tcs/csaf#341 - add valid example for 6.3.8 --- ...oasis_csaf_tc-csaf_2_0-2021-6-3-08-11.json | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-08-11.json diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-08-11.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-08-11.json new file mode 100644 index 00000000..7b4df513 --- /dev/null +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-08-11.json @@ -0,0 +1,33 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "lang": "en", + "notes": [ + { + "category": "summary", + "text": "Security researchers found multiple vulnerabilities in XYZ." + } + ], + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Informative test: Spell check (valid example 1)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-08-11", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + } +} \ No newline at end of file From 93b5e9735ec4f6b6eb2b45adbbdabb2ca1f01ff2 Mon Sep 17 00:00:00 2001 From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Date: Wed, 31 Aug 2022 00:53:06 +0200 Subject: [PATCH 2/6] Tests - addresses parts of oasis-tcs/csaf#341 - add valid examples for 6.3.9 - add invalid examples for 6.3.9 - add missing newline at EOF - correct product_id --- ...oasis_csaf_tc-csaf_2_0-2021-6-3-09-01.json | 4 +- ...oasis_csaf_tc-csaf_2_0-2021-6-3-09-02.json | 58 +++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-3-09-03.json | 58 +++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-3-09-04.json | 58 +++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-3-09-05.json | 100 ++++++++++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-3-09-11.json | 50 ++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-3-09-12.json | 64 ++++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-3-09-13.json | 70 +++++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-3-09-14.json | 64 ++++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-3-09-15.json | 112 ++++++++++++++++++ 10 files changed, 636 insertions(+), 2 deletions(-) create mode 100644 csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-02.json create mode 100644 csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-03.json create mode 100644 csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-04.json create mode 100644 csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-05.json create mode 100644 csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-11.json create mode 100644 csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-12.json create mode 100644 csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-13.json create mode 100644 csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-14.json create mode 100644 csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-15.json diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-01.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-01.json index 09857ec2..b1f1dd0c 100644 --- a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-01.json +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-01.json @@ -37,7 +37,7 @@ "category": "patch_level", "name": "91", "product": { - "product_id": "CSAFPID-0002", + "product_id": "CSAFPID-9080700", "name": "Example Company Product A Update 91" } } @@ -47,4 +47,4 @@ } ] } -} \ No newline at end of file +} diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-02.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-02.json new file mode 100644 index 00000000..5f3b0c8c --- /dev/null +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-02.json @@ -0,0 +1,58 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Informative test: Branch Categories (failing example 2)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-09-02", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "branches": [ + { + "category": "product_family", + "name": "Example Company", + "branches": [ + { + "category": "product_name", + "name": "Product A", + "branches": [ + { + "category": "product_version", + "name": "91", + "product": { + "product_id": "CSAFPID-9080700", + "name": "Example Company Product A 91" + } + }, + { + "category": "product_version", + "name": "92", + "product": { + "product_id": "CSAFPID-9080701", + "name": "Example Company Product A 92" + } + } + ] + } + ] + } + ] + } +} diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-03.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-03.json new file mode 100644 index 00000000..340b41c3 --- /dev/null +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-03.json @@ -0,0 +1,58 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Informative test: Branch Categories (failing example 3)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-09-03", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "branches": [ + { + "category": "product_family", + "name": "Example Company", + "branches": [ + { + "category": "product_version", + "name": "91", + "branches": [ + { + "category": "product_name", + "name": "Product A", + "product": { + "product_id": "CSAFPID-9080700", + "name": "Example Company Product A 91" + } + }, + { + "category": "product_name", + "name": "Product B", + "product": { + "product_id": "CSAFPID-9080701", + "name": "Example Company Product B 91" + } + } + ] + } + ] + } + ] + } +} diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-04.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-04.json new file mode 100644 index 00000000..0c4a6a6d --- /dev/null +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-04.json @@ -0,0 +1,58 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Informative test: Branch Categories (failing example 4)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-09-04", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "branches": [ + { + "category": "vendor", + "name": "Example Company", + "branches": [ + { + "category": "product_version", + "name": "91", + "branches": [ + { + "category": "product_name", + "name": "Product A", + "product": { + "product_id": "CSAFPID-9080700", + "name": "Example Company Product A 91" + } + }, + { + "category": "product_name", + "name": "Product B", + "product": { + "product_id": "CSAFPID-9080701", + "name": "Example Company Product B 91" + } + } + ] + } + ] + } + ] + } +} diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-05.