Update schema JSON to use cross-referencing and force more validations #704
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -15,23 +15,29 @@ | |||||
| "properties": { | ||||||
| "key": { | ||||||
| "type": "string", | ||||||
| "description": "A key (a short, unique string) that can be used to identify the Decision Point/Decision Point value in a shorthand way", | ||||||
| "minLength": 1, | ||||||
| "examples": ["P", "Y"] | ||||||
| }, | ||||||
| "name": { | ||||||
| "type": "string", | ||||||
| "description": "A short label that captures the description of the Decision Point or the Group of Decision Points.", | ||||||
| "minLength": 1, | ||||||
| "examples": ["Public PoC", "Yes"] | ||||||
| }, | ||||||
| "description": { | ||||||
| "type": "string", | ||||||
| "description": "Description of the Decision Point Value", | ||||||
| "minLength": 1, | ||||||
| "examples": ["One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation.","Attackers can reliably automate steps 1-4 of the kill chain."] | ||||||
| } | ||||||
| }, | ||||||
| "required" : [ | ||||||
| "key", | ||||||
| "name", | ||||||
| "description" | ||||||
| ] | ||||||
| }, | ||||||
sei-vsarvepalli marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||||||
| "decision_point": { | ||||||
| "type": "object", | ||||||
| "additionalProperties": false, | ||||||
|
|
@@ -41,23 +47,32 @@ | |||||
| }, | ||||||
| "namespace": { | ||||||
| "type": "string", | ||||||
| "description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point. See SSVC Documentation for details.", | ||||||
| "pattern": "^[a-z0-9-]{3,4}[a-z0-9/\\.-]*$", | ||||||
ahouseholder marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
| "examples": ["ssvc", "cvss", "ssvc-jp", "ssvc/acme", "ssvc/example.com"] | ||||||
| }, | ||||||
| "version": { | ||||||
| "type": "string", | ||||||
| "description": "Version (a semantic version string) that identifies this object", | ||||||
| "pattern": "^(0|[1-9]\d*)\\.(0|[1-9]\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" | ||||||
|
||||||
| "pattern": "^(0|[1-9]\d*)\\.(0|[1-9]\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" | |
| "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" |
Contributor
Author
There was a problem hiding this comment.
comma missing at the end as well that is fixed now in the 0dc08d0
Contributor
Author
There was a problem hiding this comment.
Should we stick to [0-9] instead of \d as \d matches say Arabic numerals when regex is used with unicode?
Contributor
There was a problem hiding this comment.
(Commenting without diff'ing the strings) I'd be most comfortable with the second example provided by
specifically
https://regex101.com/r/vkijKf/1/
on the basis that if the semver.org thinks that's the regex, I'd take their word for it.
Contributor
Author
There was a problem hiding this comment.
What we have is exactly that with the double backslashes for usage in the JSON schema that's all.
Contributor
There was a problem hiding this comment.
Should we stick to [0-9] instead of \d as \d matches say Arabic numerals when regex is used with unicode?
I'd like that as it eliminates the ambiguousness. \d is unfortunately sometimes interpreted differently...
ahouseholder marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
ahouseholder marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
ahouseholder marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
ahouseholder marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
ahouseholder marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
ahouseholder marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -34,7 +34,7 @@ def setUp(self) -> None: | |
| key="bar", | ||
| description="baz", | ||
| version="1.0.0", | ||
| namespace="name1", | ||
| values=tuple(self.values), | ||
| ) | ||
|
|
||
|
|
@@ -90,7 +90,7 @@ def test_ssvc_decision_point(self): | |
| self.assertEqual(obj.key, "bar") | ||
| self.assertEqual(obj.description, "baz") | ||
| self.assertEqual(obj.version, "1.0.0") | ||
| self.assertEqual(obj.namespace, "name1") | ||
| self.assertEqual(len(self.values), len(obj.values)) | ||
|
|
||
| def test_ssvc_value_json_roundtrip(self): | ||
|
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This appears to be inside a decision point value spec. So it's a brief name for the decision point value, right? It's not describing the decision point or the group.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeh - those have been the same. I have not changed them. Bu happy to change them as well. You are only seeing it because the "comma" at the end added.