Skip to content

Commit 19475fd

Browse files
david-waltermiredavid-waltermire
committed
Fixed broken keys.
Updated JSON schema validation github workflow.
1 parent 8fb82e7 commit 19475fd

File tree

2 files changed

+11
-83
lines changed

2 files changed

+11
-83
lines changed

.github/workflows/validate-schema.yml

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,9 @@ on:
88
workflow_dispatch:
99
branches:
1010
- master
11+
env:
12+
CVE_SCHEMA_DIR: schema/v5.0
13+
CVE_SCHEMA_FILENAME: CVE_JSON_5.0.schema
1114
jobs:
1215
verify-json-validation:
1316
runs-on: ubuntu-latest
@@ -16,6 +19,10 @@ jobs:
1619
- name: Install NPM dependencies (i.e., ajv)
1720
run: |
1821
sudo npm install --loglevel verbose -g yargs ajv-formats@"^1.5.x" ajv-cli@"^4.0.x"
22+
# Rename the schema, since AJV doesn't like non-".json" extensions
23+
- name: Rename schema for AJV
24+
run: |
25+
cp "${CVE_SCHEMA_DIR}/${CVE_SCHEMA_FILENAME}" "${CVE_SCHEMA_DIR}/cve-schema.json"
1926
- name: Validate JSON schema
2027
run: |
21-
ajv compile -c ajv-formats -s schema/v5.0/CVE_JSON_5.0.schema
28+
ajv compile -c ajv-formats -s "${CVE_SCHEMA_DIR}/cve-schema.json"

schema/v5.0/CVE_JSON_5.0.schema

Lines changed: 3 additions & 82 deletions
Original file line numberDiff line numberDiff line change
@@ -1032,7 +1032,7 @@
10321032
"taxonomyMappings": {
10331033
"type": "array",
10341034
"description": "List of taxonomy items related to the vulnerability",
1035-
"minitems": 1,
1035+
"minItems": 1,
10361036
"uniqueItems": true,
10371037
"items": {
10381038
"type": "object",
@@ -1057,7 +1057,7 @@
10571057
"taxonomyRelations": {
10581058
"type": "array",
10591059
"description": "",
1060-
"minitems": 1,
1060+
"minItems": 1,
10611061
"uniqueItems": true,
10621062
"items": {
10631063
"type": "object",
@@ -1130,84 +1130,5 @@
11301130
]
11311131
}
11321132
}
1133-
},
1134-
"oneOf": [
1135-
{
1136-
"title": "Published",
1137-
"description": "When a CNA populates the data associated with a CVE ID as a CVE Record, the state of the CVE Record is Published.",
1138-
"properties": {
1139-
"dataType": {
1140-
"$ref": "#/definitions/dataType"
1141-
},
1142-
"dataVersion": {
1143-
"$ref": "#/definitions/dataVersion"
1144-
},
1145-
"cveMetadata": {
1146-
"$ref": "#/definitions/cveMetadataPublished"
1147-
},
1148-
"containers": {
1149-
"$ref": "#/definitions/containers"
1150-
}
1151-
},
1152-
"required": [
1153-
"dataType",
1154-
"dataVersion",
1155-
"cveMetadata",
1156-
"containers"
1157-
],
1158-
"additionalProperties": false
1159-
},
1160-
{
1161-
"title": "Reserved",
1162-
"description": "The initial state for a CVE Record; when the associated CVE ID is Reserved by a CNA.",
1163-
"properties": {
1164-
"dataType": {
1165-
"$ref": "#/definitions/dataType"
1166-
},
1167-
"dataVersion": {
1168-
"$ref": "#/definitions/dataVersion"
1169-
},
1170-
"cveMetadata": {
1171-
"$ref": "#/definitions/cveMetadataReserved"
1172-
},
1173-
"descriptions": {
1174-
"$ref": "#/definitions/descriptions"
1175-
}
1176-
},
1177-
"required": [
1178-
"dataType",
1179-
"dataVersion",
1180-
"cveMetadata"
1181-
],
1182-
"additionalProperties": false
1183-
},
1184-
{
1185-
"title": "Rejected",
1186-
"description": "If the CVE ID and associated CVE Record should no longer be used, the CVE Record is placed in the Rejected state. A Rejected CVE Record remains on the CVE List so that users can know when it is invalid.",
1187-
"properties": {
1188-
"dataType": {
1189-
"$ref": "#/definitions/dataType"
1190-
},
1191-
"dataVersion": {
1192-
"$ref": "#/definitions/dataVersion"
1193-
},
1194-
"cveMetadata": {
1195-
"$ref": "#/definitions/cveMetadataRejected"
1196-
},
1197-
"descriptions": {
1198-
"$ref": "#/definitions/descriptions"
1199-
},
1200-
"replacedBy": {
1201-
"$ref": "#/definitions/replacedBy"
1202-
}
1203-
},
1204-
"required": [
1205-
"dataType",
1206-
"dataVersion",
1207-
"cveMetadata",
1208-
"description"
1209-
],
1210-
"additionalProperties": false
1211-
}
1212-
]
1133+
}
12131134
}

0 commit comments

Comments
 (0)