From 3101424f249d5e64742ddbfe0c07580727a94526 Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli <vssarvepalli@cert.org> Date: Thu, 11 Jul 2024 16:17:34 -0400 Subject: [PATCH 1/6] Updates to schema to add schemaVersion as optional field --- .../system_exposure_1_0_0.json | 3 +- .../current/Decision_Point_Group.schema.json | 2 +- .../v1/Decision_Point-1-0-1.schema.json | 61 ++++++++++--------- ...=> Decision_Point_Group-1-0-1.schema.json} | 9 ++- ...on_Point_Value_Selection-1-0-1.schema.json | 2 + src/ssvc/__init__.py | 2 + src/ssvc/_mixins.py | 3 +- src/test/test_schema.py | 33 +++++----- 8 files changed, 66 insertions(+), 49 deletions(-) rename data/schema/v1/{Decision_Point_Group-1-0-1.json => Decision_Point_Group-1-0-1.schema.json} (82%) diff --git a/data/json/decision_points/system_exposure_1_0_0.json b/data/json/decision_points/system_exposure_1_0_0.json index 60b5dc75..5a7d0043 100644 --- a/data/json/decision_points/system_exposure_1_0_0.json +++ b/data/json/decision_points/system_exposure_1_0_0.json @@ -1,5 +1,6 @@ { "namespace": "ssvc", + "schemaVersion": "1-0-1", "version": "1.0.0", "key": "EXP", "name": "System Exposure", @@ -21,4 +22,4 @@ "description": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" } ] -} \ No newline at end of file +} diff --git a/data/schema/current/Decision_Point_Group.schema.json b/data/schema/current/Decision_Point_Group.schema.json index ac51774b..22a4f53a 120000 --- a/data/schema/current/Decision_Point_Group.schema.json +++ b/data/schema/current/Decision_Point_Group.schema.json @@ -1 +1 @@ -../v1/Decision_Point_Group-1-0-1.json \ No newline at end of file +../v1/Decision_Point_Group-1-0-1.schema.json \ No newline at end of file diff --git a/data/schema/v1/Decision_Point-1-0-1.schema.json b/data/schema/v1/Decision_Point-1-0-1.schema.json index b642cd06..ff9f3d48 100644 --- a/data/schema/v1/Decision_Point-1-0-1.schema.json +++ b/data/schema/v1/Decision_Point-1-0-1.schema.json @@ -36,34 +36,38 @@ "type": "object", "additionalProperties": false, "properties": { - "namespace": { - "type": "string", - "description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point" - }, - "version": { - "type": "string", - "description": "Version (a semantic version string) that identifies this object" - }, - "key": { - "type": "string", - "description": "A key (a short, unique string) that can be used to identify the Decision Point/Decision Point value in a shorthand way" - }, - "name": { - "type": "string", - "description": "A short label that captures the description of the Decision Point or the Group of Decision Points." - }, - "description": { - "type": "string", - "description": "q Description of the Decision Point or the Group of Decision Points as defined." - }, - "values": { - "description": "Decision Point Values are valid results from a Decision Point", - "uniqueItems": true, - "type": "array", - "items": { - "$ref": "#/definitions/decision_point_value" + "schemaVersion": { + "$ref": "#/definitions/schemaVersion" + }, + "namespace": { + "type": "string", + "description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point" + }, + "version": { + "type": "string", + "description": "Version (a semantic version string) that identifies this object" + }, + "key": { + "type": "string", + "description": "A key (a short, unique string) that can be used to identify the Decision Point/Decision Point value in a shorthand way" + }, + "name": { + "type": "string", + "description": "A short label that captures the description of the Decision Point or the Group of Decision Points." + }, + "description": { + "type": "string", + "description": "q Description of the Decision Point or the Group of Decision Points as defined." + }, + "values": { + "description": "Decision Point Values are valid results from a Decision Point", + "uniqueItems": true, + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/decision_point_value" + } } - } }, "required": [ "namespace", @@ -71,7 +75,8 @@ "key", "name", "description", - "values" + "values", + "schemaVersion" ] } }, diff --git a/data/schema/v1/Decision_Point_Group-1-0-1.json b/data/schema/v1/Decision_Point_Group-1-0-1.schema.json similarity index 82% rename from data/schema/v1/Decision_Point_Group-1-0-1.json rename to data/schema/v1/Decision_Point_Group-1-0-1.schema.json index 40838cad..b1c1a4e7 100644 --- a/data/schema/v1/Decision_Point_Group-1-0-1.json +++ b/data/schema/v1/Decision_Point_Group-1-0-1.schema.json @@ -12,6 +12,9 @@ "type": "object", "additionalProperties": false, "properties": { + "schemaVersion": { + "$ref": "#/definitions/schemaVersion" + }, "version": { "type": "string", "description": "Version (a semantic version string) that identifies this object" @@ -26,8 +29,9 @@ }, "decision_points": { "type": "array", + "minItems": 1, "items": { - "$ref": "https://certcc.github.io/SSVC/data/schema/Decision_Point.schema.json" + "$ref": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point-1-0-1.schema.json" } } }, @@ -35,7 +39,8 @@ "version", "name", "description", - "decision_points" + "decision_points", + "schemaVersion" ] } }, diff --git a/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json b/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json index 5703f47f..d9455057 100644 --- a/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json +++ b/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json @@ -41,6 +41,7 @@ "description": "Evaluated values of the Decision Point", "title": "values", "type": "array", + "minItems": 1, "items": { "description": "Each value that were down-selected for a Decision Point", "title": "values", @@ -80,6 +81,7 @@ "description" : "An array of Decision Points and their Values that were down-selected or evaluated ", "title": "selections", "type": "array", + "minItems": 1, "items": { "$ref": "#/definitions/SsvcdecisionpointselectionSchema" } diff --git a/src/ssvc/__init__.py b/src/ssvc/__init__.py index 87d6fd03..31995ad1 100644 --- a/src/ssvc/__init__.py +++ b/src/ssvc/__init__.py @@ -13,3 +13,5 @@ """ Provides SSVC modules. """ + +_schemaVersion = "1-0-1" diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index c68db33e..609c7b73 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -22,6 +22,7 @@ from dataclasses_json import config, dataclass_json +from . import _schemaVersion @dataclass_json @dataclass(kw_only=True) @@ -31,7 +32,7 @@ class _Versioned: """ version: str = "0.0.0" - + schemaVersion: str = _schemaVersion @dataclass_json @dataclass(kw_only=True) diff --git a/src/test/test_schema.py b/src/test/test_schema.py index b34ed47b..4fb346fb 100644 --- a/src/test/test_schema.py +++ b/src/test/test_schema.py @@ -16,6 +16,9 @@ import unittest import jsonschema +from jsonschema import Draft202012Validator +from referencing import Registry, Resource +import os import ssvc.decision_points # noqa F401 from ssvc.decision_points.base import REGISTERED_DECISION_POINTS @@ -29,15 +32,16 @@ # importing these causes the decision points to register themselves from ssvc.dp_groups.ssvc.collections import SSVCv1, SSVCv2, SSVCv2_1 # noqa +def retrieve_local(uri): + fileuri = uri.replace("https://certcc.github.io/SSVC", os.getcwd()) + if os.path.exists(fileuri): + fh = open(fileuri) + schema = json.load(fh) + fh.close() + return Resource.from_contents(schema) + raise FileNotFoundError(f"Could not find DEBUG path issues {fileuri}") -def find_schema(basepath: str) -> str: - import os - - for pfx in (".", "..", "../.."): - path = os.path.join(pfx, basepath) - if os.path.exists(path): - return path - raise FileNotFoundError(f"Could not find {basepath}") +registry = Registry(retrieve=retrieve_local) class MyTestCase(unittest.TestCase): @@ -64,8 +68,7 @@ def test_confirm_registered_decision_points(self): def test_decision_point_validation(self): # path relative to top level of repo - schema_file = find_schema("data/schema/current/Decision_Point.schema.json") - schema = json.load(open(schema_file)) + schema_url = "https://certcc.github.io/SSVC/data/schema/current/Decision_Point.schema.json" decision_points = list(REGISTERED_DECISION_POINTS) self.assertGreater(len(decision_points), 0) @@ -76,7 +79,7 @@ def test_decision_point_validation(self): loaded = json.loads(as_json) try: - jsonschema.validate(loaded, schema) + Draft202012Validator({"$ref": schema_url}, registry=registry).validate(loaded) except jsonschema.exceptions.ValidationError as e: exp = e @@ -86,21 +89,19 @@ def test_decision_point_validation(self): ) def test_decision_point_group_validation(self): - schema_file = find_schema("data/schema/current/Decision_Point_Group.schema.json") - schema = json.load(open(schema_file)) - + schema_url = "https://certcc.github.io/SSVC/data/schema/current/Decision_Point_Group.schema.json" for dpg in self.dpgs: exp = None as_json = dpg.to_json() loaded = json.loads(as_json) try: - jsonschema.validate(loaded, schema) + Draft202012Validator({"$ref": schema_url},registry=registry).validate(loaded) except jsonschema.exceptions.ValidationError as e: exp = e self.assertIsNone(exp, f"Validation failed for {dpg.name} {dpg.version}") - self.logger.debug(f"Validation passed for {dpg.name} v{dpg.version}") + self.logger.debug(f"Validation passed for Decision Point Group {dpg.name} v{dpg.version}") if __name__ == "__main__": From f4d2decb06a4fb33eb11c059bca69685386d4f55 Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli <vssarvepalli@cert.org> Date: Fri, 12 Jul 2024 17:59:18 -0400 Subject: [PATCH 2/6] Updated all data/json/decision_point/* files appropriately with schemaVersion field --- data/json/decision_points/automatable_2_0_0.json | 1 + data/json/decision_points/exploitation_1_0_0.json | 1 + data/json/decision_points/exploitation_1_1_0.json | 1 + data/json/decision_points/human_impact_1_0_0.json | 1 + data/json/decision_points/human_impact_2_0_0.json | 1 + data/json/decision_points/human_impact_2_0_1.json | 1 + .../decision_points/mission_and_well-being_impact_1_0_0.json | 1 + data/json/decision_points/mission_impact_1_0_0.json | 1 + data/json/decision_points/mission_impact_2_0_0.json | 1 + data/json/decision_points/public_safety_impact_1_0_0.json | 1 + data/json/decision_points/public_safety_impact_2_0_0.json | 1 + data/json/decision_points/public_safety_impact_2_0_1.json | 1 + data/json/decision_points/public_value_added_1_0_0.json | 1 + data/json/decision_points/public_well-being_impact_1_0_0.json | 1 + data/json/decision_points/report_credibility_1_0_0.json | 1 + data/json/decision_points/report_public_1_0_0.json | 1 + data/json/decision_points/safety_impact_1_0_0.json | 1 + data/json/decision_points/safety_impact_2_0_0.json | 1 + data/json/decision_points/supplier_cardinality_1_0_0.json | 1 + data/json/decision_points/supplier_contacted_1_0_0.json | 1 + data/json/decision_points/supplier_engagement_1_0_0.json | 1 + data/json/decision_points/supplier_involvement_1_0_0.json | 1 + data/json/decision_points/system_exposure_1_0_0.json | 1 + data/json/decision_points/system_exposure_1_0_1.json | 1 + data/json/decision_points/technical_impact_1_0_0.json | 1 + data/json/decision_points/utility_1_0_0.json | 1 + data/json/decision_points/utility_1_0_1.json | 1 + data/json/decision_points/value_density_1_0_0.json | 1 + data/json/decision_points/virulence_1_0_0.json | 1 + 29 files changed, 29 insertions(+) diff --git a/data/json/decision_points/automatable_2_0_0.json b/data/json/decision_points/automatable_2_0_0.json index 9a0369b2..d3719742 100644 --- a/data/json/decision_points/automatable_2_0_0.json +++ b/data/json/decision_points/automatable_2_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "2.0.0", "key": "A", diff --git a/data/json/decision_points/exploitation_1_0_0.json b/data/json/decision_points/exploitation_1_0_0.json index 9f287310..5ea674fd 100644 --- a/data/json/decision_points/exploitation_1_0_0.json +++ b/data/json/decision_points/exploitation_1_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", "key": "E", diff --git a/data/json/decision_points/exploitation_1_1_0.json b/data/json/decision_points/exploitation_1_1_0.json index bebf78a3..fadd91e8 100644 --- a/data/json/decision_points/exploitation_1_1_0.json +++ b/data/json/decision_points/exploitation_1_1_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.1.0", "key": "E", diff --git a/data/json/decision_points/human_impact_1_0_0.json b/data/json/decision_points/human_impact_1_0_0.json index 9d056efa..051c3789 100644 --- a/data/json/decision_points/human_impact_1_0_0.json +++ b/data/json/decision_points/human_impact_1_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", "key": "HI", diff --git a/data/json/decision_points/human_impact_2_0_0.json b/data/json/decision_points/human_impact_2_0_0.json index b2e5ab7a..27166e3b 100644 --- a/data/json/decision_points/human_impact_2_0_0.json +++ b/data/json/decision_points/human_impact_2_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "2.0.0", "key": "HI", diff --git a/data/json/decision_points/human_impact_2_0_1.json b/data/json/decision_points/human_impact_2_0_1.json index 6c83e47e..80b1d1d3 100644 --- a/data/json/decision_points/human_impact_2_0_1.json +++ b/data/json/decision_points/human_impact_2_0_1.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "2.0.1", "key": "HI", diff --git a/data/json/decision_points/mission_and_well-being_impact_1_0_0.json b/data/json/decision_points/mission_and_well-being_impact_1_0_0.json index 9751bded..a9f85575 100644 --- a/data/json/decision_points/mission_and_well-being_impact_1_0_0.json +++ b/data/json/decision_points/mission_and_well-being_impact_1_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", "key": "MWI", diff --git a/data/json/decision_points/mission_impact_1_0_0.json b/data/json/decision_points/mission_impact_1_0_0.json index 456db1bd..42221205 100644 --- a/data/json/decision_points/mission_impact_1_0_0.json +++ b/data/json/decision_points/mission_impact_1_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", "key": "MI", diff --git a/data/json/decision_points/mission_impact_2_0_0.json b/data/json/decision_points/mission_impact_2_0_0.json index 9d096ce0..a9378b8e 100644 --- a/data/json/decision_points/mission_impact_2_0_0.json +++ b/data/json/decision_points/mission_impact_2_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "2.0.0", "key": "MI", diff --git a/data/json/decision_points/public_safety_impact_1_0_0.json b/data/json/decision_points/public_safety_impact_1_0_0.json index bc8ec442..0426c72b 100644 --- a/data/json/decision_points/public_safety_impact_1_0_0.json +++ b/data/json/decision_points/public_safety_impact_1_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", "key": "PSI", diff --git a/data/json/decision_points/public_safety_impact_2_0_0.json b/data/json/decision_points/public_safety_impact_2_0_0.json index 81f414d8..f4890df9 100644 --- a/data/json/decision_points/public_safety_impact_2_0_0.json +++ b/data/json/decision_points/public_safety_impact_2_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "2.0.0", "key": "PSI", diff --git a/data/json/decision_points/public_safety_impact_2_0_1.json b/data/json/decision_points/public_safety_impact_2_0_1.json index b993b033..74693702 100644 --- a/data/json/decision_points/public_safety_impact_2_0_1.json +++ b/data/json/decision_points/public_safety_impact_2_0_1.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "2.0.1", "key": "PSI", diff --git a/data/json/decision_points/public_value_added_1_0_0.json b/data/json/decision_points/public_value_added_1_0_0.json index 566b80c4..8345355c 100644 --- a/data/json/decision_points/public_value_added_1_0_0.json +++ b/data/json/decision_points/public_value_added_1_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", "key": "PVA", diff --git a/data/json/decision_points/public_well-being_impact_1_0_0.json b/data/json/decision_points/public_well-being_impact_1_0_0.json index 7e6556f4..10d10d78 100644 --- a/data/json/decision_points/public_well-being_impact_1_0_0.json +++ b/data/json/decision_points/public_well-being_impact_1_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", "key": "PWI", diff --git a/data/json/decision_points/report_credibility_1_0_0.json b/data/json/decision_points/report_credibility_1_0_0.json index 0b1c910a..b8dd759a 100644 --- a/data/json/decision_points/report_credibility_1_0_0.json +++ b/data/json/decision_points/report_credibility_1_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", "key": "RC", diff --git a/data/json/decision_points/report_public_1_0_0.json b/data/json/decision_points/report_public_1_0_0.json index 195b8c33..72babfcc 100644 --- a/data/json/decision_points/report_public_1_0_0.json +++ b/data/json/decision_points/report_public_1_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", "key": "RP", diff --git a/data/json/decision_points/safety_impact_1_0_0.json b/data/json/decision_points/safety_impact_1_0_0.json index f76474e1..cdf74c68 100644 --- a/data/json/decision_points/safety_impact_1_0_0.json +++ b/data/json/decision_points/safety_impact_1_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", "key": "SI", diff --git a/data/json/decision_points/safety_impact_2_0_0.json b/data/json/decision_points/safety_impact_2_0_0.json index 795813bb..f62db6e7 100644 --- a/data/json/decision_points/safety_impact_2_0_0.json +++ b/data/json/decision_points/safety_impact_2_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "2.0.0", "key": "SI", diff --git a/data/json/decision_points/supplier_cardinality_1_0_0.json b/data/json/decision_points/supplier_cardinality_1_0_0.json index 36088dcc..a41903bb 100644 --- a/data/json/decision_points/supplier_cardinality_1_0_0.json +++ b/data/json/decision_points/supplier_cardinality_1_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", "key": "SC", diff --git a/data/json/decision_points/supplier_contacted_1_0_0.json b/data/json/decision_points/supplier_contacted_1_0_0.json index 526ef3e0..9cc7e6b7 100644 --- a/data/json/decision_points/supplier_contacted_1_0_0.json +++ b/data/json/decision_points/supplier_contacted_1_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", "key": "SC", diff --git a/data/json/decision_points/supplier_engagement_1_0_0.json b/data/json/decision_points/supplier_engagement_1_0_0.json index cce9d92a..df4df175 100644 --- a/data/json/decision_points/supplier_engagement_1_0_0.json +++ b/data/json/decision_points/supplier_engagement_1_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", "key": "SE", diff --git a/data/json/decision_points/supplier_involvement_1_0_0.json b/data/json/decision_points/supplier_involvement_1_0_0.json index 0adcf48d..6d20be11 100644 --- a/data/json/decision_points/supplier_involvement_1_0_0.json +++ b/data/json/decision_points/supplier_involvement_1_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", "key": "SI", diff --git a/data/json/decision_points/system_exposure_1_0_0.json b/data/json/decision_points/system_exposure_1_0_0.json index 5a7d0043..42f1b5b8 100644 --- a/data/json/decision_points/system_exposure_1_0_0.json +++ b/data/json/decision_points/system_exposure_1_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "schemaVersion": "1-0-1", "version": "1.0.0", diff --git a/data/json/decision_points/system_exposure_1_0_1.json b/data/json/decision_points/system_exposure_1_0_1.json index f287944d..9dcb0906 100644 --- a/data/json/decision_points/system_exposure_1_0_1.json +++ b/data/json/decision_points/system_exposure_1_0_1.