Merge pull request #102 from chandanbn/rc4

CVE JSON schema release candidate 4 documents update.

Author: chandanbn

.gitignore

@@ -0,0 +1,3 @@
+
+package-lock.json
+node_modules

schema/v5.0/CVE_JSON_5.0.schema

@@ -312,11 +312,11 @@
                                 ]
                             },
                             "lessThan": {
-                                "description": "The non-inclusive upper limit of the range. This is the least version NOT in the range. The usual version syntax is expanded to allow a pattern to end in an asterisk (*), indicating an arbitrarily large number in the version ordering. For example, {version: 1.0 lessThan: 1.*} would describe the entire 1.X branch for most range kinds, and {version: 2.0, lessThan: *} describes all versions starting at 2.0, including 3.0, 5.1, and so on. Only one of lessThan and lessThanOrEqual should be specified.",
+                                "description": "The non-inclusive upper limit of the range. This is the least version NOT in the range. The usual version syntax is expanded to allow a pattern to end in an asterisk `(*)`, indicating an arbitrarily large number in the version ordering. For example, `{version: 1.0 lessThan: 1.*}` would describe the entire 1.X branch for most range kinds, and `{version: 2.0, lessThan: *}` describes all versions starting at 2.0, including 3.0, 5.1, and so on. Only one of lessThan and lessThanOrEqual should be specified.",
                                 "$ref": "#/definitions/version"
                             },
                             "lessThanOrEqual": {
-                                "description": "The inclusive upper limit of the range. This is the greatest version contained in the range. Only one of lessThan and lessThanOrEqual should be specified. For example, {version: 1.0, lessThanOrEqual: 1.3} covers all versions from 1.0 up to and including 1.3.",
+                                "description": "The inclusive upper limit of the range. This is the greatest version contained in the range. Only one of lessThan and lessThanOrEqual should be specified. For example, `{version: 1.0, lessThanOrEqual: 1.3}` covers all versions from 1.0 up to and including 1.3.",
                                 "$ref": "#/definitions/version"
                             },
                             "changes": {

schema/v5.0/docs/CVE_JSON_5.0_bundled.schema

@@ -1,46 +1 @@
-{
-    "dataType": "CVE_RECORD",
-    "dataVersion": "5.0",
-    "cveMetadata": {
-        "id": "CVE-2015-3000",
-        "assigner": "9a527a5d-c98f-4910-8fa2-f6a927fa3ce3",
-        "assignerShortName": "mitre",
-        "state": "PUBLISHED"
-    },
-    "containers": {
-        "cna": {
-            "providerMetadata": {
-                "id": "9a527a5d-c98f-4910-8fa2-f6a927fa3ce3"
-            },
-            "descriptions": [
-                {
-                    "lang": "en",
-                    "value": "SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringresponse, or (3) /androidactions, aka an XML Entity Expansion (XEE) attack."
-                }
-            ],
-            "affected": {
-                "vendors": [
-                    {
-                        "vendorName": "SysAid",
-                        "products": [
-                            {
-                                "productName": "SysAid Help Desk",
-                                "versions": [
-                                    {
-                                        "versionAffected": "<",
-                                        "versionValue": "15.2"
-                                    }
-                                ]
-                            }
-                        ]
-                    }
-                ]
-            },
-            "references": [
-                {
-                    "url": "https://seclists.org/fulldisclosure/2015/Jun/8"
-                }
-            ]
-        }
-    }
-}
+["to be generated"]

schema/v5.0/docs/basic-example.json

@@ -1,5 +1,7 @@
 #!/bin/bash
 cd ../../
-sed s/file\://g CVE_JSON_5.0.schema > tmp.json | generate-schema-doc --minify tmp.json docs/index.html
+sed 's/file\://g' CVE_JSON_5.0.schema > tmp.json | generate-schema-doc --minify tmp.json docs/index.html
+perl -pi -e 's/<svg.*?<\/svg>/&gt;/g' docs/index.html
+node support/schema2markmap/index.js tmp.json
 rm tmp.json
 cat support/docs/css_override.css >> docs/schema_doc.css

schema/v5.0/docs/index.html

@@ -0,0 +1,75 @@
+// Author: Chandan BN (c) 2021
+//   (1) convert CVE JSON schema to a mindmap
+//   (2) creates a bundled schema
+
+var ml = require('markmap-lib')
+var Transformer = ml.Transformer;
+var fillTemplate = ml.fillTemplate;
+var sw = require('@cloudflare/json-schema-walker');
+var rp = require('json-schema-ref-parser');
+var fold = ['metrics', 'cvssV3_1', 'cvssV3_0', 'cvssV2_0', 'supportingMedia',
+  'tags', 'impacts', 'configurations', 'workarounds', 'solutions', 'exploits',
+  'timeline', 'credits', 'tags', 'taxonomyMappings', 'adp'];
+var symbol = { object: '', array: '[]', string: '', boolean: '☯', number: '', integer: '', undefined: '' };
+const fs = require('fs');
+var markmap = require('markmap-view');
+const { Markmap, loadCSS, loadJS } = markmap;
+
+let forDeletion = ['properties', 'items', 'anyOf', 'allOf', 'oneOf'];
+
+var markdown = '';
+
+function postfunc(obj, path, parent, parentPath) {
+  if (path[1] && isNaN(path[1])) {
+    var depth = parentPath.filter(i => !forDeletion.includes(i)).length;
+    var reqStart = "";
+    var reqEnd = "";
+
+    if (parent?.required?.includes(path[1])) {
+      reqStart = "<b>";
+      reqEnd = "</b>";
+    }
+    markdown += ("  ".repeat(depth)
+      + "* " + reqStart + path[1] + reqEnd
+      + ' ' + (fold.includes(path[1]) ? '<!-- fold -->' : '')
+      + symbol[obj.type]
+      + (obj.examples ? 'e.g., `' + obj.examples[0] + '`' : '')
+      + (obj.enum ? '`' + obj.enum.join('` `') + '`' : ''))
+      + '\n';
+  }
+}
+
+async function schemaMindMap() {
+  var cveSchema = await rp.dereference(process.argv[2]);
+  markdown += "## Published <style>b {font-weight:800}</style>\n";
+  sw.schemaWalk(cveSchema.oneOf[0], postfunc, null);
+
+  markdown += "## Reserved <style>b {font-weight:800}</style>\n";
+  sw.schemaWalk(cveSchema.oneOf[1], postfunc, null);
+
+  markdown += "## Rejected <style>b {font-weight:800}</style>\n";
+  sw.schemaWalk(cveSchema.oneOf[2], postfunc, null);
+
+  const transformer = new Transformer();
+
+  // transform markdown
+  const { root, features } = transformer.transform(markdown);
+
+  // get assets required by used features
+  var assets = transformer.getUsedAssets(features);
+
+  // create mindmap html
+  var html = fillTemplate(root, assets);
+  html = html.replace('<title>Markmap</title>', '<title>CVE JSON v5 Mindmap</title>')
+
+  try {
+    var cveSchemaBundle = await rp.bundle(process.argv[2]);
+    fs.writeFileSync('docs/CVE_JSON_5.0_bundled.schema', JSON.stringify(cveSchemaBundle, null, 2));
+    fs.writeFileSync('docs/mindmap.html', html);
+  } catch (err) {
+    console.error(err)
+  }
+}
+
+var markdown = "# CVE JSON Record\n";
+schemaMindMap();

schema/v5.0/docs/mindmap.html

@@ -0,0 +1,27 @@
+{
+  "name": "schema2markmap",
+  "version": "1.0.0",
+  "description": "Convert CVE JSON schema to a Mardkdown document suitable for use with Markmap.js",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/CVEProject/cve-schema/tree/master/schema/v5.0/support"
+  },
+  "keywords": [
+    "JSON",
+    "Schema",
+    "Markdown",
+    "Markmap"
+  ],
+  "author": "Chandan B.N.",
+  "license": "CC0-1.0",
+  "dependencies": {
+    "@cloudflare/json-schema-walker": "^0.1.1",
+    "json-schema-ref-parser": "^9.0.9",
+    "markmap-lib": "^0.11.6",
+    "markmap-view": "^0.2.6"
+  }
+}