Skip to content

Commit 7ef484e

Browse files
tdrueztdruez
committed
Base implementation for OpenVEX export
Signed-off-by: tdruez <[email protected]>
1 parent bd917ac commit 7ef484e

File tree

13 files changed

+553
-7
lines changed

13 files changed

+553
-7
lines changed

dejacode_toolkit/csaf/HEADER renamed to dejacode_toolkit/HEADER

File renamed without changes.

dejacode_toolkit/csaf/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ $ datamodel-codegen \
1616
--output-model-type pydantic_v2.BaseModel \
1717
--input-file-type jsonschema \
1818
--target-python-version $TARGET_PYTHON_VERSION \
19-
--custom-file-header-path dejacode_toolkit/csaf/HEADER \
19+
--custom-file-header-path dejacode_toolkit/HEADER \
2020
--use-schema-description \
2121
--use-default-kwarg
2222

dejacode_toolkit/openvex/README.md

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
CSAF Models
2+
===========
3+
4+
Install the code generator
5+
--------------------------
6+
7+
$ pip install 'datamodel-code-generator'
8+
9+
Generate the models
10+
-------------------
11+
12+
$ TARGET_PYTHON_VERSION=3.13
13+
14+
# --use-schema-description \
15+
# --use-field-description \
16+
17+
$ datamodel-codegen \
18+
--input dejacode_toolkit/openvex/openvex_json_schema_0.2.0.json \
19+
--output dejacode_toolkit/openvex/__init__.py \
20+
--output-model-type dataclasses.dataclass \
21+
--input-file-type jsonschema \
22+
--target-python-version $TARGET_PYTHON_VERSION \
23+
--custom-file-header-path dejacode_toolkit/HEADER \
24+
--disable-future-imports
25+
26+
$ make valid

dejacode_toolkit/openvex/__init__.py

Lines changed: 141 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,141 @@
1+
#
2+
# Copyright (c) nexB Inc. and others. All rights reserved.
3+
# DejaCode is a trademark of nexB Inc.
4+
# SPDX-License-Identifier: AGPL-3.0-only
5+
# See https://github.com/aboutcode-org/dejacode for support or download.
6+
# See https://aboutcode.org for more information about AboutCode FOSS projects.
7+
#
8+
9+
from dataclasses import dataclass
10+
from enum import StrEnum
11+
12+
13+
class Status(StrEnum):
14+
not_affected = "not_affected"
15+
affected = "affected"
16+
fixed = "fixed"
17+
under_investigation = "under_investigation"
18+
19+
20+
class Justification(StrEnum):
21+
component_not_present = "component_not_present"
22+
vulnerable_code_not_present = "vulnerable_code_not_present"
23+
vulnerable_code_not_in_execute_path = "vulnerable_code_not_in_execute_path"
24+
vulnerable_code_cannot_be_controlled_by_adversary = (
25+
"vulnerable_code_cannot_be_controlled_by_adversary"
26+
)
27+
inline_mitigations_already_exist = "inline_mitigations_already_exist"
28+
29+
30+
@dataclass
31+
class Vulnerability:
32+
name: str
33+
field_id: str | None = None
34+
description: str | None = None
35+
aliases: list[str] | None = None
36+
37+
38+
@dataclass
39+
class Identifiers1:
40+
purl: str
41+
cpe22: str | None = None
42+
cpe23: str | None = None
43+
44+
45+
@dataclass
46+
class Identifiers2:
47+
cpe22: str
48+
purl: str | None = None
49+
cpe23: str | None = None
50+
51+
52+
@dataclass
53+
class Identifiers3:
54+
cpe23: str
55+
purl: str | None = None
56+
cpe22: str | None = None
57+
58+
59+
type Identifiers = Identifiers1 | Identifiers2 | Identifiers3
60+
61+
62+
@dataclass
63+
class Hashes:
64+
md5: str | None = None
65+
sha1: str | None = None
66+
sha_256: str | None = None
67+
sha_384: str | None = None
68+
sha_512: str | None = None
69+
sha3_224: str | None = None
70+
sha3_256: str | None = None
71+
sha3_384: str | None = None
72+
sha3_512: str | None = None
73+
blake2s_256: str | None = None
74+
blake2b_256: str | None = None
75+
blake2b_512: str | None = None
76+
77+
78+
@dataclass
79+
class Subcomponent1:
80+
field_id: str
81+
identifiers: Identifiers | None = None
82+
hashes: Hashes | None = None
83+
84+
85+
@dataclass
86+
class Subcomponent2:
87+
identifiers: Identifiers
88+
field_id: str | None = None
89+
hashes: Hashes | None = None
90+
91+
92+
type Subcomponent = Subcomponent1 | Subcomponent2
93+
94+
95+
@dataclass
96+
class Component1:
97+
field_id: str
98+
identifiers: Identifiers | None = None
99+
hashes: Hashes | None = None
100+
subcomponents: list[Subcomponent] | None = None
101+
102+
103+
@dataclass
104+
class Component2:
105+
identifiers: Identifiers
106+
field_id: str | None = None
107+
hashes: Hashes | None = None
108+
subcomponents: list[Subcomponent] | None = None
109+
110+
111+
type Component = Component1 | Component2
112+
113+
114+
@dataclass
115+
class Statement:
116+
vulnerability: Vulnerability
117+
status: Status
118+
field_id: str | None = None
119+
version: int | None = None
120+
timestamp: str | None = None
121+
last_updated: str | None = None
122+
products: list[Component] | None = None
123+
supplier: str | None = None
124+
status_notes: str | None = None
125+
justification: Justification | None = None
126+
impact_statement: str | None = None
127+
action_statement: str | None = None
128+
action_statement_timestamp: str | None = None
129+
130+
131+
@dataclass
132+
class OpenVEX:
133+
field_context: str
134+
field_id: str
135+
author: str
136+
timestamp: str
137+
version: int
138+
statements: list[Statement]
139+
role: str | None = None
140+
last_updated: str | None = None
141+
tooling: str | None = None

0 commit comments

Comments
 (0)