Skip to content

Commit

Permalink
Merge pull request #304 from ccoffin/5.1.0
Browse files Browse the repository at this point in the history 
copied 5.0 schema files from master branch to the 5.1.0 archive
  • Loading branch information
@ccoffin
ccoffin authored May 8, 2024
2 parents 856237f + 1c0e3c9 commit 02b0820
Show file tree
Hide file tree
Showing 23 changed files with 447 additions and 9,566 deletions.
93 changes: 31 additions & 62 deletions schema/archive/v5.0/CVE_JSON_5.1_schema.json → schema/archive/v5.0/CVE_JSON_5.0_schema.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://cveproject.github.io/cve-schema/schema/v5.0/docs/CVE_JSON_bundled.json",
"$id": "https://cve.org/cve/record/v5_00/",
"type": "object",
"title": "CVE JSON record format",
"description": "cve-schema specifies the CVE JSON record format. This is the blueprint for a rich set of JSON data that can be submitted by CVE Numbering Authorities (CNAs) and Authorized Data Publishers (ADPs) to describe a CVE Record. Some examples of CVE Record data include CVE ID number, affected product(s), affected version(s), and public references. While those specific items are required when assigning a CVE, there are many other optional data in the schema that can be used to enrich CVE Records for community benefit. Learn more about the CVE program at [the official website](https://cve.mitre.org). This CVE JSON record format is defined using JSON Schema. Learn more about JSON Schema [here](https://json-schema.org/).",
"definitions": {
Expand Down Expand Up @@ -46,8 +47,7 @@
]
}
}
},
"additionalProperties": false
}
},
"cveId": {
"type": "string",
Expand Down Expand Up @@ -76,7 +76,7 @@
"timestamp": {
"type": "string",
"format": "date-time",
"description": "Date/time format based on RFC3339 and ISO ISO8601, with an optional timezone in the format 'yyyy-MM-ddTHH:mm:ss[+-]ZH:ZM'. If timezone offset is not given, GMT (+00:00) is assumed.",
"description": "Date/time format based on RFC3339 and ISO ISO8601, with an optional timezone in the format 'yyyy-MM-ddTHH:mm:ssZZZZ'. If timezone offset is not given, GMT (0000) is assumed.",
"pattern": "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$"
},
"version": {
Expand Down Expand Up @@ -247,8 +247,7 @@
"minLength": 1,
"maxLength": 4096
}
},
"additionalProperties": false
}
}
},
"platforms": {
Expand Down Expand Up @@ -286,13 +285,10 @@
},
{
"required": ["version", "status", "versionType"],
"maxProperties": 3
},
{
"required": ["version", "status", "versionType", "lessThan"]
},
{
"required": ["version", "status", "versionType", "lessThanOrEqual"]
"oneOf": [
{"required": ["lessThan"]},
{"required": ["lessThanOrEqual"]}
]
}
],
"properties": {
Expand Down Expand Up @@ -335,7 +331,6 @@
"type": "object",
"description": "The start of a single status change during the range.",
"required": ["at", "status"],
"additionalProperties": false,
"properties": {
"at": {
"description": "The version at which a status change occurs.",
Expand All @@ -348,8 +343,7 @@
}
}
}
},
"additionalProperties": false
}
}
}
}
Expand All @@ -362,10 +356,9 @@
]
},
"dataVersion": {
"description": "The version of the CVE schema used for validating this record. Used to support multiple versions of this format.",
"description": "The version of the schema being used. Used to support multiple versions of this format.",
"type": "string",
"pattern": "^5\\.(0|[1-9][0-9]*)(\\.(0|[1-9][0-9]*))?$",
"default": "5.1.0"
"enum": ["5.0"]
},
"cveMetadataPublished": {
"description": "This is meta data about the CVE ID such as the CVE ID, who requested it, who assigned it, when it was requested, the current state (PUBLISHED, REJECTED, etc.) and so on. These fields are controlled by the CVE Services.",
Expand Down Expand Up @@ -485,8 +478,7 @@
"description": "Timestamp to be set by the system of record at time of submission. If dateUpdated is provided to the system of record it will be replaced by the current timestamp at the time of submission."
}
},
"required": ["orgId"],
"additionalProperties": false
"required": ["orgId"]
},
"cnaPublishedContainer": {
"description": "An object containing the vulnerability information provided by a CVE Numbering Authority (CNA) for a published CVE ID. There can only be one CNA container per CVE record since there can only be one assigning CNA. The CNA container must include the required information defined in the CVE Rules, which includes a product, version, problem type, prose description, and a reference.",
Expand Down Expand Up @@ -564,7 +556,6 @@
"patternProperties": {
"^x_[^.]*$": {}
},
"$comment": "The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.",
"additionalProperties": false
},
"cnaRejectedContainer": {
Expand Down Expand Up @@ -595,7 +586,6 @@
"patternProperties": {
"^x_[^.]*$": {}
},
"$comment": "The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.",
"additionalProperties": false
},
"adpContainer": {
Expand Down Expand Up @@ -668,7 +658,6 @@
"patternProperties": {
"^x_[^.]*$": {}
},
"$comment": "The character . is restricted in names allowed by patternProperties to work-around naming limitations in some common implementations.",
"additionalProperties": false
},
"affected": {
Expand Down Expand Up @@ -727,8 +716,7 @@
"required": [
"type",
"value"
],
"additionalProperties": false
]
}
}