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-05.json new file mode 100644 index 00000000..40115ef4 --- /dev/null +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-05.json @@ -0,0 +1,100 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Informative test: Branch Categories (failing example 5)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-09-05", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "branches": [ + { + "category": "host_name", + "name": "unknown-host", + "branches": [ + { + "category": "vendor", + "name": "Example Company", + "branches": [ + { + "category": "product_version", + "name": "91", + "branches": [ + { + "category": "language", + "name": "XYZ", + "branches": [ + { + "category": "product_name", + "name": "Product A", + "branches": [ + { + "category": "architecture", + "name": "x86", + "branches": [ + { + "category": "service_pack", + "name": "1", + "branches": [ + { + "category": "patch_level", + "name": "104", + "product": { + "product_id": "CSAFPID-9080700", + "name": "unknown-host Example Company XYZ Product A x86 Version 91 SP1 Update 104" + } + } + ] + } + ] + }, + { + "category": "architecture", + "name": "amd64", + "branches": [ + { + "category": "service_pack", + "name": "1", + "branches": [ + { + "category": "patch_level", + "name": "104", + "product": { + "product_id": "CSAFPID-9080701", + "name": "unknown-host Example Company XYZ Product A amd64 Version 91 SP1 Update 104" + } + } + ] + } + ] + } + ] + } + ] + } + ] + } + ] + } + ] + } + ] + } +} diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-11.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-11.json new file mode 100644 index 00000000..b7d21c4c --- /dev/null +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-11.json @@ -0,0 +1,50 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Informative test: Branch Categories (valid example 1)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-09-11", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "branches": [ + { + "category": "vendor", + "name": "Example Company", + "branches": [ + { + "category": "product_name", + "name": "Product A", + "branches": [ + { + "category": "product_version", + "name": "91", + "product": { + "product_id": "CSAFPID-9080700", + "name": "Example Company Product A 91" + } + } + ] + } + ] + } + ] + } +} diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-12.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-12.json new file mode 100644 index 00000000..a7f310fa --- /dev/null +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-12.json @@ -0,0 +1,64 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Informative test: Branch Categories (valid example 2)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-09-12", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "branches": [ + { + "category": "vendor", + "name": "Example Company", + "branches": [ + { + "category": "product_family", + "name": "ABC Products", + "branches": [ + { + "category": "product_name", + "name": "Product A", + "branches": [ + { + "category": "product_version", + "name": "91", + "product": { + "product_id": "CSAFPID-9080700", + "name": "Example Company ABC Products Product A 91" + } + }, + { + "category": "product_version", + "name": "92", + "product": { + "product_id": "CSAFPID-9080701", + "name": "Example Company ABC Products Product A 92" + } + } + ] + } + ] + } + ] + } + ] + } +} diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-13.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-13.json new file mode 100644 index 00000000..4426ee40 --- /dev/null +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-13.json @@ -0,0 +1,70 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Informative test: Branch Categories (valid example 3)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-09-13", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "branches": [ + { + "category": "vendor", + "name": "Example Company", + "branches": [ + { + "category": "product_family", + "name": "ABC Products", + "branches": [ + { + "category": "product_name", + "name": "Product A", + "branches": [ + { + "category": "product_version", + "name": "91", + "product": { + "product_id": "CSAFPID-9080700", + "name": "Example Company ABC Products Product A 91" + } + } + ] + }, + { + "category": "product_name", + "name": "Product B", + "branches": [ + { + "category": "product_version", + "name": "91", + "product": { + "product_id": "CSAFPID-9080701", + "name": "Example Company ABC Products Product B 91" + } + } + ] + } + ] + } + ] + } + ] + } +} diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-14.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-14.json new file mode 100644 index 00000000..c9c818d4 --- /dev/null +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-14.json @@ -0,0 +1,64 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Informative test: Branch Categories (valid example 4)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-09-14", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "branches": [ + { + "category": "vendor", + "name": "Example Company", + "branches": [ + { + "category": "product_name", + "name": "Product A", + "branches": [ + { + "category": "product_version", + "name": "91", + "product": { + "product_id": "CSAFPID-9080700", + "name": "Example Company Product A 91" + } + } + ] + }, + { + "category": "product_name", + "name": "Product B", + "branches": [ + { + "category": "product_version", + "name": "91", + "product": { + "product_id": "CSAFPID-9080701", + "name": "Example Company Product B 91" + } + } + ] + } + ] + } + ] + } +} diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-15.