-
Notifications
You must be signed in to change notification settings - Fork 157
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #102 from chandanbn/rc4
CVE JSON schema release candidate 4 documents update.
- Loading branch information
Showing
9 changed files
with
2,317 additions
and
127 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
|
||
package-lock.json | ||
node_modules |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,46 +1 @@ | ||
{ | ||
"dataType": "CVE_RECORD", | ||
"dataVersion": "5.0", | ||
"cveMetadata": { | ||
"id": "CVE-2015-3000", | ||
"assigner": "9a527a5d-c98f-4910-8fa2-f6a927fa3ce3", | ||
"assignerShortName": "mitre", | ||
"state": "PUBLISHED" | ||
}, | ||
"containers": { | ||
"cna": { | ||
"providerMetadata": { | ||
"id": "9a527a5d-c98f-4910-8fa2-f6a927fa3ce3" | ||
}, | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringresponse, or (3) /androidactions, aka an XML Entity Expansion (XEE) attack." | ||
} | ||
], | ||
"affected": { | ||
"vendors": [ | ||
{ | ||
"vendorName": "SysAid", | ||
"products": [ | ||
{ | ||
"productName": "SysAid Help Desk", | ||
"versions": [ | ||
{ | ||
"versionAffected": "<", | ||
"versionValue": "15.2" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
] | ||
}, | ||
"references": [ | ||
{ | ||
"url": "https://seclists.org/fulldisclosure/2015/Jun/8" | ||
} | ||
] | ||
} | ||
} | ||
} | ||
["to be generated"] |
Large diffs are not rendered by default.
Oops, something went wrong.
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,7 @@ | ||
#!/bin/bash | ||
cd ../../ | ||
sed s/file\://g CVE_JSON_5.0.schema > tmp.json | generate-schema-doc --minify tmp.json docs/index.html | ||
sed 's/file\://g' CVE_JSON_5.0.schema > tmp.json | generate-schema-doc --minify tmp.json docs/index.html | ||
perl -pi -e 's/<svg.*?<\/svg>/>/g' docs/index.html | ||
node support/schema2markmap/index.js tmp.json | ||
rm tmp.json | ||
cat support/docs/css_override.css >> docs/schema_doc.css |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
// Author: Chandan BN (c) 2021 | ||
// (1) convert CVE JSON schema to a mindmap | ||
// (2) creates a bundled schema | ||
|
||
var ml = require('markmap-lib') | ||
var Transformer = ml.Transformer; | ||
var fillTemplate = ml.fillTemplate; | ||
var sw = require('@cloudflare/json-schema-walker'); | ||
var rp = require('json-schema-ref-parser'); | ||
var fold = ['metrics', 'cvssV3_1', 'cvssV3_0', 'cvssV2_0', 'supportingMedia', | ||
'tags', 'impacts', 'configurations', 'workarounds', 'solutions', 'exploits', | ||
'timeline', 'credits', 'tags', 'taxonomyMappings', 'adp']; | ||
var symbol = { object: '', array: '[]', string: '', boolean: '☯', number: '', integer: '', undefined: '' }; | ||
const fs = require('fs'); | ||
var markmap = require('markmap-view'); | ||
const { Markmap, loadCSS, loadJS } = markmap; | ||
|
||
let forDeletion = ['properties', 'items', 'anyOf', 'allOf', 'oneOf']; | ||
|
||
var markdown = ''; | ||
|
||
function postfunc(obj, path, parent, parentPath) { | ||
if (path[1] && isNaN(path[1])) { | ||
var depth = parentPath.filter(i => !forDeletion.includes(i)).length; | ||
var reqStart = ""; | ||
var reqEnd = ""; | ||
|
||
if (parent?.required?.includes(path[1])) { | ||
reqStart = "<b>"; | ||
reqEnd = "</b>"; | ||
} | ||
markdown += (" ".repeat(depth) | ||
+ "* " + reqStart + path[1] + reqEnd | ||
+ ' ' + (fold.includes(path[1]) ? '<!-- fold -->' : '') | ||
+ symbol[obj.type] | ||
+ (obj.examples ? 'e.g., `' + obj.examples[0] + '`' : '') | ||
+ (obj.enum ? '`' + obj.enum.join('` `') + '`' : '')) | ||
+ '\n'; | ||
} | ||
} | ||
|
||
async function schemaMindMap() { | ||
var cveSchema = await rp.dereference(process.argv[2]); | ||
markdown += "## Published <style>b {font-weight:800}</style>\n"; | ||
sw.schemaWalk(cveSchema.oneOf[0], postfunc, null); | ||
|
||
markdown += "## Reserved <style>b {font-weight:800}</style>\n"; | ||
sw.schemaWalk(cveSchema.oneOf[1], postfunc, null); | ||
|
||
markdown += "## Rejected <style>b {font-weight:800}</style>\n"; | ||
sw.schemaWalk(cveSchema.oneOf[2], postfunc, null); | ||
|
||
const transformer = new Transformer(); | ||
|
||
// transform markdown | ||
const { root, features } = transformer.transform(markdown); | ||
|
||
// get assets required by used features | ||
var assets = transformer.getUsedAssets(features); | ||
|
||
// create mindmap html | ||
var html = fillTemplate(root, assets); | ||
html = html.replace('<title>Markmap</title>', '<title>CVE JSON v5 Mindmap</title>') | ||
|
||
try { | ||
var cveSchemaBundle = await rp.bundle(process.argv[2]); | ||
fs.writeFileSync('docs/CVE_JSON_5.0_bundled.schema', JSON.stringify(cveSchemaBundle, null, 2)); | ||
fs.writeFileSync('docs/mindmap.html', html); | ||
} catch (err) { | ||
console.error(err) | ||
} | ||
} | ||
|
||
var markdown = "# CVE JSON Record\n"; | ||
schemaMindMap(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
{ | ||
"name": "schema2markmap", | ||
"version": "1.0.0", | ||
"description": "Convert CVE JSON schema to a Mardkdown document suitable for use with Markmap.js", | ||
"main": "index.js", | ||
"scripts": { | ||
"test": "echo \"Error: no test specified\" && exit 1" | ||
}, | ||
"repository": { | ||
"type": "git", | ||
"url": "https://github.com/CVEProject/cve-schema/tree/master/schema/v5.0/support" | ||
}, | ||
"keywords": [ | ||
"JSON", | ||
"Schema", | ||
"Markdown", | ||
"Markmap" | ||
], | ||
"author": "Chandan B.N.", | ||
"license": "CC0-1.0", | ||
"dependencies": { | ||
"@cloudflare/json-schema-walker": "^0.1.1", | ||
"json-schema-ref-parser": "^9.0.9", | ||
"markmap-lib": "^0.11.6", | ||
"markmap-view": "^0.2.6" | ||
} | ||
} |