diff --git a/data/schema/Decision_Point.schema.json b/data/schema/Decision_Point.schema.json deleted file mode 100644 index f4ddb450..00000000 --- a/data/schema/Decision_Point.schema.json +++ /dev/null @@ -1,60 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2020-12/schema", - "title": "Decision Point schema definition", - "$id": "https://github.com/CERTCC/SSVC/tree/main/data/schema/Decision_Point.schema.json", - "description": "Decision points are the basic building blocks of SSVC decision functions. Individual decision points describe a single aspect of the input to a decision function.", - "type": "object", - "additionalProperties": false, - "properties": { - "namespace": { - "type": "string", - "description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point" - }, - "version": { - "type": "string", - "description": "Version (a semantic version string) that identifies this object" - }, - "key": { - "type": "string", - "description": "A key (a short, unique string) that can be used to identify the Decision Point/Decision Point value in a shorthand way" - }, - "name": { - "type": "string", - "description": "A short label that captures the description of the Decision Point or the Group of Decision Points." - }, - "description": { - "type": "string", - "description": "Description of the Decision Point or the Group of Decision Points." - }, - "values": { - "description": "Decision Point Values are valid results from a Decision Point", - "uniqueItems": true, - "type": "array", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "A key (a short, unique string) that can be used to identify the Decision Point/Decision Point value in a shorthand way" - }, - "name": { - "type": "string", - "description": "A short label that captures the description of the Decision Point or the Group of Decision Points." - }, - "description": { - "type": "string", - "description": "Description of the Decision Point or the Group of Decision Points." - } - } - } - } - }, - "required": [ - "namespace", - "version", - "key", - "name", - "description", - "values" - ] -} diff --git a/data/schema/Decision_Point_Group.schema.json b/data/schema/Decision_Point_Group.schema.json deleted file mode 100644 index dd7cb4a0..00000000 --- a/data/schema/Decision_Point_Group.schema.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2020-12/schema", - "title": "Decision Points Group schema definition", - "$id": "https://github.com/CERTCC/SSVC/tree/main/data/schema/Decision_Point_Group.schema.json", - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "type": "string", - "description": "Version (a semantic version string) that identifies this object" - }, - "name": { - "type": "string", - "description": "A short label that captures the description of the Decision Point or the Group of Decision Points." - }, - "description": { - "type": "string", - "description": "Description of the Decision Point or the Group of Decision Points." - }, - "decision_points": { - "description": "Decision points are the basic building blocks of SSVC decision functions. Individual decision points describe a single aspect of the input to a decision function.", - "additionalProperties": false, - "type": "array", - "items": { - "type": "object", - "properties": { - "namespace": { - "type": "string", - "description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point" - }, - "version": { - "type": "string", - "description": "Version (a semantic version string) that identifies this object" - }, - "key": { - "type": "string", - "description": "A key (a short, unique string) that can be used to identify the Decision Point/Decision Point value in a shorthand way" - }, - "name": { - "type": "string", - "description": "A short label that captures the description of the Decision Point or the Group of Decision Points." - }, - "description": { - "type": "string", - "description": "Description of the Decision Point or the Group of Decision Points." - }, - "values": { - "description": "Decision Point Values are valid results from a Decision Point", - "uniqueItems": true, - "type": "array", - "items": { - "type": "object", - "properties": { - "key": { - "type": "string", - "description": "A key (a short, unique string) that can be used to identify the Decision Point/Decision Point value in a shorthand way" - }, - "name": { - "type": "string", - "description": "A short label that captures the description of the Decision Point or the Group of Decision Points." - }, - "description": { - "type": "string", - "description": "Description of the Decision Point or the Group of Decision Points." - } - } - } - } - } - } - } - }, - "required": [ - "version", - "name", - "description", - "decision_points" - ] -} diff --git a/data/schema/current/Decision_Point.schema.json