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-15.json new file mode 100644 index 00000000..dab25e84 --- /dev/null +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-09-15.json @@ -0,0 +1,112 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Informative test: Branch Categories (valid example 5)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-09-15", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "branches": [ + { + "category": "host_name", + "name": "unknown-host", + "branches": [ + { + "category": "vendor", + "name": "Example Company", + "branches": [ + { + "category": "product_family", + "name": "ABC Products", + "branches": [ + { + "category": "language", + "name": "XYZ", + "branches": [ + { + "category": "product_name", + "name": "Product A", + "branches": [ + { + "category": "architecture", + "name": "x86", + "branches": [ + { + "category": "product_version", + "name": "91", + "branches": [ + { + "category": "service_pack", + "name": "1", + "branches": [ + { + "category": "patch_level", + "name": "104", + "product": { + "product_id": "CSAFPID-9080700", + "name": "unknown-host Example Company ABC Products XYZ Product A x86 Version 91 SP1 Update 104" + } + } + ] + } + ] + } + ] + }, + { + "category": "architecture", + "name": "amd64", + "branches": [ + { + "category": "product_version", + "name": "91", + "branches": [ + { + "category": "service_pack", + "name": "1", + "branches": [ + { + "category": "patch_level", + "name": "104", + "product": { + "product_id": "CSAFPID-9080701", + "name": "unknown-host Example Company ABC Products XYZ Product A amd64 Version 91 SP1 Update 104" + } + } + ] + } + ] + } + ] + } + ] + } + ] + } + ] + } + ] + } + ] + } + ] + } +} From 6c13874e3d3a3bf0ba82bd3ae81498f2e7d678e4 Mon Sep 17 00:00:00 2001 From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Date: Wed, 31 Aug 2022 01:25:46 +0200 Subject: [PATCH 3/6] Tests - addresses parts of oasis-tcs/csaf#341 - add valid example for 6.3.1 - add invalid examples for 6.3.1 --- ...oasis_csaf_tc-csaf_2_0-2021-6-3-01-02.json | 84 ++++++++++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-3-01-11.json | 56 +++++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-3-01-12.json | 96 +++++++++++++++++++ 3 files changed, 236 insertions(+) create mode 100644 csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-01-02.json create mode 100644 csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-01-11.json create mode 100644 csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-01-12.json diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-01-02.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-01-02.json new file mode 100644 index 00000000..eb6d4551 --- /dev/null +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-01-02.json @@ -0,0 +1,84 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Informative test: Use of CVSS v2 as the only Scoring System (failing example 2)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-01-02", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", + "baseScore": 5.5 + } + } + ] + }, + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "baseScore": 10 + }, + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + } + ] + }, + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "baseScore": 4.3 + } + } + ] + } + ] +} diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-01-11.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-01-11.json new file mode 100644 index 00000000..e8226912 --- /dev/null +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-01-11.json @@ -0,0 +1,56 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Informative test: Use of CVSS v2 as the only Scoring System (valid example 1)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-01-11", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "baseScore": 10 + }, + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + } + ] + } + ] +} diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-01-12.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-01-12.json new file mode 100644 index 00000000..70b9603b --- /dev/null +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-01-12.json @@ -0,0 +1,96 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Informative test: Use of CVSS v2 as the only Scoring System (valid example 2)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-01-12", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", + "baseScore": 5.5 + }, + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + } + } + ] + }, + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "baseScore": 10 + }, + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + } + ] + }, + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "baseScore": 4.3 + }, + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.1, + "baseSeverity": "LOW" + } + } + ] + } + ] +} From 1ddbd7195182a2351f14a79540af556afe8a2ec4 Mon Sep 17 00:00:00 2001 From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Date: Wed, 31 Aug 2022 01:34:03 +0200 Subject: [PATCH 4/6] Tests - addresses parts of oasis-tcs/csaf#341 - add valid example for 6.3.2 - add invalid examples for 6.3.2 --- ...oasis_csaf_tc-csaf_2_0-2021-6-3-02-02.json | 81 +++++++++++++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-3-02-11.json | 51 ++++++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-3-02-12.json | 81 +++++++++++++++++++ 3 files changed, 213 insertions(+) create mode 100644 csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-02-02.json create mode 100644 csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-02-11.json create mode 100644 csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-02-12.json diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-02-02.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-02-02.json new file mode 100644 index 00000000..56ca1a26 --- /dev/null +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-02-02.json @@ -0,0 +1,81 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Informative test: Use of CVSS v3.0 (failing example 2)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-02-02", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + } + ] + }, + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH" + } + } + ] + }, + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + } + } + ] + } + ] +} \ No newline at end of file diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-02-11.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-02-11.json new file mode 100644 index 00000000..a63bc0d8 --- /dev/null +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-02-11.json @@ -0,0 +1,51 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Informative test: Use of CVSS v3.0 (valid example 1)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-02-11", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + } + ] + } + ] +} \ No newline at end of file diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-02-12.