diff --git a/data/computed/Computed+Provision-VU#290915_Coordinator.json b/data/computed/Computed+Provision-VU#290915_Coordinator.json deleted file mode 100644 index f31b9e16..00000000 --- a/data/computed/Computed+Provision-VU#290915_Coordinator.json +++ /dev/null @@ -1,375 +0,0 @@ -{ - "timestamp": "2020-12-10T18:58:04.153Z", - "role": "Coordinator", - "id": "VU#290915", - "version": "2.0", - "computed": "SSVCv2/E:P/V:R/T:P/M:H/D:A/1607626684/", - "choices": [ - { - "Exploitation": "poc" - }, - { - "Virulence": "rapid" - }, - { - "Technical Impact": "partial" - }, - { - "Mission & Well-being": "high" - }, - { - "Decision": "Attend" - } - ], - "decision_tree": { - "decision_points": [ - { - "label": "Exploitation", - "decision_type": "simple", - "choices": [ - { - "label": "none", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." - }, - { - "label": "poc", - "description": "One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation. Some examples of condition (4) are open-source web proxies serve as the PoC code for how to exploit any vulnerability in the vein of improper validation of TLS certificates. As another example, Wireshark serves as a PoC for packet replay attacks on ethernet or WiFi networks." - }, - { - "label": "active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." - } - ] - }, - { - "label": "Virulence", - "decision_type": "simple", - "choices": [ - { - "label": "slow", - "description": "Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation. Example reasons for why a step may not be reliably automatable include (1) the vulnerable component is not searchable or enumerable on the network, (2) weaponization may require human direction for each target, (3) delivery may require channels that widely deployed network security configurations block, and (4) exploitation may be frustrated by adequate exploit-prevention techniques enabled by default; ASLR is an example of an exploit-prevention tool." - }, - { - "label": "rapid", - "description": "Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows unauthenticated remote code execution (RCE) or command injection, the response is likely rapid." - } - ] - }, - { - "label": "Technical Impact", - "decision_type": "simple", - "choices": [ - { - "label": "partial", - "description": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control. In this context, “low” means that the attacker cannot reasonably make enough attempts to overcome the low chance of each attempt not working. Denial of service is a form of limited control over the behavior of the vulnerable component." - }, - { - "label": "total", - "description": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." - } - ] - }, - { - "label": "Mission & Well-being", - "decision_type": "simple", - "choices": [ - { - "label": "low", - "description": "Mission Prevelance is Low and Public well-being impact is Minimal" - }, - { - "label": "medium", - "description": "Mission Prevelance is Medium and Public well-being impact is in Material" - }, - { - "label": "high", - "description": "Mission Prevelance is Essential and Public well-being impact is Irreversible" - } - ] - }, - { - "label": "Decision", - "decision_type": "final", - "choices": [ - { - "label": "Track", - "description": "The vulnerability does not require attention outside of Vulnerability Management (VM) at this time. Continue to track the situation and reassess the severity of vulnerability if necessary.", - "color": "#28a745" - }, - { - "label": "Track*", - "description": "Track these closely, especially if mitigation is unavailable or difficult. Recommended that analyst discuss with other ana-lysts and get a second opinion.", - "color": "#ffc107" - }, - { - "label": "Attend", - "description": "The vulnerability requires to be attended to by stakeholders outside VM. The action is a request to others for assistance / information / details, as well as a potential publication about the issue.", - "color": "#EE8733" - }, - { - "label": "Act", - "description": "The vulnerability requires immediate action by the relevant leadership. The action is a high-priority meeting among the relevant supervisors to decide how to respond.", - "color": "#dc3545" - } - ] - } - ], - "decisions_table": [ - { - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "low", - "Decision": "Track" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Track*", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Track*", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track*", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track*", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "high" - } - ], - "lang": "en", - "version": "2.0", - "title": "SSVC Provision table" - } -} diff --git a/data/computed/Computed-VU#290915_Coordinator.json b/data/computed/Computed-VU#290915_Coordinator.json deleted file mode 100644 index b37cb2a2..00000000 --- a/data/computed/Computed-VU#290915_Coordinator.