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.1", "key": "EXP", diff --git a/data/json/decision_points/technical_impact_1_0_0.json b/data/json/decision_points/technical_impact_1_0_0.json index a844a82b..4c0cc802 100644 --- a/data/json/decision_points/technical_impact_1_0_0.json +++ b/data/json/decision_points/technical_impact_1_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", "key": "TI", diff --git a/data/json/decision_points/utility_1_0_0.json b/data/json/decision_points/utility_1_0_0.json index c71273ce..d34f975a 100644 --- a/data/json/decision_points/utility_1_0_0.json +++ b/data/json/decision_points/utility_1_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", "key": "U", diff --git a/data/json/decision_points/utility_1_0_1.json b/data/json/decision_points/utility_1_0_1.json index a1b72bce..093eb8f7 100644 --- a/data/json/decision_points/utility_1_0_1.json +++ b/data/json/decision_points/utility_1_0_1.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.1", "key": "U", diff --git a/data/json/decision_points/value_density_1_0_0.json b/data/json/decision_points/value_density_1_0_0.json index 2c2db1a4..902ec005 100644 --- a/data/json/decision_points/value_density_1_0_0.json +++ b/data/json/decision_points/value_density_1_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", "key": "VD", diff --git a/data/json/decision_points/virulence_1_0_0.json b/data/json/decision_points/virulence_1_0_0.json index dfa91097..973fc173 100644 --- a/data/json/decision_points/virulence_1_0_0.json +++ b/data/json/decision_points/virulence_1_0_0.json @@ -1,4 +1,5 @@ { + "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", "key": "V", From d33154cc74fce79f73df9654a3ae058c77b4ccef Mon Sep 17 00:00:00 2001 From: Allen Householder <adh@cert.org> Date: Mon, 15 Jul 2024 15:05:08 -0400 Subject: [PATCH 3/6] run doctools.py on the current code --- data/json/decision_points/automatable_2_0_0.json | 2 +- data/json/decision_points/exploitation_1_0_0.json | 2 +- data/json/decision_points/exploitation_1_1_0.json | 2 +- data/json/decision_points/human_impact_2_0_0.json | 2 +- data/json/decision_points/human_impact_2_0_1.json | 2 +- .../decision_points/mission_and_well-being_impact_1_0_0.json | 2 +- data/json/decision_points/mission_impact_1_0_0.json | 2 +- data/json/decision_points/mission_impact_2_0_0.json | 2 +- data/json/decision_points/public_safety_impact_2_0_0.json | 2 +- data/json/decision_points/public_safety_impact_2_0_1.json | 2 +- data/json/decision_points/public_value_added_1_0_0.json | 2 +- .../json/decision_points/public_well-being_impact_1_0_0.json | 2 +- data/json/decision_points/report_credibility_1_0_0.json | 2 +- data/json/decision_points/report_public_1_0_0.json | 2 +- data/json/decision_points/safety_impact_1_0_0.json | 2 +- data/json/decision_points/safety_impact_2_0_0.json | 2 +- data/json/decision_points/supplier_cardinality_1_0_0.json | 2 +- data/json/decision_points/supplier_contacted_1_0_0.json | 2 +- data/json/decision_points/supplier_engagement_1_0_0.json | 2 +- data/json/decision_points/supplier_involvement_1_0_0.json | 2 +- data/json/decision_points/system_exposure_1_0_0.json | 5 ++--- data/json/decision_points/system_exposure_1_0_1.json | 2 +- data/json/decision_points/technical_impact_1_0_0.json | 2 +- data/json/decision_points/utility_1_0_0.json | 2 +- data/json/decision_points/utility_1_0_1.json | 2 +- data/json/decision_points/value_density_1_0_0.json | 2 +- data/json/decision_points/virulence_1_0_0.json | 2 +- 27 files changed, 28 insertions(+), 29 deletions(-) diff --git a/data/json/decision_points/automatable_2_0_0.json b/data/json/decision_points/automatable_2_0_0.json index d3719742..90ac4a09 100644 --- a/data/json/decision_points/automatable_2_0_0.json +++ b/data/json/decision_points/automatable_2_0_0.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "2.0.0", + "schemaVersion": "1-0-1", "key": "A", "name": "Automatable", "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", diff --git a/data/json/decision_points/exploitation_1_0_0.json b/data/json/decision_points/exploitation_1_0_0.json index 5ea674fd..d7099083 100644 --- a/data/json/decision_points/exploitation_1_0_0.json +++ b/data/json/decision_points/exploitation_1_0_0.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", + "schemaVersion": "1-0-1", "key": "E", "name": "Exploitation", "description": "The present state of exploitation of the vulnerability.", diff --git a/data/json/decision_points/exploitation_1_1_0.json b/data/json/decision_points/exploitation_1_1_0.json index fadd91e8..aed0a7af 100644 --- a/data/json/decision_points/exploitation_1_1_0.json +++ b/data/json/decision_points/exploitation_1_1_0.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.1.0", + "schemaVersion": "1-0-1", "key": "E", "name": "Exploitation", "description": "The present state of exploitation of the vulnerability.", diff --git a/data/json/decision_points/human_impact_2_0_0.json b/data/json/decision_points/human_impact_2_0_0.json index 27166e3b..ce7a8b4e 100644 --- a/data/json/decision_points/human_impact_2_0_0.json +++ b/data/json/decision_points/human_impact_2_0_0.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "2.0.0", + "schemaVersion": "1-0-1", "key": "HI", "name": "Human Impact", "description": "Human Impact is a combination of Safety and Mission impacts.", diff --git a/data/json/decision_points/human_impact_2_0_1.json b/data/json/decision_points/human_impact_2_0_1.json index 80b1d1d3..fd21da49 100644 --- a/data/json/decision_points/human_impact_2_0_1.json +++ b/data/json/decision_points/human_impact_2_0_1.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "2.0.1", + "schemaVersion": "1-0-1", "key": "HI", "name": "Human Impact", "description": "Human Impact is a combination of Safety and Mission impacts.", diff --git a/data/json/decision_points/mission_and_well-being_impact_1_0_0.json b/data/json/decision_points/mission_and_well-being_impact_1_0_0.json index a9f85575..d63cda57 100644 --- a/data/json/decision_points/mission_and_well-being_impact_1_0_0.json +++ b/data/json/decision_points/mission_and_well-being_impact_1_0_0.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", + "schemaVersion": "1-0-1", "key": "MWI", "name": "Mission and Well-Being Impact", "description": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", diff --git a/data/json/decision_points/mission_impact_1_0_0.json b/data/json/decision_points/mission_impact_1_0_0.json index 42221205..3ede44f1 100644 --- a/data/json/decision_points/mission_impact_1_0_0.json +++ b/data/json/decision_points/mission_impact_1_0_0.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", + "schemaVersion": "1-0-1", "key": "MI", "name": "Mission Impact", "description": "Impact on Mission Essential Functions of the Organization", diff --git a/data/json/decision_points/mission_impact_2_0_0.json b/data/json/decision_points/mission_impact_2_0_0.json index a9378b8e..d1a578a3 100644 --- a/data/json/decision_points/mission_impact_2_0_0.json +++ b/data/json/decision_points/mission_impact_2_0_0.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "2.0.0", + "schemaVersion": "1-0-1", "key": "MI", "name": "Mission Impact", "description": "Impact on Mission Essential Functions of the Organization", diff --git a/data/json/decision_points/public_safety_impact_2_0_0.json b/data/json/decision_points/public_safety_impact_2_0_0.json index f4890df9..4cf25b4f 100644 --- a/data/json/decision_points/public_safety_impact_2_0_0.json +++ b/data/json/decision_points/public_safety_impact_2_0_0.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "2.0.0", + "schemaVersion": "1-0-1", "key": "PSI", "name": "Public Safety Impact", "description": "A coarse-grained representation of impact to public safety.", diff --git a/data/json/decision_points/public_safety_impact_2_0_1.json b/data/json/decision_points/public_safety_impact_2_0_1.json index 74693702..2f76bbff 100644 --- a/data/json/decision_points/public_safety_impact_2_0_1.json +++ b/data/json/decision_points/public_safety_impact_2_0_1.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "2.0.1", + "schemaVersion": "1-0-1", "key": "PSI", "name": "Public Safety Impact", "description": "A coarse-grained representation of impact to public safety.", diff --git a/data/json/decision_points/public_value_added_1_0_0.json b/data/json/decision_points/public_value_added_1_0_0.json index 8345355c..772e5de0 100644 --- a/data/json/decision_points/public_value_added_1_0_0.json +++ b/data/json/decision_points/public_value_added_1_0_0.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", + "schemaVersion": "1-0-1", "key": "PVA", "name": "Public Value Added", "description": "How much value would a publication from the coordinator benefit the broader community?", diff --git a/data/json/decision_points/public_well-being_impact_1_0_0.json b/data/json/decision_points/public_well-being_impact_1_0_0.json index 10d10d78..a963ea06 100644 --- a/data/json/decision_points/public_well-being_impact_1_0_0.json +++ b/data/json/decision_points/public_well-being_impact_1_0_0.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", + "schemaVersion": "1-0-1", "key": "PWI", "name": "Public Well-Being Impact", "description": "A coarse-grained representation of impact to public well-being.", diff --git a/data/json/decision_points/report_credibility_1_0_0.json b/data/json/decision_points/report_credibility_1_0_0.json index b8dd759a..f9ff77f7 100644 --- a/data/json/decision_points/report_credibility_1_0_0.json +++ b/data/json/decision_points/report_credibility_1_0_0.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", + "schemaVersion": "1-0-1", "key": "RC", "name": "Report Credibility", "description": "Is the report credible?", diff --git a/data/json/decision_points/report_public_1_0_0.json b/data/json/decision_points/report_public_1_0_0.json index 72babfcc..67151fd2 100644 --- a/data/json/decision_points/report_public_1_0_0.json +++ b/data/json/decision_points/report_public_1_0_0.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", + "schemaVersion": "1-0-1", "key": "RP", "name": "Report Public", "description": "Is a viable report of the details of the vulnerability already publicly available?", diff --git a/data/json/decision_points/safety_impact_1_0_0.json b/data/json/decision_points/safety_impact_1_0_0.json index cdf74c68..e25fc5d3 100644 --- a/data/json/decision_points/safety_impact_1_0_0.json +++ b/data/json/decision_points/safety_impact_1_0_0.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", + "schemaVersion": "1-0-1", "key": "SI", "name": "Safety Impact", "description": "The safety impact of the vulnerability.", diff --git a/data/json/decision_points/safety_impact_2_0_0.json b/data/json/decision_points/safety_impact_2_0_0.json index f62db6e7..0c78a0e6 100644 --- a/data/json/decision_points/safety_impact_2_0_0.json +++ b/data/json/decision_points/safety_impact_2_0_0.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "2.0.0", + "schemaVersion": "1-0-1", "key": "SI", "name": "Safety Impact", "description": "The safety impact of the vulnerability. (based on IEC 61508)", diff --git a/data/json/decision_points/supplier_cardinality_1_0_0.json b/data/json/decision_points/supplier_cardinality_1_0_0.json index a41903bb..b4ad4c7c 100644 --- a/data/json/decision_points/supplier_cardinality_1_0_0.json +++ b/data/json/decision_points/supplier_cardinality_1_0_0.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", + "schemaVersion": "1-0-1", "key": "SC", "name": "Supplier Cardinality", "description": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", diff --git a/data/json/decision_points/supplier_contacted_1_0_0.json b/data/json/decision_points/supplier_contacted_1_0_0.json index 9cc7e6b7..8eaf7976 100644 --- a/data/json/decision_points/supplier_contacted_1_0_0.json +++ b/data/json/decision_points/supplier_contacted_1_0_0.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", + "schemaVersion": "1-0-1", "key": "SC", "name": "Supplier Contacted", "description": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", diff --git a/data/json/decision_points/supplier_engagement_1_0_0.json b/data/json/decision_points/supplier_engagement_1_0_0.json index df4df175..2f741598 100644 --- a/data/json/decision_points/supplier_engagement_1_0_0.json +++ b/data/json/decision_points/supplier_engagement_1_0_0.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", + "schemaVersion": "1-0-1", "key": "SE", "name": "Supplier Engagement", "description": "Is the supplier responding to the reporter\u2019s contact effort and actively participating in the coordination effort?", diff --git a/data/json/decision_points/supplier_involvement_1_0_0.json b/data/json/decision_points/supplier_involvement_1_0_0.json index 6d20be11..e43b79c7 100644 --- a/data/json/decision_points/supplier_involvement_1_0_0.json +++ b/data/json/decision_points/supplier_involvement_1_0_0.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", + "schemaVersion": "1-0-1", "key": "SI", "name": "Supplier Involvement", "description": "What is the state of the supplier\u2019s work on addressing the vulnerability?", diff --git a/data/json/decision_points/system_exposure_1_0_0.json b/data/json/decision_points/system_exposure_1_0_0.json index 42f1b5b8..5b77eb1b 100644 --- a/data/json/decision_points/system_exposure_1_0_0.json +++ b/data/json/decision_points/system_exposure_1_0_0.json @@ -1,8 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", - "schemaVersion": "1-0-1", "version": "1.0.0", + "schemaVersion": "1-0-1", "key": "EXP", "name": "System Exposure", "description": "The Accessible Attack Surface of the Affected System or Service", @@ -23,4 +22,4 @@ "description": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" } ] -} +} \ No newline at end of file diff --git a/data/json/decision_points/system_exposure_1_0_1.json b/data/json/decision_points/system_exposure_1_0_1.json index 9dcb0906..d2fca848 100644 --- a/data/json/decision_points/system_exposure_1_0_1.json +++ b/data/json/decision_points/system_exposure_1_0_1.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.1", + "schemaVersion": "1-0-1", "key": "EXP", "name": "System Exposure", "description": "The Accessible Attack Surface of the Affected System or Service", diff --git a/data/json/decision_points/technical_impact_1_0_0.json b/data/json/decision_points/technical_impact_1_0_0.json index 4c0cc802..6b9c8676 100644 --- a/data/json/decision_points/technical_impact_1_0_0.json +++ b/data/json/decision_points/technical_impact_1_0_0.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", + "schemaVersion": "1-0-1", "key": "TI", "name": "Technical Impact", "description": "The technical impact of the vulnerability.", diff --git a/data/json/decision_points/utility_1_0_0.json b/data/json/decision_points/utility_1_0_0.json index d34f975a..a54ebebd 100644 --- a/data/json/decision_points/utility_1_0_0.json +++ b/data/json/decision_points/utility_1_0_0.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", + "schemaVersion": "1-0-1", "key": "U", "name": "Utility", "description": "The Usefulness of the Exploit to the Adversary", diff --git a/data/json/decision_points/utility_1_0_1.json b/data/json/decision_points/utility_1_0_1.json index 093eb8f7..53e39a8a 100644 --- a/data/json/decision_points/utility_1_0_1.json +++ b/data/json/decision_points/utility_1_0_1.