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-02-12.json new file mode 100644 index 00000000..a4cec812 --- /dev/null +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-02-12.json @@ -0,0 +1,81 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Informative test: Use of CVSS v3.0 (valid example 2)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-02-12", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + } + ] + }, + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH" + } + } + ] + }, + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + } + } + ] + } + ] +} \ No newline at end of file From a0f5ff3ccc046bb9c245677f5d1bc18391fcdcaa Mon Sep 17 00:00:00 2001 From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Date: Wed, 31 Aug 2022 01:48:20 +0200 Subject: [PATCH 5/6] Tests - addresses parts of oasis-tcs/csaf#341 - add valid examples for 6.3.3 - add invalid example for 6.3.3 --- ...oasis_csaf_tc-csaf_2_0-2021-6-3-03-02.json | 38 ++++++++++++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-3-03-11.json | 32 +++++++++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-3-03-12.json | 40 +++++++++++++++++++ 3 files changed, 110 insertions(+) create mode 100644 csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-03-02.json create mode 100644 csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-03-11.json create mode 100644 csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-03-12.json diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-03-02.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-03-02.json new file mode 100644 index 00000000..98d2f2c1 --- /dev/null +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-03-02.json @@ -0,0 +1,38 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Informative test: Missing CVE (failing example 2)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-03-02", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "vulnerabilities": [ + { + "title": "BlueKeep" + }, + { + "cve": "CVE-2014-0160", + "title": "Heartbleed" + }, + { + "title": "EternalBlue" + } + ] +} diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-03-11.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-03-11.json new file mode 100644 index 00000000..24c6a7dc --- /dev/null +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-03-11.json @@ -0,0 +1,32 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Informative test: Missing CVE (valid example 1)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-03-11", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "vulnerabilities": [ + { + "cve": "CVE-2019-0708", + "title": "BlueKeep" + } + ] +} diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-03-12.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-03-12.json new file mode 100644 index 00000000..78882964 --- /dev/null +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-03-12.json @@ -0,0 +1,40 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Informative test: Missing CVE (valid example 2)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-03-12", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "vulnerabilities": [ + { + "cve": "CVE-2019-0708", + "title": "BlueKeep" + }, + { + "cve": "CVE-2014-0160", + "title": "Heartbleed" + }, + { + "cve": "CVE-2017-0144", + "title": "EternalBlue" + } + ] +} From 54ad8ec5bcba722f66a9ef34c4184b12353c3b21 Mon Sep 17 00:00:00 2001 From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Date: Wed, 31 Aug 2022 02:02:32 +0200 Subject: [PATCH 6/6] Tests - addresses parts of oasis-tcs/csaf#341 - add valid examples for 6.3.4 - add invalid example for 6.3.4 --- ...oasis_csaf_tc-csaf_2_0-2021-6-3-04-02.json | 44 ++++++++++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-3-04-11.json | 36 +++++++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-3-04-12.json | 52 +++++++++++++++++++ 3 files changed, 132 insertions(+) create mode 100644 csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-04-02.json create mode 100644 csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-04-11.json create mode 100644 csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-04-12.json diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-04-02.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-04-02.json new file mode 100644 index 00000000..b9d381cb --- /dev/null +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-04-02.json @@ -0,0 +1,44 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Informative test: Missing CWE (failing example 2)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-04-02", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "vulnerabilities": [ + { + "cve": "CVE-2019-0708", + "title": "BlueKeep" + }, + { + "cve": "CVE-2014-0160", + "cwe": { + "id": "CWE-119", + "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" + }, + "title": "Heartbleed" + }, + { + "cve": "CVE-2017-0144", + "title": "EternalBlue" + } + ] +} diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-04-11.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-04-11.json new file mode 100644 index 00000000..47f683c3 --- /dev/null +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-04-11.json @@ -0,0 +1,36 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Informative test: Missing CWE (valid example 1)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-04-11", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "vulnerabilities": [ + { + "cve": "CVE-2019-0708", + "cwe": { + "id": "CWE-416", + "name": "Use After Free" + }, + "title": "BlueKeep" + } + ] +} diff --git a/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-04-12.json b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-04-12.json new file mode 100644 index 00000000..2e771f3a --- /dev/null +++ b/csaf_2.0/test/validator/data/informative/oasis_csaf_tc-csaf_2_0-2021-6-3-04-12.json @@ -0,0 +1,52 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Informative test: Missing CWE (valid example 2)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-3-04-12", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "vulnerabilities": [ + { + "cve": "CVE-2019-0708", + "cwe": { + "id": "CWE-416", + "name": "Use After Free" + }, + "title": "BlueKeep" + }, + { + "cve": "CVE-2014-0160", + "cwe": { + "id": "CWE-119", + "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" + }, + "title": "Heartbleed" + }, + { + "cve": "CVE-2017-0144", + "cwe": { + "id": "CWE-20", + "name": "Improper Input Validation" + }, + "title": "EternalBlue" + } + ] +}