Convert site to use inline python instead of relying on manual script to generate decision point examples (#683)

* add markdown-exec plugin and doc_helpers in prep for inlining examples

* add consistent VERSIONS and LATEST to decision point modules

* use inline python to generate examples

* replace markdown includes with inline python

* remove generated static examples

now provided at site build time using inline python

* regenerate some json examples based on recent changes to python

* update doctools.py to only generate the .json example files

inline examples are now down with inline python in markdown

* roll cvss decision point generation into doctools.py

* make cvss decision points consistent with VERSIONS and LATEST names

* add end-of-file newlines

* add / fix unit tests

* update cvss supplementals

* reorder urgency to be low-to-high

* fix pydantic type error (`list` instead of `tuple`)

Author: ahouseholder

data/json/decision_points/automatable_2_0_0.json

@@ -17,4 +17,4 @@
       "description": "Attackers can reliably automate steps 1-4 of the kill chain."
     }
   ]
-}
+}

data/json/decision_points/cvss/access_complexity_1_0_0.json

@@ -0,0 +1,20 @@
+{
+  "namespace": "cvss",
+  "version": "1.0.0",
+  "schemaVersion": "1-0-1",
+  "key": "AC",
+  "name": "Access Complexity",
+  "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.",
+  "values": [
+    {
+      "key": "L",
+      "name": "Low",
+      "description": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable."
+    },
+    {
+      "key": "H",
+      "name": "High",
+      "description": "Specialized access conditions exist; for example: the system is exploitable during specific windows of time (a race condition), the system is exploitable under specific circumstances (nondefault configurations), or the system is exploitable with victim interaction (vulnerability exploitable only if user opens e-mail)"
+    }
+  ]
+}

data/json/decision_points/cvss/access_complexity_2_0_0.json

@@ -0,0 +1,25 @@
+{
+  "namespace": "cvss",
+  "version": "2.0.0",
+  "schemaVersion": "1-0-1",
+  "key": "AC",
+  "name": "Access Complexity",
+  "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.",
+  "values": [
+    {
+      "key": "L",
+      "name": "Low",
+      "description": "Specialized access conditions or extenuating circumstances do not exist."
+    },
+    {
+      "key": "M",
+      "name": "Medium",
+      "description": "The access conditions are somewhat specialized."
+    },
+    {
+      "key": "H",
+      "name": "High",
+      "description": "Specialized access conditions exist."
+    }
+  ]
+}

data/json/decision_points/cvss/access_vector_1_0_0.json

@@ -0,0 +1,20 @@
+{
+  "namespace": "cvss",
+  "version": "1.0.0",
+  "schemaVersion": "1-0-1",
+  "key": "AV",
+  "name": "Access Vector",
+  "description": "This metric measures whether or not the vulnerability is exploitable locally or remotely.",
+  "values": [
+    {
+      "key": "L",
+      "name": "Local",
+      "description": "The vulnerability is only exploitable locally (i.e., it requires physical access or authenticated login to the target system)"
+    },
+    {
+      "key": "R",
+      "name": "Remote",
+      "description": "The vulnerability is exploitable remotely."
+    }
+  ]
+}

data/json/decision_points/cvss/access_vector_2_0_0.json

@@ -0,0 +1,25 @@
+{
+  "namespace": "cvss",
+  "version": "2.0.0",
+  "schemaVersion": "1-0-1",
+  "key": "AV",
+  "name": "Access Vector",
+  "description": "This metric reflects the context by which vulnerability exploitation is possible.",
+  "values": [
+    {
+      "key": "L",
+      "name": "Local",
+      "description": "A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account."
+    },
+    {
+      "key": "A",
+      "name": "Adjacent Network",
+      "description": "A vulnerability exploitable with adjacent network access requires the attacker to have access to either the broadcast or collision domain of the vulnerable software."
+    },
+    {
+      "key": "N",
+      "name": "Network",
+      "description": "A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed 'remotely exploitable'."
+    }
+  ]
+}

…ion_points/cvss/attack_complexity_3.json …points/cvss/attack_complexity_3_0_0.jsondata/json/decision_points/cvss/attack_complexity_3.json renamed to data/json/decision_points/cvss/attack_complexity_3_0_0.json data/json/decision_points/cvss/attack_complexity_3.json renamed to data/json/decision_points/cvss/attack_complexity_3_0_0.json

@@ -17,4 +17,4 @@
       "description": "A successful attack depends on conditions beyond the attacker's control."
     }
   ]
-}
+}

data/json/decision_points/cvss/attack_complexity_3_0_1.json

@@ -17,4 +17,4 @@
       "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place."
     }
   ]
-}
+}

…n_points/cvss/attack_requirements_1.json …ints/cvss/attack_requirements_1_0_0.jsondata/json/decision_points/cvss/attack_requirements_1.json renamed to data/json/decision_points/cvss/attack_requirements_1_0_0.json data/json/decision_points/cvss/attack_requirements_1.json renamed to data/json/decision_points/cvss/attack_requirements_1_0_0.json

@@ -17,4 +17,4 @@
       "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack."
     }
   ]
-}
+}

…ecision_points/cvss/attack_vector_3.json …ion_points/cvss/attack_vector_3_0_0.jsondata/json/decision_points/cvss/attack_vector_3.json renamed to data/json/decision_points/cvss/attack_vector_3_0_0.json data/json/decision_points/cvss/attack_vector_3.json renamed to data/json/decision_points/cvss/attack_vector_3_0_0.json

@@ -27,4 +27,4 @@
       "description": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)."
     }
   ]
-}
+}

data/json/decision_points/cvss/attack_vector_3_0_1.json

@@ -27,4 +27,4 @@
       "description": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)."
     }
   ]
-}
+}