Resolve part of Feature/issue 602 to add schemaVersion field (#606)

* Updates to schema to add schemaVersion as optional field

* Updated all data/json/decision_point/* files appropriately with schemaVersion field

* run doctools.py on the current code

---------

Co-authored-by: Allen D. Householder <[email protected]>
Co-authored-by: Allen Householder <[email protected]>

data/json/decision_points/automatable_2_0_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "2.0.0",
+  "schemaVersion": "1-0-1",
   "key": "A",
   "name": "Automatable",
   "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?",

data/json/decision_points/exploitation_1_0_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "1.0.0",
+  "schemaVersion": "1-0-1",
   "key": "E",
   "name": "Exploitation",
   "description": "The present state of exploitation of the vulnerability.",

data/json/decision_points/exploitation_1_1_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "1.1.0",
+  "schemaVersion": "1-0-1",
   "key": "E",
   "name": "Exploitation",
   "description": "The present state of exploitation of the vulnerability.",

data/json/decision_points/human_impact_1_0_0.json

@@ -1,4 +1,5 @@
 {
+  "schemaVersion": "1-0-1",
   "namespace": "ssvc",
   "version": "1.0.0",
   "key": "HI",

data/json/decision_points/human_impact_2_0_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "2.0.0",
+  "schemaVersion": "1-0-1",
   "key": "HI",
   "name": "Human Impact",
   "description": "Human Impact is a combination of Safety and Mission impacts.",

data/json/decision_points/human_impact_2_0_1.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "2.0.1",
+  "schemaVersion": "1-0-1",
   "key": "HI",
   "name": "Human Impact",
   "description": "Human Impact is a combination of Safety and Mission impacts.",

data/json/decision_points/mission_and_well-being_impact_1_0_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "1.0.0",
+  "schemaVersion": "1-0-1",
   "key": "MWI",
   "name": "Mission and Well-Being Impact",
   "description": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.",

data/json/decision_points/mission_impact_1_0_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "1.0.0",
+  "schemaVersion": "1-0-1",
   "key": "MI",
   "name": "Mission Impact",
   "description": "Impact on Mission Essential Functions of the Organization",

data/json/decision_points/mission_impact_2_0_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "2.0.0",
+  "schemaVersion": "1-0-1",
   "key": "MI",
   "name": "Mission Impact",
   "description": "Impact on Mission Essential Functions of the Organization",

data/json/decision_points/public_safety_impact_1_0_0.json

@@ -1,4 +1,5 @@
 {
+  "schemaVersion": "1-0-1",
   "namespace": "ssvc",
   "version": "1.0.0",
   "key": "PSI",

data/json/decision_points/public_safety_impact_2_0_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "2.0.0",
+  "schemaVersion": "1-0-1",
   "key": "PSI",
   "name": "Public Safety Impact",
   "description": "A coarse-grained representation of impact to public safety.",

data/json/decision_points/public_safety_impact_2_0_1.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "2.0.1",
+  "schemaVersion": "1-0-1",
   "key": "PSI",
   "name": "Public Safety Impact",
   "description": "A coarse-grained representation of impact to public safety.",

data/json/decision_points/public_value_added_1_0_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "1.0.0",
+  "schemaVersion": "1-0-1",
   "key": "PVA",
   "name": "Public Value Added",
   "description": "How much value would a publication from the coordinator benefit the broader community?",

data/json/decision_points/public_well-being_impact_1_0_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "1.0.0",
+  "schemaVersion": "1-0-1",
   "key": "PWI",
   "name": "Public Well-Being Impact",
   "description": "A coarse-grained representation of impact to public well-being.",

data/json/decision_points/report_credibility_1_0_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "1.0.0",
+  "schemaVersion": "1-0-1",
   "key": "RC",
   "name": "Report Credibility",
   "description": "Is the report credible?",

data/json/decision_points/report_public_1_0_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "1.0.0",
+  "schemaVersion": "1-0-1",
   "key": "RP",
   "name": "Report Public",
   "description": "Is a viable report of the details of the vulnerability already publicly available?",

data/json/decision_points/safety_impact_1_0_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "1.0.0",
+  "schemaVersion": "1-0-1",
   "key": "SI",
   "name": "Safety Impact",
   "description": "The safety impact of the vulnerability.",

data/json/decision_points/safety_impact_2_0_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "2.0.0",
+  "schemaVersion": "1-0-1",
   "key": "SI",
   "name": "Safety Impact",
   "description": "The safety impact of the vulnerability. (based on IEC 61508)",

data/json/decision_points/supplier_cardinality_1_0_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "1.0.0",
+  "schemaVersion": "1-0-1",
   "key": "SC",
   "name": "Supplier Cardinality",
   "description": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?",

data/json/decision_points/supplier_contacted_1_0_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "1.0.0",
+  "schemaVersion": "1-0-1",
   "key": "SC",
   "name": "Supplier Contacted",
   "description": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?",

data/json/decision_points/supplier_engagement_1_0_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "1.0.0",
+  "schemaVersion": "1-0-1",
   "key": "SE",
   "name": "Supplier Engagement",
   "description": "Is the supplier responding to the reporter\u2019s contact effort and actively participating in the coordination effort?",

data/json/decision_points/supplier_involvement_1_0_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "1.0.0",
+  "schemaVersion": "1-0-1",
   "key": "SI",
   "name": "Supplier Involvement",
   "description": "What is the state of the supplier\u2019s work on addressing the vulnerability?",

data/json/decision_points/system_exposure_1_0_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "1.0.0",
+  "schemaVersion": "1-0-1",
   "key": "EXP",
   "name": "System Exposure",
   "description": "The Accessible Attack Surface of the Affected System or Service",

data/json/decision_points/system_exposure_1_0_1.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "1.0.1",
+  "schemaVersion": "1-0-1",
   "key": "EXP",
   "name": "System Exposure",
   "description": "The Accessible Attack Surface of the Affected System or Service",

data/json/decision_points/technical_impact_1_0_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "1.0.0",
+  "schemaVersion": "1-0-1",
   "key": "TI",
   "name": "Technical Impact",
   "description": "The technical impact of the vulnerability.",

data/json/decision_points/utility_1_0_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "1.0.0",
+  "schemaVersion": "1-0-1",
   "key": "U",
   "name": "Utility",
   "description": "The Usefulness of the Exploit to the Adversary",

data/json/decision_points/utility_1_0_1.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "1.0.1",
+  "schemaVersion": "1-0-1",
   "key": "U",
   "name": "Utility",
   "description": "The Usefulness of the Exploit to the Adversary",

data/json/decision_points/value_density_1_0_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "1.0.0",
+  "schemaVersion": "1-0-1",
   "key": "VD",
   "name": "Value Density",
   "description": "The concentration of value in the target",

data/json/decision_points/virulence_1_0_0.json

@@ -1,6 +1,7 @@
 {
   "namespace": "ssvc",
   "version": "1.0.0",
+  "schemaVersion": "1-0-1",
   "key": "V",
   "name": "Virulence",
   "description": "The speed at which the vulnerability can be exploited.",

data/schema/current/Decision_Point_Group.schema.json

@@ -1 +1 @@
-../v1/Decision_Point_Group-1-0-1.json
+../v1/Decision_Point_Group-1-0-1.schema.json