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "timestamp": "2020-12-10T18:57:45.961Z", - "role": "Coordinator", - "id": "VU#290915", - "version": "2.0", - "computed": "SSVCv2/E:P/V:R/T:P/M:H/D:A/1607626665/", - "choices": [ - { - "Exploitation": "poc" - }, - { - "Virulence": "rapid" - }, - { - "Technical Impact": "partial" - }, - { - "Mission & Well-being": "high" - }, - { - "Decision": "Attend" - } - ] -} diff --git a/data/computed/Provision-v2-CISA-Coordination.json b/data/computed/Provision-v2-CISA-Coordination.json deleted file mode 100644 index 44bf4ef6..00000000 --- a/data/computed/Provision-v2-CISA-Coordination.json +++ /dev/null @@ -1,351 +0,0 @@ -{ - "decision_points": [ - { - "label": "Exploitation", - "decision_type": "simple", - "choices": [ - { - "label": "none", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." - }, - { - "label": "poc", - "description": "One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation. Some examples of condition (4) are open-source web proxies serve as the PoC code for how to exploit any vulnerability in the vein of improper validation of TLS certificates. As another example, Wireshark serves as a PoC for packet replay attacks on ethernet or WiFi networks." - }, - { - "label": "active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." - } - ] - }, - { - "label": "Virulence", - "decision_type": "simple", - "choices": [ - { - "label": "slow", - "description": "Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation. Example reasons for why a step may not be reliably automatable include (1) the vulnerable component is not searchable or enumerable on the network, (2) weaponization may require human direction for each target, (3) delivery may require channels that widely deployed network security configurations block, and (4) exploitation may be frustrated by adequate exploit-prevention techniques enabled by default; ASLR is an example of an exploit-prevention tool." - }, - { - "label": "rapid", - "description": "Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows unauthenticated remote code execution (RCE) or command injection, the response is likely rapid." - } - ] - }, - { - "label": "Technical Impact", - "decision_type": "simple", - "choices": [ - { - "label": "partial", - "description": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control. In this context, “low” means that the attacker cannot reasonably make enough attempts to overcome the low chance of each attempt not working. Denial of service is a form of limited control over the behavior of the vulnerable component." - }, - { - "label": "total", - "description": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." - } - ] - }, - { - "label": "Mission & Well-being", - "decision_type": "simple", - "choices": [ - { - "label": "low", - "description": "Mission Prevelance is Low and Public well-being impact is Minimal" - }, - { - "label": "medium", - "description": "Mission Prevelance is Medium and Public well-being impact is in Material" - }, - { - "label": "high", - "description": "Mission Prevelance is Essential and Public well-being impact is Irreversible" - } - ] - }, - { - "label": "Decision", - "decision_type": "final", - "choices": [ - { - "label": "Track", - "description": "The vulnerability does not require attention outside of Vulnerability Management (VM) at this time. Continue to track the situation and reassess the severity of vulnerability if necessary.", - "color": "#28a745" - }, - { - "label": "Track*", - "description": "Track these closely, especially if mitigation is unavailable or difficult. Recommended that analyst discuss with other ana-lysts and get a second opinion.", - "color": "#ffc107" - }, - { - "label": "Attend", - "description": "The vulnerability requires to be attended to by stakeholders outside VM. The action is a request to others for assistance / information / details, as well as a potential publication about the issue.", - "color": "#EE8733" - }, - { - "label": "Act", - "description": "The vulnerability requires immediate action by the relevant leadership. The action is a high-priority meeting among the relevant supervisors to decide how to respond.", - "color": "#dc3545" - } - ] - } - ], - "decisions_table": [ - { - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "low", - "Decision": "Track" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Track*", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Track*", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track*", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track*", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "high" - } - ], - "lang": "en", - "version": "2.0", - "title": "SSVC Provision table" -} diff --git a/data/computed/README.MD b/data/computed/README.MD deleted file mode 100644 index 475cea48..00000000 --- a/data/computed/README.MD +++ /dev/null @@ -1,10 +0,0 @@ -# Sample JSON files - - -There are there sample JSON files that provide examples of the current [JSON schema](../schema/). -The JSON files here are -1. Full Decision tree used for making an SSVC based decision. -2. Computed SSVC score of a vulnerability at a point of time. -3. Computed SSVC score with the full decision tree embedded. - - diff --git a/data/schema/SSVC_Computed_v2.schema.json b/data/schema/SSVC_Computed_v2.schema.json deleted file mode 100644 index 2709ea3d..00000000 --- a/data/schema/SSVC_Computed_v2.schema.