From 70b3ddf68fee75e6aea9b6e926051270f1eb0b27 Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Fri, 15 Mar 2024 10:20:55 -0400 Subject: [PATCH 1/3] #1204 enabled multipleOfPrecision for validation to address rounding errors --- src/controller/cve.controller/cve.middleware.js | 2 +- src/model/cve.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/controller/cve.controller/cve.middleware.js b/src/controller/cve.controller/cve.middleware.js index f0e8be597..bdac42f50 100644 --- a/src/controller/cve.controller/cve.middleware.js +++ b/src/controller/cve.controller/cve.middleware.js @@ -8,7 +8,7 @@ const cnaContainerSchema = JSON.parse(fs.readFileSync('src/middleware/schemas/5. const logger = require('../../middleware/logger') const Ajv = require('ajv') const addFormats = require('ajv-formats') -const ajv = new Ajv({ allErrors: true }) +const ajv = new Ajv({ allErrors: false, multipleOfPrecision: 6 }) addFormats(ajv) const validateRejected = ajv.compile(RejectedSchema) const validateCnaContainer = ajv.compile(cnaContainerSchema) diff --git a/src/model/cve.js b/src/model/cve.js index 07ce5e26c..eed0b2867 100644 --- a/src/model/cve.js +++ b/src/model/cve.js @@ -6,7 +6,7 @@ const cveSchemaV5 = JSON.parse(fs.readFileSync('src/middleware/schemas/CVE_JSON_ const Ajv = require('ajv') const addFormats = require('ajv-formats') -const ajv = new Ajv({ allErrors: true }) +const ajv = new Ajv({ allErrors: false, multipleOfPrecision: 6, verbose: true }) addFormats(ajv) const validate = ajv.compile(cveSchemaV5) const getConstants = require('../constants').getConstants From defd2b94a0ca1d7c0bc731039edfe2104db053e5 Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Mon, 18 Mar 2024 12:42:42 -0400 Subject: [PATCH 2/3] #1204 removes ajv precision, adds specific enums for CVSS scores in schema --- .../cve.controller/cve.middleware.js | 2 +- .../schemas/5.1_published_cna_container.json | 225 ++++++++++++++++-- .../schemas/CVE_JSON_5.1_bundled.json | 225 ++++++++++++++++-- src/model/cve.js | 2 +- 4 files changed, 422 insertions(+), 32 deletions(-) diff --git a/src/controller/cve.controller/cve.middleware.js b/src/controller/cve.controller/cve.middleware.js index bdac42f50..e5d369b54 100644 --- a/src/controller/cve.controller/cve.middleware.js +++ b/src/controller/cve.controller/cve.middleware.js @@ -8,7 +8,7 @@ const cnaContainerSchema = JSON.parse(fs.readFileSync('src/middleware/schemas/5. const logger = require('../../middleware/logger') const Ajv = require('ajv') const addFormats = require('ajv-formats') -const ajv = new Ajv({ allErrors: false, multipleOfPrecision: 6 }) +const ajv = new Ajv({ allErrors: false }) addFormats(ajv) const validateRejected = ajv.compile(RejectedSchema) const validateCnaContainer = ajv.compile(cnaContainerSchema) diff --git a/src/middleware/schemas/5.1_published_cna_container.json b/src/middleware/schemas/5.1_published_cna_container.json index 57140607f..3d5c76a78 100644 --- a/src/middleware/schemas/5.1_published_cna_container.json +++ b/src/middleware/schemas/5.1_published_cna_container.json @@ -915,9 +915,108 @@ }, "scoreType": { "type": "number", - "minimum": 0, - "maximum": 10, - "multipleOf": 0.1 + "enum": [ + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1.0, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2.0, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3.0, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9, + 4.0, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5.0, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6.0, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9, + 7.0, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8.0, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9, + 9.0, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10.0 + ] }, "noneScoreType": { "type": "number", @@ -926,27 +1025,123 @@ }, "lowScoreType": { "type": "number", - "minimum": 0.1, - "maximum": 3.9, - "multipleOf": 0.1 + "enum": [ + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1.0, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2.0, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3.0, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9 + ] }, "mediumScoreType": { "type": "number", - "minimum": 4, - "maximum": 6.9, - "multipleOf": 0.1 + "enum": [ + 