Updated Computed schema as feedback from Jay Jacobs CERTCC#576

sei-vsarvepalli · Jun 25, 2024 · 222b7d4 · 222b7d4
1 parent 86da372
commit 222b7d4
Show file tree

Hide file tree

Showing 4 changed files with 64 additions and 55 deletions.
diff --git a/data/schema/SSVC_Computed.schema.json b/data/schema/SSVC_Computed.schema.json
@@ -10,10 +10,30 @@
 	    "description": "An optional short vector representation of a SSV computed decision score.  This will be useful in providing permalink and other ways to provide quick read and access to a SSVC decision made"
 
 	},
+	"outcome": {
+	    "description": "This entry provides a list of potential outcomes once a Decision Tree were used to evaluate a vulnerability (or multiple) by a organization/person representing a Role",
+	    "type": "object",
+	    "patternProperties": {
+		".*" : {
+		    "type": "array",
+		    "items": {
+			"type": "string"
+		    }
+		}
+	    },
+	    "maxProperties": 1,
+	    "additionalProperties": false
+	},
 	"options": {
+	    "description": "These entries list the Options that were evaluated by a organization/person representing a Role",
 	    "type": "object",
-	    "items": {
-		"type": "string"
+	    "patternProperties": {
+		".*" : {
+		    "type": "array",
+		    "items": {
+			"type": "string"
+		    }
+		}
 	    },
 	    "minItems": 1,
 	    "uniqueItems": true		

diff --git a/data/schema_examples/Computed-CVE-2014-0751-Coordinator-with-tree.json b/data/schema_examples/Computed-CVE-2014-0751-Coordinator-with-tree.json
@@ -1,31 +1,21 @@
 {
-  "role": "Coordinator",
-  "id": "CVE-2014-0751",
-  "version": "2.0.3",
+    "role": "Coordinator",
+    "id": "CVE-2014-0751",
+    "version": "2.1.3",
     "computed": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2021-09-29T15:29:44Z/",
-    "timestamp":  "2021-09-29T15:29:44Z",
-  "options": [
-    {
-      "Exploitation": "active"
+    "timestamp": "2021-09-29T15:29:44Z",
+    "options": 	{
+	    "Exploitation": ["active"],
+	    "Automatable": ["no"],
+	    "Technical Impact": ["total"],
+	    "Mission Prevalence": ["Minimal"],
+	    "Public Well-being Impact": ["Material"],
+	    "Mission & Well-being": ["medium"]
     },
-    {
-      "Automatable": "no"
+    "outcome": {
+	"Decision": ["Act"]
     },
-    {
-      "Technical Impact": "total"
-    },
-    {
-      "Mission Prevalence": "Minimal"
-    },
-    {
-      "Public Well-being Impact": "Material"
-    },
-    {
-      "Mission & Well-being": "medium"
-    }
-  ],
-  "$schema": "https://democert.org/ssvc/SSVC_Computed_v2.02.schema.json",
-  "decision_tree_url": "https://democert.org/ssvc/CISA-Coordinator-v2.0.3.json",
+    "decision_tree_url": "https://democert.org/ssvc/CISA-Coordinator-v2.0.3.json",
   "decision_tree": {
     "decision_points": [
       {
@@ -546,7 +536,7 @@
       }
     ],
     "lang": "en",
-    "version": "2.0.3",
+    "version": "2.0",
     "title": "CISA Coordinator v2.0.3"
   }
 }
diff --git a/data/schema_examples/Computed-CVE-2014-0751-Coordinator.json b/data/schema_examples/Computed-CVE-2014-0751-Coordinator.json
@@ -1,29 +1,17 @@
 {
     "role": "Coordinator",
     "id": "CVE-2014-0751",
-    "version": "2.0.3",
+    "version": "2.1.3",
     "computed": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2021-09-29T15:29:44Z/",
     "timestamp": "2021-09-29T15:29:44Z",
-    "options": [
-	{
-	    "Exploitation": "active"
-	},
-	{
-	    "Automatable": "no"
-	},
-	{
-	    "Technical Impact": "total"
-	},
-	{
-	    "Mission Prevalence": "Minimal"
-	},
-	{
-	    "Public Well-being Impact": "Material"
-	},
-	{
-	    "Mission & Well-being": "medium"
-	}
-    ],
-    "$schema": "https://democert.org/ssvc/SSVC_Computed_v2.0.3.schema.json",
+    "options": 	{
+	    "Exploitation": ["active"],
+	    "Automatable": ["no"],
+	    "Technical Impact": ["total"],
+	    "Mission Prevalence": ["Minimal"],
+	    "Public Well-being Impact": ["Material"],
+	    "Mission & Well-being": ["medium"]
+    },
+    "outcomes": ["Act"],
     "decision_tree_url": "https://democert.org/ssvc/CISA-Coordinator-v2.0.3.json"
 }
diff --git a/docs/ssvc-calc/ssvc.js b/docs/ssvc-calc/ssvc.js
@@ -302,7 +302,7 @@ function export_json() {
     var tstamp = new Date()
     var oexport = { role: $('.exportActive .exportRole').val() || "Unknown",
 		    id: $('.exportActive .exportId').val() || "Unspecified",
-		    version: "2.0",
+		    version: "2.1.3",
 		    generator: _tool
 		  }
     oexport['computed'] = $('.exportActive .ssvcvector').html();
@@ -315,14 +315,25 @@ function export_json() {
 	final_outcome = $('h4.hfinal').html();
     }
     /* Copy current_score as is to options that were selected */
-    oexport['options'] = current_score;
+    oexport['options'] = {};
+    current_score.forEach( function(x) x {
+	let q = Object.keys(x)[0];
+	oexport['options'][q] = [x[q]]
+    });
+    /* Remove old schema version of scores
+      oexport['options'] = current_score;
+    */
     if(current_score.findIndex(x => final_keyword in x) < 0) {
-	/* Add final_keywrod only if not exists see GitHub issue #190 */
-	var last_option = {};
+	/* Remove final keyword if exists */
+	let last_option = {};
 	last_option[final_keyword] = final_outcome;
-	oexport['options'].push(last_option);
+	if(final_keyword in oexport['options']) {
+	    delete oexport['options'][final_keyword];
+	}
     }
-    oexport['$schema'] = location.origin + location.pathname + current_schema
+    oexport["outcome"] = {};
+    oexport["outcome"][final_keyword] =   [final_outcome];
+    oexport['schema'] = location.origin + location.pathname + current_schema
     oexport['decision_tree_url'] = location.origin + location.pathname +
 	current_tree;
     var a = document.createElement("a")