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "$id": "https://democert.org/ssvc/SVC_Computed_v2.schema.json", - "title": "Computed SSVC score representing the path in the decision tree", - "description": "This schema represents the full path in the decision tree taken by an analyst with a specific role. The representation of the full decision tree is optional", - "type": "object", - "properties": { - "choices": { - "type": "array", - "items": { - "type": "object", - "items": { - "type": "string" - } - }, - "minItems": 1, - "uniqueItems": true - }, - "computed": { - "description": "Computed score short representation such as SSVCv2/Ps:Nm/T:T/U:E/1605040000/ for a vulnerability with no or minor Public Safety Impact, total Technical Impact, and efficient Utility, which was evaluated on Nov 10, 2020.", - "type": "string" - }, - "timestamp" : { - "description": "Date and time in ISO format ISO 8601 format", - "type": "string", - "format": "date-time" - }, - "role": { - "type": "string", - "description": "Roles are defined in SSVC spec and optional in SSVC provision schema" - }, - "version": { - "type": "string", - "description":"Version of the SSVC that was used in this decision" - }, - "decision_tree": { - "description": "The full decision tree that was used for this SSVC computed score", - "$ref": "https://democert.org/ssvc/SSVC_Provision_v2.schema.json" - } - }, - "required": [ - "choices", - "computed", - "timestamp", - "role", - "id", - "version" - ] -} diff --git a/data/schema/SSVC_Provision_v2.schema.json b/data/schema/SSVC_Provision_v2.schema.json deleted file mode 100644 index caad4cb1..00000000 --- a/data/schema/SSVC_Provision_v2.schema.json +++ /dev/null @@ -1,119 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "$id": "https://democert.org/ssvc/SSVC_Provision_v2.schema.json", - "title": "Decision tree schema definition for SSVC v2", - "description": "This provides a schema for a decision tree used to compute SSVC score for a vulnerability", - "definitions": { - "color_regex": { - "pattern": "^(#(?:[0-9a-f]{2}){2,4}$|(#[0-9a-f]{3}$)|(rgb|hsl)a?\\((-?\\d+%?[,\\s]+){2,3}\\s*[\\d\\.]+%?\\)$|black$|silver$|gray$|whitesmoke$|maroon$|red$|purple$|fuchsia$|green$|lime$|olivedrab$|yellow$|navy$|blue$|teal$|aquamarine$|orange$|aliceblue$|antiquewhite$|aqua$|azure$|beige$|bisque$|blanchedalmond$|blueviolet$|brown$|burlywood$|cadetblue$|chartreuse$|chocolate$|coral$|cornflowerblue$|cornsilk$|crimson$|currentcolor$|darkblue$|darkcyan$|darkgoldenrod$|darkgray$|darkgreen$|darkgrey$|darkkhaki$|darkmagenta$|darkolivegreen$|darkorange$|darkorchid$|darkred$|darksalmon$|darkseagreen$|darkslateblue$|darkslategray$|darkslategrey$|darkturquoise$|darkviolet$|deeppink$|deepskyblue$|dimgray$|dimgrey$|dodgerblue$|firebrick$|floralwhite$|forestgreen$|gainsboro$|ghostwhite$|goldenrod$|gold$|greenyellow$|grey$|honeydew$|hotpink$|indianred$|indigo$|ivory$|khaki$|lavenderblush$|lavender$|lawngreen$|lemonchiffon$|lightblue$|lightcoral$|lightcyan$|lightgoldenrodyellow$|lightgray$|lightgreen$|lightgrey$|lightpink$|lightsalmon$|lightseagreen$|lightskyblue$|lightslategray$|lightslategrey$|lightsteelblue$|lightyellow$|limegreen$|linen$|mediumaquamarine$|mediumblue$|mediumorchid$|mediumpurple$|mediumseagreen$|mediumslateblue$|mediumspringgreen$|mediumturquoise$|mediumvioletred$|midnightblue$|mintcream$|mistyrose$|moccasin$|navajowhite$|oldlace$|olive$|orangered$|orchid$|palegoldenrod$|palegreen$|paleturquoise$|palevioletred$|papayawhip$|peachpuff$|peru$|pink$|plum$|powderblue$|rosybrown$|royalblue$|saddlebrown$|salmon$|sandybrown$|seagreen$|seashell$|sienna$|skyblue$|slateblue$|slategray$|slategrey$|snow$|springgreen$|steelblue$|tan$|thistle$|tomato$|transparent$|turquoise$|violet$|wheat$|white$|yellowgreen$|rebeccapurple$)$", - "type": "string" - } - }, - "type": "object", - "properties": { - "decision_points": { - "decisions_table": { - "items": { - "type": "object" - }, - "minItems": 1, - "type": "array" - }, - "items": { - "anyOf": [ - { - "required": [ - "decision_type", - "label", - "children" - ] - }, - { - "required": [ - "decision_type", - "label", - "choices" - ] - } - ], - "properties": { - "children": { - "items": { - "maxLength": 255, - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "choices": { - "items": { - "properties": { - "description": { - "maxLength": 65535, - "type": "string" - }, - "label": { - "maxLength": 255, - "type": "string" - } - }, - "required": [ - "label", - "description" - ], - "type": "object" - }, - "minItems": 1, - "type": "array" - }, - "decision_type": { - "enum": [ - "child", - "complex", - "simple", - "final" - ], - "description": "Decision Type is used to identify if this is a \"simple\" decision or a \"complex\" decision. The \"complex\" decisions can have \"child\" decisions under them. The \"final\" decision basically is the last node on the decision tree" - }, - "label": { - "maxLength": 255, - "type": "string" - } - }, - "type": "object" - }, - "minItems": 1, - "type": "array" - }, - "lang": { - "maxLength": 7, - "type": "string" - }, - "roles": { - "description": "Roles as described in SSVC as distinct array elements", - "type": "array", - "items": { - "type": "string" - }, - "minItems": 1, - "uniqueItems": true - }, - "title": { - "maxLength": 255, - "type": "string" - }, - "version": { - "enum": [ - "1.0", - "2.0" - ] - } - }, - "required": [ - "lang", - "version", - "decision_points", - "decisions_table" - ] -} -