4.0, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5.0, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6.0, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9 + ] }, "highScoreType": { "type": "number", - "minimum": 7, - "maximum": 8.9, - "multipleOf": 0.1 + "enum": [ + 7.0, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8.0, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9 + ] }, "criticalScoreType": { "type": "number", - "minimum": 9, - "maximum": 10, - "multipleOf": 0.1 + "enum": [ + 9.0, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10.0 + ] }, "severityType": { "type": "string", diff --git a/src/middleware/schemas/CVE_JSON_5.1_bundled.json b/src/middleware/schemas/CVE_JSON_5.1_bundled.json index 5b2260829..ba0a77b64 100644 --- a/src/middleware/schemas/CVE_JSON_5.1_bundled.json +++ b/src/middleware/schemas/CVE_JSON_5.1_bundled.json @@ -1233,9 +1233,108 @@ }, "scoreType": { "type": "number", - "minimum": 0, - "maximum": 10, - "multipleOf": 0.1 + "enum": [ + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1.0, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2.0, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3.0, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9, + 4.0, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5.0, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6.0, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9, + 7.0, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8.0, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9, + 9.0, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10.0 + ] }, "noneScoreType": { "type": "number", @@ -1244,27 +1343,123 @@ }, "lowScoreType": { "type": "number", - "minimum": 0.1, - "maximum": 3.9, - "multipleOf": 0.1 + "enum": [ + 0.1, + 0.2, + 0.3, + 0.4, + 0.5, + 0.6, + 0.7, + 0.8, + 0.9, + 1.0, + 1.1, + 1.2, + 1.3, + 1.4, + 1.5, + 1.6, + 1.7, + 1.8, + 1.9, + 2.0, + 2.1, + 2.2, + 2.3, + 2.4, + 2.5, + 2.6, + 2.7, + 2.8, + 2.9, + 3.0, + 3.1, + 3.2, + 3.3, + 3.4, + 3.5, + 3.6, + 3.7, + 3.8, + 3.9 + ] }, "mediumScoreType": { "type": "number", - "minimum": 4, - "maximum": 6.9, - "multipleOf": 0.1 + "enum": [ + 4.0, + 4.1, + 4.2, + 4.3, + 4.4, + 4.5, + 4.6, + 4.7, + 4.8, + 4.9, + 5.0, + 5.1, + 5.2, + 5.3, + 5.4, + 5.5, + 5.6, + 5.7, + 5.8, + 5.9, + 6.0, + 6.1, + 6.2, + 6.3, + 6.4, + 6.5, + 6.6, + 6.7, + 6.8, + 6.9 + ] }, "highScoreType": { "type": "number", - "minimum": 7, - "maximum": 8.9, - "multipleOf": 0.1 + "enum": [ + 7.0, + 7.1, + 7.2, + 7.3, + 7.4, + 7.5, + 7.6, + 7.7, + 7.8, + 7.9, + 8.0, + 8.1, + 8.2, + 8.3, + 8.4, + 8.5, + 8.6, + 8.7, + 8.8, + 8.9 + ] }, "criticalScoreType": { "type": "number", - "minimum": 9, - "maximum": 10, - "multipleOf": 0.1 + "enum": [ + 9.0, + 9.1, + 9.2, + 9.3, + 9.4, + 9.5, + 9.6, + 9.7, + 9.8, + 9.9, + 10.0 + ] }, "severityType": { "type": "string", diff --git a/src/model/cve.js b/src/model/cve.js index eed0b2867..5729f5c94 100644 --- a/src/model/cve.js +++ b/src/model/cve.js @@ -6,7 +6,7 @@ const cveSchemaV5 = JSON.parse(fs.readFileSync('src/middleware/schemas/CVE_JSON_ const Ajv = require('ajv') const addFormats = require('ajv-formats') -const ajv = new Ajv({ allErrors: false, multipleOfPrecision: 6, verbose: true }) +const ajv = new Ajv({ allErrors: false }) addFormats(ajv) const validate = ajv.compile(cveSchemaV5) const getConstants = require('../constants').getConstants From d54c4faa8b7c8aed1250bf610674d1cc42f71493 Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Mon, 18 Mar 2024 13:53:43 -0400 Subject: [PATCH 3/3] #1204 added 0.0 to scoreType enums --- src/middleware/schemas/5.1_published_cna_container.json | 1 + src/middleware/schemas/CVE_JSON_5.1_bundled.json | 1 + 2 files changed, 2 insertions(+) diff --git a/src/middleware/schemas/5.1_published_cna_container.json b/src/middleware/schemas/5.1_published_cna_container.json index 3d5c76a78..005dac39c 100644 --- a/src/middleware/schemas/5.1_published_cna_container.json +++ b/src/middleware/schemas/5.1_published_cna_container.json @@ -916,6 +916,7 @@ "scoreType": { "type": "number", "enum": [ + 0.0, 0.1, 0.2, 0.3, diff --git a/src/middleware/schemas/CVE_JSON_5.1_bundled.json b/src/middleware/schemas/CVE_JSON_5.1_bundled.json index ba0a77b64..ece69ebf7 100644 --- a/src/middleware/schemas/CVE_JSON_5.1_bundled.json +++ b/src/middleware/schemas/CVE_JSON_5.1_bundled.json @@ -1234,6 +1234,7 @@ "scoreType": { "type": "number", "enum": [ + 0.0, 0.1, 0.2, 0.3,