b/data/schema/current/Decision_Point.schema.json new file mode 120000 index 00000000..b1e5866a --- /dev/null +++ b/data/schema/current/Decision_Point.schema.json @@ -0,0 +1 @@ +../v1/Decision_Point-1-0-1.schema.json \ No newline at end of file diff --git a/data/schema/current/Decision_Point_Group.schema.json b/data/schema/current/Decision_Point_Group.schema.json new file mode 120000 index 00000000..ac51774b --- /dev/null +++ b/data/schema/current/Decision_Point_Group.schema.json @@ -0,0 +1 @@ +../v1/Decision_Point_Group-1-0-1.json \ No newline at end of file diff --git a/data/schema/current/Decision_Point_Value_Selection.schema.json b/data/schema/current/Decision_Point_Value_Selection.schema.json new file mode 120000 index 00000000..b708b5d7 --- /dev/null +++ b/data/schema/current/Decision_Point_Value_Selection.schema.json @@ -0,0 +1 @@ +../v1/Decision_Point_Value_Selection-1-0-1.schema.json \ No newline at end of file diff --git a/data/schema/v1/Decision_Point-1-0-1.schema.json b/data/schema/v1/Decision_Point-1-0-1.schema.json new file mode 100644 index 00000000..b642cd06 --- /dev/null +++ b/data/schema/v1/Decision_Point-1-0-1.schema.json @@ -0,0 +1,79 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "title": "Decision Point schema definition", + "$id": "https://certcc.github.io/data/schema/v1/Decision_Point.schema-1-0-1.json", + "description": "Decision points are the basic building blocks of SSVC decision functions. Individual decision points describe a single aspect of the input to a decision function.", + "definitions": { + "schemaVersion": { + "description": "Schema version used to represent this Decision Point", + "type": "string", + "enum": ["1-0-1"] + }, + "decision_point_value": { + "type": "object", + "additionalProperties": false, + "properties": { + "key": { + "type": "string", + "description": "A key (a short, unique string) that can be used to identify the Decision Point/Decision Point value in a shorthand way" + }, + "name": { + "type": "string", + "description": "A short label that captures the description of the Decision Point or the Group of Decision Points." + }, + "description": { + "type": "string", + "description": "Description of the Decision Point Value" + } + }, + "required" : [ + "key", + "name", + "description" + ] + }, + "decision_point": { + "type": "object", + "additionalProperties": false, + "properties": { + "namespace": { + "type": "string", + "description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point" + }, + "version": { + "type": "string", + "description": "Version (a semantic version string) that identifies this object" + }, + "key": { + "type": "string", + "description": "A key (a short, unique string) that can be used to identify the Decision Point/Decision Point value in a shorthand way" + }, + "name": { + "type": "string", + "description": "A short label that captures the description of the Decision Point or the Group of Decision Points." + }, + "description": { + "type": "string", + "description": "q Description of the Decision Point or the Group of Decision Points as defined." + }, + "values": { + "description": "Decision Point Values are valid results from a Decision Point", + "uniqueItems": true, + "type": "array", + "items": { + "$ref": "#/definitions/decision_point_value" + } + } + }, + "required": [ + "namespace", + "version", + "key", + "name", + "description", + "values" + ] + } + }, + "$ref": "#/definitions/decision_point" +} diff --git a/data/schema/v1/Decision_Point_Group-1-0-1.json b/data/schema/v1/Decision_Point_Group-1-0-1.json new file mode 100644 index 00000000..40838cad --- /dev/null +++ b/data/schema/v1/Decision_Point_Group-1-0-1.json @@ -0,0 +1,44 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "title": "Decision Points Group schema definition", + "$id": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Group-1-0-1.schema.json", + "definitions": { + "schemaVersion": { + "description": "Schema version used to represent Decision Point Group", + "type": "string", + "enum": ["1-0-1"] + }, + "decision_point_group": { + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "string", + "description": "Version (a semantic version string) that identifies this object" + }, + "name": { + "type": "string", + "description": "A short label that captures the description of the Decision Point or the Group of Decision Points." + }, + "description": { + "type": "string", + "description": "Description of the Decision Point or the Group of Decision Points." + }, + "decision_points": { + "type": "array", + "items": { + "$ref": "https://certcc.github.io/SSVC/data/schema/Decision_Point.schema.json" + } + } + }, + "required": [ + "version", + "name", + "description", + "decision_points" + ] + } + }, + "$ref": "#/definitions/decision_point_group" + +} diff --git a/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json b/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json new file mode 100644 index 00000000..5703f47f --- /dev/null +++ b/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json @@ -0,0 +1,99 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Group_Selection-1-0-1.schema.json", + "definitions": { + "id": { + "type": "string", + "description": "Identifier for a vulnerability could be CVE, CERT/CC VU#, OSV id, Bugtraq, GHSA etc.", + "examples": ["CVE-2024-101010","VU#11111","GHSA-11a1-22b2-33c3"] + }, + "role": { + "type": "string", + "description": "Roles to define SSVC Stakeholders https://certcc.github.io/SSVC/topics/enumerating_stakeholders/", + "examples": ["Supplier","Deployer","Coordinator"] + }, + "timestamp" : { + "description": "Date and time in ISO format ISO 8601 format", + "type": "string", + "format": "date-time" + }, + "schemaVersion": { + "description": "Schema version used to represent this evaluation", + "type": "string", + "enum": ["1-0-1"] + }, + "SsvcdecisionpointselectionSchema": { + "description": "A down-selection of SSVC Decision Points that represent an evaluation at a specific time of a Vulnerability", + "properties": { + "name": { + "description": "Name of the Decision Point that were evaluated", + "title": "name", + "type": "string", + "examples": ["Automatable", "Exploitation"] + }, + "namespace": { + "description": "SSVC Namespace that were used for defining the evaluated Decision Points", + "title": "namespace", + "type": "string", + "examples": ["ssvc","cvvsv4"] + }, + "values": { + "description": "Evaluated values of the Decision Point", + "title": "values", + "type": "array", + "items": { + "description": "Each value that were down-selected for a Decision Point", + "title": "values", + "type": "string" + } + }, + "version": { + "description": "Version of the Decision Points that were evaluated", + "title": "version", + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "namespace", + "values", + "version" + ], + "additionalProperties": false + }, + "SsvcdecisionpointgroupselectionSchema": { + "properties": { + "id": { + "$ref": "#/definitions/id" + }, + "role": { + "$ref": "#/definitions/role" + }, + "schemaVersion": { + "$ref": "#/definitions/schemaVersion" + }, + "timestamp": { + "$ref": "#/definitions/timestamp" + }, + "selections": { + "description" : "An array of Decision Points and their Values that were down-selected or evaluated ", + "title": "selections", + "type": "array", + "items": { + "$ref": "#/definitions/SsvcdecisionpointselectionSchema" + } + } + }, + "type": "object", + "required": [ + "selections", + "id", + "timestamp", + "schemaVersion" + ], + "additionalProperties": false + } + }, + "$ref": "#/definitions/SsvcdecisionpointgroupselectionSchema" +} diff --git a/data/schema_examples/CVE-1969-0000-Decision_Point_Value_Selection.json b/data/schema_examples/CVE-1969-0000-Decision_Point_Value_Selection.json new file mode 100644 index 00000000..5ec025a4 --- /dev/null +++ b/data/schema_examples/CVE-1969-0000-Decision_Point_Value_Selection.json @@ -0,0 +1,31 @@ +{ + "id": "CVE-1969-0000", + "timestamp": "2021-09-29T15:29:44Z", + "schemaVersion": "1-0-1", + "selections": [ + { + "namespace": "ssvc", + "name": "Exploitation", + "version": "1.1.0", + "values": [ + "Active" + ] + }, + { + "namespace": "ssvc", + "name": "Automatable", + "version": "2.0.0", + "values": [ + "Yes" + ] + }, + { + "namespace": "ssvc", + "name": "Technical Impact", + "version": "1.0.0", + "values": [ + "Total" + ] + } + ] +} diff --git a/src/test/test_schema.py b/src/test/test_schema.py index 401371ca..b34ed47b 100644 --- a/src/test/test_schema.py +++ b/src/test/test_schema.py @@ -64,7 +64,7 @@ def test_confirm_registered_decision_points(self): def test_decision_point_validation(self): # path relative to top level of repo - schema_file = find_schema("data/schema/Decision_Point.schema.json") + schema_file = find_schema("data/schema/current/Decision_Point.schema.json") schema = json.load(open(schema_file)) decision_points = list(REGISTERED_DECISION_POINTS) @@ -82,11 +82,11 @@ def test_decision_point_validation(self): self.assertIsNone(exp, f"Validation failed for {dp.name} {dp.version}") self.logger.debug( - f"Validation passed for ({dp.namespace}) {dp.name} v{dp.version}" + f"Validation passed for Decision Point ({dp.namespace}) {dp.name} v{dp.version}" ) def test_decision_point_group_validation(self): - schema_file = find_schema("data/schema/Decision_Point_Group.schema.json") + schema_file = find_schema("data/schema/current/Decision_Point_Group.schema.json") schema = json.load(open(schema_file)) for dpg in self.dpgs: