Skip to content

Commit

Permalink
Merge pull request #102 from chandanbn/rc4
Browse files Browse the repository at this point in the history
CVE JSON schema release candidate 4 documents update.
  • Loading branch information
chandanbn authored Aug 27, 2021
2 parents 16cb1e9 + a6b7b6b commit a964092
Show file tree
Hide file tree
Showing 9 changed files with 2,317 additions and 127 deletions.
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@

package-lock.json
node_modules
4 changes: 2 additions & 2 deletions schema/v5.0/CVE_JSON_5.0.schema
Original file line number Diff line number Diff line change
Expand Up @@ -312,11 +312,11 @@
]
},
"lessThan": {
"description": "The non-inclusive upper limit of the range. This is the least version NOT in the range. The usual version syntax is expanded to allow a pattern to end in an asterisk (*), indicating an arbitrarily large number in the version ordering. For example, {version: 1.0 lessThan: 1.*} would describe the entire 1.X branch for most range kinds, and {version: 2.0, lessThan: *} describes all versions starting at 2.0, including 3.0, 5.1, and so on. Only one of lessThan and lessThanOrEqual should be specified.",
"description": "The non-inclusive upper limit of the range. This is the least version NOT in the range. The usual version syntax is expanded to allow a pattern to end in an asterisk `(*)`, indicating an arbitrarily large number in the version ordering. For example, `{version: 1.0 lessThan: 1.*}` would describe the entire 1.X branch for most range kinds, and `{version: 2.0, lessThan: *}` describes all versions starting at 2.0, including 3.0, 5.1, and so on. Only one of lessThan and lessThanOrEqual should be specified.",
"$ref": "#/definitions/version"
},
"lessThanOrEqual": {
"description": "The inclusive upper limit of the range. This is the greatest version contained in the range. Only one of lessThan and lessThanOrEqual should be specified. For example, {version: 1.0, lessThanOrEqual: 1.3} covers all versions from 1.0 up to and including 1.3.",
"description": "The inclusive upper limit of the range. This is the greatest version contained in the range. Only one of lessThan and lessThanOrEqual should be specified. For example, `{version: 1.0, lessThanOrEqual: 1.3}` covers all versions from 1.0 up to and including 1.3.",
"$ref": "#/definitions/version"
},
"changes": {
Expand Down
2,101 changes: 2,101 additions & 0 deletions schema/v5.0/docs/CVE_JSON_5.0_bundled.schema

Large diffs are not rendered by default.

47 changes: 1 addition & 46 deletions schema/v5.0/docs/basic-example.json
Original file line number Diff line number Diff line change
@@ -1,46 +1 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.0",
"cveMetadata": {
"id": "CVE-2015-3000",
"assigner": "9a527a5d-c98f-4910-8fa2-f6a927fa3ce3",
"assignerShortName": "mitre",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"id": "9a527a5d-c98f-4910-8fa2-f6a927fa3ce3"
},
"descriptions": [
{
"lang": "en",
"value": "SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringresponse, or (3) /androidactions, aka an XML Entity Expansion (XEE) attack."
}
],
"affected": {
"vendors": [
{
"vendorName": "SysAid",
"products": [
{
"productName": "SysAid Help Desk",
"versions": [
{
"versionAffected": "<",
"versionValue": "15.2"
}
]
}
]
}
]
},
"references": [
{
"url": "https://seclists.org/fulldisclosure/2015/Jun/8"
}
]
}
}
}
["to be generated"]
174 changes: 98 additions & 76 deletions schema/v5.0/docs/index.html

Large diffs are not rendered by default.

9 changes: 7 additions & 2 deletions schema/v5.0/docs/mindmap.html

Large diffs are not rendered by default.