data/schema/v1/Decision_Point-1-0-1.schema.json

@@ -36,42 +36,47 @@
 	    "type": "object",
 	    "additionalProperties": false,
 	    "properties": {
-            "namespace": {
-		"type": "string",
-		"description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point"
-            },
-            "version": {
-		"type": "string",
-		"description": "Version (a semantic version string) that identifies this object"
-            },
-            "key": {
-		"type": "string",
-		"description": "A key (a short, unique string) that can be used to identify the Decision Point/Decision Point value in a shorthand way"
-            },
-            "name": {
-		"type": "string",
-		"description": "A short label that captures the description of the Decision Point or the Group of Decision Points."
-            },
-            "description": {
-		"type": "string",
-		"description": "q Description of the Decision Point or the Group of Decision Points as defined."
-            },
-            "values": {
-		"description": "Decision Point Values are valid results from a Decision Point",
-		"uniqueItems": true,
-		"type": "array",
-		"items": {
-		    "$ref": "#/definitions/decision_point_value"
+		"schemaVersion": {
+		    "$ref": "#/definitions/schemaVersion"
+		},
+		"namespace": {
+		    "type": "string",
+		    "description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point"
+		},
+		"version": {
+		    "type": "string",
+		    "description": "Version (a semantic version string) that identifies this object"
+		},
+		"key": {
+		    "type": "string",
+		    "description": "A key (a short, unique string) that can be used to identify the Decision Point/Decision Point value in a shorthand way"
+		},
+		"name": {
+		    "type": "string",
+		    "description": "A short label that captures the description of the Decision Point or the Group of Decision Points."
+		},
+		"description": {
+		    "type": "string",
+		    "description": "q Description of the Decision Point or the Group of Decision Points as defined."
+		},
+		"values": {
+		    "description": "Decision Point Values are valid results from a Decision Point",
+		    "uniqueItems": true,
+		    "type": "array",
+		    "minItems": 1,
+		    "items": {
+			"$ref": "#/definitions/decision_point_value"
+		    }
 		}
-            }
 	    },
 	    "required": [
 		"namespace",
 		"version",
 		"key",
 		"name",
 		"description",
-		"values"
+		"values",
+		"schemaVersion"
 	    ]
 	}
     },

data/schema/v1/Decision_Point_Group-1-0-1.json → data/schema/v1/Decision_Point_Group-1-0-1.schema.json

@@ -12,6 +12,9 @@
 	    "type": "object",
 	    "additionalProperties": false,
 	    "properties": {
+		"schemaVersion": {
+                    "$ref": "#/definitions/schemaVersion"
+                },
 		"version": {
 		    "type": "string",
 		    "description": "Version (a semantic version string) that identifies this object"
@@ -26,16 +29,18 @@
 		},
 		"decision_points": {
 		    "type": "array",
+		    "minItems": 1,
 		    "items": {
-			"$ref": "https://certcc.github.io/SSVC/data/schema/Decision_Point.schema.json"
+			"$ref": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point-1-0-1.schema.json"
 		    }
 		}
 	    },
 	    "required": [
 		"version",
 		"name",
 		"description",
-		"decision_points"
+		"decision_points",
+		"schemaVersion"
 	    ]
 	}
     },

data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json

@@ -41,6 +41,7 @@
 		    "description": "Evaluated values of the Decision Point",
 		    "title": "values",
 		    "type": "array",
+		    "minItems": 1,
 		    "items": {
 			"description": "Each value that were down-selected for a Decision Point",
 			"title": "values",
@@ -80,6 +81,7 @@
 		    "description" : "An array of Decision Points and their Values that were down-selected or evaluated ",
 		    "title": "selections",
 		    "type": "array",
+		    "minItems": 1,
 		    "items": {
 			"$ref": "#/definitions/SsvcdecisionpointselectionSchema"
 		    }

src/ssvc/__init__.py

@@ -13,3 +13,5 @@
 """
 Provides SSVC modules.
 """
+
+_schemaVersion = "1-0-1"

src/ssvc/_mixins.py

@@ -22,6 +22,7 @@
 
 from dataclasses_json import config, dataclass_json
 
+from . import _schemaVersion
 
 @dataclass_json
 @dataclass(kw_only=True)
@@ -31,7 +32,7 @@ class _Versioned:
     """
 
     version: str = "0.0.0"
-
+    schemaVersion: str = _schemaVersion
 
 @dataclass_json
 @dataclass(kw_only=True)