forked from CERTCC/SSVC
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDecision_Point-1-0-1.schema.json
More file actions
100 lines (99 loc) · 3.63 KB
/
Decision_Point-1-0-1.schema.json
File metadata and controls
100 lines (99 loc) · 3.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "Decision Point schema definition",
"$id": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point-1-0-1.schema.json",
"description": "Decision points are the basic building blocks of SSVC decision functions. Individual decision points describe a single aspect of the input to a decision function.",
"$defs": {
"schemaVersion": {
"description": "Schema version used to represent this Decision Point.",
"type": "string",
"enum": ["1-0-1"]
},
"decision_point_value": {
"type": "object",
"additionalProperties": false,
"properties": {
"key": {
"type": "string",
"description": "A short, unique string (or key) used as a shorthand identifier for a Decision Point Value.",
"minLength": 1,
"examples": ["P", "Y"]
},
"name": {
"type": "string",
"description": "A short label that identifies a Decision Point Value",
"minLength": 1,
"examples": ["Public PoC", "Yes"]
},
"description": {
"type": "string",
"description": "A full description of the Decision Point Value.",
"minLength": 1,
"examples": ["One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation.","Attackers can reliably automate steps 1-4 of the kill chain."]
}
},
"required" : [
"key",
"name",
"description"
]
},
"decision_point": {
"type": "object",
"additionalProperties": false,
"properties": {
"schemaVersion": {
"$ref": "#/$defs/schemaVersion"
},
"namespace": {
"type": "string",
"description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point. See SSVC Documentation for details.",
"pattern": "^[a-z0-9-]{3,4}[a-z0-9/\\.-]*$",
"examples": ["ssvc", "cvss", "ssvc-jp", "ssvc/acme", "ssvc/example.com"]
},
"version": {
"type": "string",
"description": "Version (a semantic version string) that identifies the version of a Decision Point.",
"pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$",
"examples": ["1.0.1", "1.0.1-alpha"]
},
"key": {
"type": "string",
"description": "A short, unique string (or key) used as a shorthand identifier for a Decision Point.",
"minLength": 1,
"examples": ["E", "A"]
},
"name": {
"type": "string",
"description": "A short label that identifies a Decision Point.",
"minLength": 1,
"examples": ["Exploitation", "Automatable"]
},
"description": {
"type": "string",
"description": "A full description of the Decision Point, explaining what it represents and how it is used in SSVC.",
"minLength": 1
},
"values": {
"description": "A set of possible answers for a given Decision Point",
"uniqueItems": true,
"type": "array",
"minItems": 1,
"items": {
"$ref": "#/$defs/decision_point_value"
}
}
},
"required": [
"namespace",
"version",
"key",
"name",
"description",
"values",
"schemaVersion"
]
}
},
"$ref": "#/$defs/decision_point"
}