schema/v5.0: flatten affected into array of products #99
Conversation
|
I have checked that this is a valid JSON file, but I didn't find any docs explaining additional tests that should be run, either to check that it's a valid JSON schema at all or to check that certain records validate against it. Are there such tests? |
|
Will work on these edits. @chandanbn, how does the mindmap get generated? |
16347db to
44e3b28
Compare
|
Changes made as suggested, except for fixing the CPE regexp. |
Currently done manually with this script in combination with https://markmap.js.org/repl/ Prefer to get this scripted/automated at some time. |
44e3b28 to
c6a70b2
Compare
|
Looking over this again I noticed that I neglected to pull 'platforms' up out of versions and into the product array object as we discussed. I have done that now. |
4322f63 to
7c5065b
Compare
- Changed affected from object with array of vendor objects
with array of products to just plain array of products.
- Added vendor string to product object.
- Renamed productName to product in product object.
- Added cpes array of string to product object,
replacing affectsCpes inside old affected object.
- Reordered property list in product object
to put all identifying fields first.
- Changed programRoutines to be array of objects, not array of strings.
- Defined that product object:
- Requires a product identification, at least one of:
- vendor and product
- collectionURL and packageName
- Also requires versions.
- Expands CPE definition (previously unspecified).
Based on discussion on issue CVEProject#86.
Fixes CVEProject#41.
Fixes CVEProject#86.
7c5065b to
3208d6d
Compare
|
@rsc you wrote in #86 (comment)
I agree ++... this has been one of the major issue with CPE/CVEs so far. Kudos and thank you for fixing this here; this as a major improvement! |
with array of products to just plain array of products.
replacing affectsCpes inside old affected object.
to put all identifying fields first.
Based on discussion on issue #86.