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.1", + "schemaVersion": "1-0-1", "key": "U", "name": "Utility", "description": "The Usefulness of the Exploit to the Adversary", diff --git a/data/json/decision_points/value_density_1_0_0.json b/data/json/decision_points/value_density_1_0_0.json index 902ec005..f0022b5e 100644 --- a/data/json/decision_points/value_density_1_0_0.json +++ b/data/json/decision_points/value_density_1_0_0.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", + "schemaVersion": "1-0-1", "key": "VD", "name": "Value Density", "description": "The concentration of value in the target", diff --git a/data/json/decision_points/virulence_1_0_0.json b/data/json/decision_points/virulence_1_0_0.json index 973fc173..98eee786 100644 --- a/data/json/decision_points/virulence_1_0_0.json +++ b/data/json/decision_points/virulence_1_0_0.json @@ -1,7 +1,7 @@ { - "schemaVersion": "1-0-1", "namespace": "ssvc", "version": "1.0.0", + "schemaVersion": "1-0-1", "key": "V", "name": "Virulence", "description": "The speed at which the vulnerability can be exploited.", From ed13b11759d7fb3a10018bd9422b5bf50fb1b012 Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli <vssarvepalli@cert.org> Date: Thu, 24 Oct 2024 11:56:13 -0400 Subject: [PATCH 4/6] Updated schema to remove #definitions for root element of the schema - supporting CVE Program --- ...on_Point_Value_Selection-1-0-1.schema.json | 67 +++++++++---------- 1 file changed, 32 insertions(+), 35 deletions(-) diff --git a/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json b/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json index b15800d8..2c6660f2 100644 --- a/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json +++ b/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json @@ -1,6 +1,6 @@ { "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json", + "$id": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Group_Selection-1-0-1.schema.json", "definitions": { "id": { "type": "string", @@ -62,40 +62,37 @@ "version" ], "additionalProperties": false - }, - "SsvcdecisionpointgroupselectionSchema": { - "properties": { - "id": { - "$ref": "#/definitions/id" - }, - "role": { - "$ref": "#/definitions/role" - }, - "schemaVersion": { - "$ref": "#/definitions/schemaVersion" - }, - "timestamp": { - "$ref": "#/definitions/timestamp" - }, - "selections": { - "description" : "An array of Decision Points and their Values that were down-selected or evaluated ", - "title": "selections", - "type": "array", - "minItems": 1, - "items": { - "$ref": "#/definitions/SsvcdecisionpointselectionSchema" - } - } - }, - "type": "object", - "required": [ - "selections", - "id", - "timestamp", - "schemaVersion" - ], - "additionalProperties": false } }, - "$ref": "#/definitions/SsvcdecisionpointgroupselectionSchema" + "properties": { + "id": { + "$ref": "#/definitions/id" + }, + "role": { + "$ref": "#/definitions/role" + }, + "schemaVersion": { + "$ref": "#/definitions/schemaVersion" + }, + "timestamp": { + "$ref": "#/definitions/timestamp" + }, + "selections": { + "description" : "An array of Decision Points and their Values that were down-selected or evaluated ", + "title": "selections", + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/SsvcdecisionpointselectionSchema" + } + } + }, + "type": "object", + "required": [ + "selections", + "id", + "timestamp", + "schemaVersion" + ], + "additionalProperties": false } From 6031c9d6f3c1cf05a7c6f1100dadcc118cd95727 Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli <vssarvepalli@cert.org> Date: Thu, 24 Oct 2024 12:18:27 -0400 Subject: [PATCH 5/6] Erorr in the ID field for Decision_Point_Value_Selection-1-0-1.schema.json --- data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json b/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json index 2c6660f2..1611f91f 100644 --- a/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json +++ b/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json @@ -1,6 +1,6 @@ { "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Group_Selection-1-0-1.schema.json", + "$id": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json", "definitions": { "id": { "type": "string", From 1597892d354ca5b42f56643b26275d45eebb7d99 Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli <vssarvepalli@cert.org> Date: Thu, 24 Oct 2024 12:24:09 -0400 Subject: [PATCH 6/6] Erorr in the ID field for Decision_Point_Value_Selection-1-0-1.schema.json --- data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json b/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json index 2c6660f2..1611f91f 100644 --- a/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json +++ b/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json @@ -1,6 +1,6 @@ { "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Group_Selection-1-0-1.schema.json", + "$id": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json", "definitions": { "id": { "type": "string",