Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add CVSS 4.0 #688

Merged

Conversation

tschmidtb51
Copy link
Contributor

  • addresses parts of Support CVSS 4.0 in CSAF 2.x #652
  • add CVSS v4 to JSON schema
  • add CVSS v4.0 to referenced schemas
  • add strict version of schema
  • adopt test scripts to include CVSS 4.0
  • add CVSS 4.0 to informative references
  • add CVSS 4.0 to construction principles
  • add CVSS 4.0 to /vulnerabilities[]/scores[]
  • add CVSS 4.0 to tests 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.3.1
  • add new test 6.3.12 to recommend CVSS 4.0
  • add test files for 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.2.19, 6.3.1, 6.3.12
  • add CVSS 4.0 to Appendix C regarding size
  • add CVRF-CSAF-conversion rule
  • add valid example for 6.1.9 to trigger multipleOf issue

- addresses parts of oasis-tcs#652
- add CVSS v4 to JSON schema
- addresses parts of oasis-tcs#652
- add CVSS v4.0 to referenced schemas
- add strict version of schema
- addresses parts of oasis-tcs#652
- adopt test scripts to include CVSS 4.0
- addresses parts of oasis-tcs#652
- add CVSS 4.0 to informative references
- add CVSS 4.0 to construction principles
- addresses parts of oasis-tcs#652
- add CVSS 4.0 to `/vulnerabilities[]/scores[]`
- addresses parts of oasis-tcs#652, oasis-tcs#341
- add invalid example for 6.1.7
- add valid examples for 6.1.7
- addresses parts of oasis-tcs#341
- add invalid examples for 6.1.7
- add valid examples for 6.1.7
- addresses parts of oasis-tcs#652, oasis-tcs#341
- add missing CVSS 4.0 reference in validator test script
- addresses parts of oasis-tcs#652
- update the strict version to use `unevaluatedProperties` instead of `additionalProperties` which fails with `allOf`
- addresses parts of oasis-tcs#652
- use different vector to avoid `multiple` issue
- addresses parts of oasis-tcs#652
- address `multipleOf` issue by parsing floats as Decimal
- add valid example to show correctness
- addresses parts of oasis-tcs#652
- add CVSS 4.0 to Appendix C regarding size
- addresses parts of oasis-tcs#652
- add CVRF-CSAF-conversion rule
- addresses parts of oasis-tcs#652, oasis-tcs#341
- add invalid example for 6.1.8
- add valid examples for 6.1.8
- update test 6.1.8
- addresses parts of oasis-tcs#652, oasis-tcs#341
- add invalid example for 6.1.9
- add valid examples for 6.1.9
- update test description 6.1.9
- addresses parts of oasis-tcs#652, oasis-tcs#341
- add invalid examples for 6.1.10
- add valid examples for 6.1.10
- update test description 6.1.10
- addresses parts of oasis-tcs#652, oasis-tcs#341
- add invalid examples for 6.2.19
- add valid examples for 6.2.19
- update test description 6.2.19
- addresses parts of oasis-tcs#652, oasis-tcs#341
- add invalid example for 6.3.1
- add valid example for 6.3.1
- update test description 6.3.1
- addresses parts of oasis-tcs#652
- add test 6.3.12
- add invalid examples for 6.3.12
- add valid examples for 6.3.12
- addresses parts of oasis-tcs#652, oasis-tcs#341
- add valid example for 6.1.9 to trigger `multipleOf` issue
- addresses parts of oasis-tcs#652
- correct wrong `/document/tracking/id`
@tschmidtb51 tschmidtb51 added the csaf 2.1 csaf 2.1 work label Feb 16, 2024
@tschmidtb51 tschmidtb51 self-assigned this Feb 16, 2024
Copy link
Contributor

@sthagen sthagen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All 67 files look good to me. Thanks for the detailed and consistent set of changes, much appreciated.

@tschmidtb51
Copy link
Contributor Author

@sthagen It looks like I can't build the artifacts right now:

Traceback (most recent call last):
  File "./csaf_2.1/prose/edit/bin/volatile.py", line 575, in <module>
    sys.exit(main(sys.argv[1:]))
  File "./csaf_2.1/prose/edit/bin/volatile.py", line 456, in main
    sec_disp = 'sec-' + display_from[section].replace(FULL_STOP, '-')  # type: ignore
KeyError: 'missing-cvss-v4-0'

What am I missing?

@tschmidtb51 tschmidtb51 merged commit d0638d9 into oasis-tcs:editor-revision-2024-02-28 Feb 16, 2024
5 checks passed
@sthagen
Copy link
Contributor

sthagen commented Feb 17, 2024

@tschmidtb51

@sthagen It looks like I can't build the artifacts right now:

Traceback (most recent call last):
  File "./csaf_2.1/prose/edit/bin/volatile.py", line 575, in <module>
    sys.exit(main(sys.argv[1:]))
  File "./csaf_2.1/prose/edit/bin/volatile.py", line 456, in main
    sec_disp = 'sec-' + display_from[section].replace(FULL_STOP, '-')  # type: ignore
KeyError: 'missing-cvss-v4-0'

What am I missing?

Either an error I creatively introduced or a dynamic instead of static lookup I forgot to enable.

I will take a look, and fix it. Thanks for reporting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
csaf 2.1 csaf 2.1 work
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants