Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

properties element missing for vulnerability type in XML schema #147

Closed
nscuro opened this issue May 19, 2022 · 0 comments · Fixed by #148
Closed

properties element missing for vulnerability type in XML schema #147

nscuro opened this issue May 19, 2022 · 0 comments · Fixed by #148

Comments

@nscuro
Copy link
Member

nscuro commented May 19, 2022

While the JSON schema for 1.4 and 1.4.1 defines a properties element for the vulnerability type, the XML schema does not.

Naturally, this causes validation failures when using properties with vulnerabilities.

Steps to reproduce

$ wget https://raw.githubusercontent.com/CycloneDX/cyclonedx-go/75c4a5fce050df541f3c359bd755f5ab8ef9245a/testdata/valid-vulnerability.xml
$ cyclonedx validate --input-file valid-vulnerability.xml --input-version v1_4
Validating XML BOM...
Validation failed at line number 119 and position 14: The element 'vulnerability' in namespace 'http://cyclonedx.org/schema/bom/1.4' has invalid child element 'properties' in namespace 'http://cyclonedx.org/schema/bom/1.4'.
BOM is not valid.
@nscuro nscuro mentioned this issue May 19, 2022
Merged
This was referenced May 19, 2022
Closed
Merged
@desenna desenna mentioned this issue Jun 9, 2022
Merged
joshbressers added a commit to joshbressers/grype that referenced this issue Jul 9, 2022
@joshbressers
Add in the content from this PR to allow the tests to pass
d3326c3 
CycloneDX/specification#147
joshbressers added a commit to joshbressers/grype that referenced this issue Jul 16, 2022
@joshbressers
Fix a cyclonedxvex typo and fix the schema document from
50dbebd 
CycloneDX/specification#147

Signed-off-by: Josh Bressers <[email protected]>
@joshbressers joshbressers mentioned this issue Jul 16, 2022
Merged
wagoodman pushed a commit to anchore/grype that referenced this issue Jul 17, 2022
@joshbressers
Fix a cyclonedxvex typo and fix the schema document from (#830)
8ce541e 
CycloneDX/specification#147

Signed-off-by: Josh Bressers <[email protected]>
@nscuro nscuro mentioned this issue Sep 26, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: add missing Vulnerability.properties types in schema 1.4 desenna/specification
1 participant
@nscuro