},
Expand All @@ -742,8 +730,7 @@
"type": "object",
"description": "A description with lang set to an English language (en, en_US, en_UK, and so on).",
"properties": {"lang": {"$ref": "#/definitions/englishLanguage"}},
"required": ["lang"],
"$comment": "Cannot use additionalProperties: false here, as this prevents the other properties used by /definitions/description."
"required": ["lang"]
},
"descriptions": {
"type": "array",
Expand Down Expand Up @@ -794,14 +781,12 @@
"maxLength": 128
},
"references": {"$ref": "#/definitions/references"}
},
"additionalProperties": false
}
},
"minItems": 1,
"uniqueItems": true
}
},
"additionalProperties": false
}
},
"minItems": 1,
"uniqueItems": true
Expand Down Expand Up @@ -835,8 +820,7 @@
"description": "Prose description of the impact scenario. At a minimum provide the description given by CAPEC.",
"$ref": "#/definitions/descriptions"
}
},
"additionalProperties": false
}
}
},
"metrics": {
Expand All @@ -846,11 +830,8 @@
"uniqueItems": true,
"items": {
"type": "object",
"description": "This is impact type information (e.g. a text description, CVSSv2, CVSSv3, CVSSV4, etc.). Must contain: At least one entry, can be text, CVSSv2, CVSSv3, others may be added.",
"description": "This is impact type information (e.g. a text description, CVSSv2, CVSSv3, etc.). Must contain: At least one entry, can be text, CVSSv2, CVSSv3, others may be added.",
"anyOf": [
{
"required": ["cvssV4_0"]
},
{
"required": ["cvssV3_1"]
},
Expand Down Expand Up @@ -891,11 +872,9 @@
"required": [
"lang",
"value"
],
"additionalProperties": false
]
}
},
"cvssV4_0": {"$ref": "file:imports/cvss/cvss-v4.0.json"},
"cvssV3_1": {"$ref": "file:imports/cvss/cvss-v3.1.json"},
"cvssV3_0": {"$ref": "file:imports/cvss/cvss-v3.0.json"},
"cvssV2_0": {"$ref": "file:imports/cvss/cvss-v2.0.json"},
Expand All @@ -915,15 +894,12 @@
},
"content": {
"type": "object",
"$comment": "additionalProperties are allowed here, since this construct supports arbitrary JSON.",
"description": "JSON object not covered by another metrics format.",
"minProperties": 1
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
}
}
},
"configurations": {
Expand Down Expand Up @@ -976,7 +952,7 @@
],
"properties": {
"time": {
"description": "Timestamp representing when the event in the timeline occurred. The timestamp format is based on RFC3339 and ISO ISO8601, with an optional timezone. yyyy-MM-ddTHH:mm:ss[+-]ZH:ZM - if the timezone offset is not given, GMT (+00:00) is assumed.",
"description": "Timestamp representing when the event in the timeline occurred. The timestamp format is based on RFC3339 and ISO ISO8601, with an optional timezone. yyyy-MM-ddTHH:mm:ssZZZZ - if the timezone offset is not given, GMT (0000) is assumed.",
"$ref": "#/definitions/timestamp"
},
"lang": {
Expand All @@ -989,8 +965,7 @@
"minLength": 1,
"maxLength": 4096
}
},
"additionalProperties": false
}
}
},
"credits": {
Expand Down Expand Up @@ -1032,7 +1007,6 @@
]
}
},
"additionalProperties": false,
"required": [
"lang",
"value"
Expand Down Expand Up @@ -1062,15 +1036,15 @@
"uniqueItems": true,
"items": {
"type": "object",
"description": "A taxonomy mapping object identifies the taxonomy by a name and version (eg., ATT&CK v13.1, CVSS 3.1, CWE 4.12) along with a list of relations relevant to this CVE.",
"description": "",
"required": [
"taxonomyName",
"taxonomyRelations"
],
"properties": {
"taxonomyName": {
"type": "string",
"description": "The name of the taxonomy, eg., ATT&CK, D3FEND, CWE, CVSS",
"description": "The name of the taxonomy.",
"minLength": 1,
"maxLength": 128
},
Expand All @@ -1082,12 +1056,12 @@
},
"taxonomyRelations": {
"type": "array",
"description": "List of relationships to the taxonomy for the vulnerability.",
"description": "",
"minItems": 1,
"uniqueItems": true,
"items": {
"type": "object",
"description": "A relationship between the taxonomy and the CVE or two taxonomy items.",
"description": "List of relationships to the taxonomy for the vulnerability. Relationships can be between the taxonomy and the CVE or two taxonomy items.",
"required": [
"taxonomyId",
"relationshipName",
Expand All @@ -1112,20 +1086,17 @@
"minLength": 1,
"maxLength": 2048
}
},
"additionalProperties": false
}
}
}
},
"additionalProperties": false
}
}
},
"tagExtension": {
"type": "string",
"minLength": 2,
"maxLength": 128,
"pattern": "^x_.*$",
"$comment": "These values are not used as JSON property names, so there is not a need to work-around property naming limitations in some common implementations."
"pattern": "^x_.*$"
},
"cnaTags": {
"type": "array",
Expand Down Expand Up @@ -1164,7 +1135,6 @@
{
"title": "Published",
"description": "When a CNA populates the data associated with a CVE ID as a CVE Record, the state of the CVE Record is Published.",
"type": "object",
"properties": {
"dataType": {
"$ref": "#/definitions/dataType"
Expand Down Expand Up @@ -1202,7 +1172,6 @@
{
"title": "Rejected",
"description": "If the CVE ID and associated CVE Record should no longer be used, the CVE Record is placed in the Rejected state. A Rejected CVE Record remains on the CVE List so that users can know when it is invalid.",
"type": "object",
"properties": {
"dataType": {
"$ref": "#/definitions/dataType"
Expand Down
Loading

0 comments on commit 02b0820

Please sign in to comment.