4 changes: 3 additions & 1 deletion schema/v5.0/support/docs/docs.sh
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
#!/bin/bash
cd ../../
sed s/file\://g CVE_JSON_5.0.schema > tmp.json | generate-schema-doc --minify tmp.json docs/index.html
sed 's/file\://g' CVE_JSON_5.0.schema > tmp.json | generate-schema-doc --minify tmp.json docs/index.html
perl -pi -e 's/<svg.*?<\/svg>/&gt;/g' docs/index.html
node support/schema2markmap/index.js tmp.json
rm tmp.json
cat support/docs/css_override.css >> docs/schema_doc.css
75 changes: 75 additions & 0 deletions schema/v5.0/support/schema2markmap/index.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
// Author: Chandan BN (c) 2021
// (1) convert CVE JSON schema to a mindmap
// (2) creates a bundled schema

var ml = require('markmap-lib')
var Transformer = ml.Transformer;
var fillTemplate = ml.fillTemplate;
var sw = require('@cloudflare/json-schema-walker');
var rp = require('json-schema-ref-parser');
var fold = ['metrics', 'cvssV3_1', 'cvssV3_0', 'cvssV2_0', 'supportingMedia',
'tags', 'impacts', 'configurations', 'workarounds', 'solutions', 'exploits',
'timeline', 'credits', 'tags', 'taxonomyMappings', 'adp'];
var symbol = { object: '', array: '[]', string: '', boolean: '☯', number: '', integer: '', undefined: '' };
const fs = require('fs');
var markmap = require('markmap-view');
const { Markmap, loadCSS, loadJS } = markmap;

let forDeletion = ['properties', 'items', 'anyOf', 'allOf', 'oneOf'];

var markdown = '';

function postfunc(obj, path, parent, parentPath) {
if (path[1] && isNaN(path[1])) {
var depth = parentPath.filter(i => !forDeletion.includes(i)).length;
var reqStart = "";
var reqEnd = "";

if (parent?.required?.includes(path[1])) {
reqStart = "<b>";
reqEnd = "</b>";
}
markdown += (" ".repeat(depth)
+ "* " + reqStart + path[1] + reqEnd
+ ' ' + (fold.includes(path[1]) ? '<!-- fold -->' : '')
+ symbol[obj.type]
+ (obj.examples ? 'e.g., `' + obj.examples[0] + '`' : '')
+ (obj.enum ? '`' + obj.enum.join('` `') + '`' : ''))
+ '\n';
}
}

async function schemaMindMap() {
var cveSchema = await rp.dereference(process.argv[2]);
markdown += "## Published <style>b {font-weight:800}</style>\n";
sw.schemaWalk(cveSchema.oneOf[0], postfunc, null);

markdown += "## Reserved <style>b {font-weight:800}</style>\n";
sw.schemaWalk(cveSchema.oneOf[1], postfunc, null);

markdown += "## Rejected <style>b {font-weight:800}</style>\n";
sw.schemaWalk(cveSchema.oneOf[2], postfunc, null);

const transformer = new Transformer();

// transform markdown
const { root, features } = transformer.transform(markdown);

// get assets required by used features
var assets = transformer.getUsedAssets(features);

// create mindmap html
var html = fillTemplate(root, assets);
html = html.replace('<title>Markmap</title>', '<title>CVE JSON v5 Mindmap</title>')

try {
var cveSchemaBundle = await rp.bundle(process.argv[2]);
fs.writeFileSync('docs/CVE_JSON_5.0_bundled.schema', JSON.stringify(cveSchemaBundle, null, 2));
fs.writeFileSync('docs/mindmap.html', html);
} catch (err) {
console.error(err)
}
}

var markdown = "# CVE JSON Record\n";
schemaMindMap();
27 changes: 27 additions & 0 deletions schema/v5.0/support/schema2markmap/package.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
{
"name": "schema2markmap",
"version": "1.0.0",
"description": "Convert CVE JSON schema to a Mardkdown document suitable for use with Markmap.js",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"repository": {
"type": "git",
"url": "https://github.com/CVEProject/cve-schema/tree/master/schema/v5.0/support"
},
"keywords": [
"JSON",
"Schema",
"Markdown",
"Markmap"
],
"author": "Chandan B.N.",
"license": "CC0-1.0",
"dependencies": {
"@cloudflare/json-schema-walker": "^0.1.1",
"json-schema-ref-parser": "^9.0.9",
"markmap-lib": "^0.11.6",
"markmap-view": "^0.2.6"
}
}

0 comments on commit a964092

Please sign in to comment.