diff --git a/data/schema/SSVC_Computed.schema.json b/data/schema/SSVC_Computed.schema.json index 1fa214c3..9f8e7f25 100644 --- a/data/schema/SSVC_Computed.schema.json +++ b/data/schema/SSVC_Computed.schema.json @@ -10,10 +10,30 @@ "description": "An optional short vector representation of a SSV computed decision score. This will be useful in providing permalink and other ways to provide quick read and access to a SSVC decision made" }, + "outcome": { + "description": "This entry provides a list of potential outcomes once a Decision Tree were used to evaluate a vulnerability (or multiple) by a organization/person representing a Role", + "type": "object", + "patternProperties": { + ".*" : { + "type": "array", + "items": { + "type": "string" + } + } + }, + "maxProperties": 1, + "additionalProperties": false + }, "options": { + "description": "These entries list the Options that were evaluated by a organization/person representing a Role", "type": "object", - "items": { - "type": "string" + "patternProperties": { + ".*" : { + "type": "array", + "items": { + "type": "string" + } + } }, "minItems": 1, "uniqueItems": true diff --git a/data/schema_examples/Computed-CVE-2014-0751-Coordinator-with-tree.json b/data/schema_examples/Computed-CVE-2014-0751-Coordinator-with-tree.json index d7896c88..c7a80933 100644 --- a/data/schema_examples/Computed-CVE-2014-0751-Coordinator-with-tree.json +++ b/data/schema_examples/Computed-CVE-2014-0751-Coordinator-with-tree.json @@ -1,31 +1,21 @@ { - "role": "Coordinator", - "id": "CVE-2014-0751", - "version": "2.0.3", + "role": "Coordinator", + "id": "CVE-2014-0751", + "version": "2.1.3", "computed": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2021-09-29T15:29:44Z/", - "timestamp": "2021-09-29T15:29:44Z", - "options": [ - { - "Exploitation": "active" + "timestamp": "2021-09-29T15:29:44Z", + "options": { + "Exploitation": ["active"], + "Automatable": ["no"], + "Technical Impact": ["total"], + "Mission Prevalence": ["Minimal"], + "Public Well-being Impact": ["Material"], + "Mission & Well-being": ["medium"] }, - { - "Automatable": "no" + "outcome": { + "Decision": ["Act"] }, - { - "Technical Impact": "total" - }, - { - "Mission Prevalence": "Minimal" - }, - { - "Public Well-being Impact": "Material" - }, - { - "Mission & Well-being": "medium" - } - ], - "$schema": "https://democert.org/ssvc/SSVC_Computed_v2.02.schema.json", - "decision_tree_url": "https://democert.org/ssvc/CISA-Coordinator-v2.0.3.json", + "decision_tree_url": "https://democert.org/ssvc/CISA-Coordinator-v2.0.3.json", "decision_tree": { "decision_points": [ { @@ -546,7 +536,7 @@ } ], "lang": "en", - "version": "2.0.3", + "version": "2.0", "title": "CISA Coordinator v2.0.3" } } diff --git a/data/schema_examples/Computed-CVE-2014-0751-Coordinator.json b/data/schema_examples/Computed-CVE-2014-0751-Coordinator.json index b75aa68b..ec75a4c9 100644 --- a/data/schema_examples/Computed-CVE-2014-0751-Coordinator.json +++ b/data/schema_examples/Computed-CVE-2014-0751-Coordinator.json @@ -1,29 +1,17 @@ { "role": "Coordinator", "id": "CVE-2014-0751", - "version": "2.0.3", + "version": "2.1.3", "computed": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2021-09-29T15:29:44Z/", "timestamp": "2021-09-29T15:29:44Z", - "options": [ - { - "Exploitation": "active" - }, - { - "Automatable": "no" - }, - { - "Technical Impact": "total" - }, - { - "Mission Prevalence": "Minimal" - }, - { - "Public Well-being Impact": "Material" - }, - { - "Mission & Well-being": "medium" - } - ], - "$schema": "https://democert.org/ssvc/SSVC_Computed_v2.0.3.schema.json", + "options": { + "Exploitation": ["active"], + "Automatable": ["no"], + "Technical Impact": ["total"], + "Mission Prevalence": ["Minimal"], + "Public Well-being Impact": ["Material"], + "Mission & Well-being": ["medium"] + }, + "outcomes": ["Act"], "decision_tree_url": "https://democert.org/ssvc/CISA-Coordinator-v2.0.3.json" } diff --git a/docs/ssvc-calc/ssvc.js b/docs/ssvc-calc/ssvc.js index 812bf022..005604f5 100644 --- a/docs/ssvc-calc/ssvc.js +++ b/docs/ssvc-calc/ssvc.js @@ -302,7 +302,7 @@ function export_json() { var tstamp = new Date() var oexport = { role: $('.exportActive .exportRole').val() || "Unknown", id: $('.exportActive .exportId').val() || "Unspecified", - version: "2.0", + version: "2.1.3", generator: _tool } oexport['computed'] = $('.exportActive .ssvcvector').html(); @@ -315,14 +315,25 @@ function export_json() { final_outcome = $('h4.hfinal').html(); } /* Copy current_score as is to options that were selected */ - oexport['options'] = current_score; + oexport['options'] = {}; + current_score.forEach( function(x) x { + let q = Object.keys(x)[0]; + oexport['options'][q] = [x[q]] + }); + /* Remove old schema version of scores + oexport['options'] = current_score; + */ if(current_score.findIndex(x => final_keyword in x) < 0) { - /* Add final_keywrod only if not exists see GitHub issue #190 */ - var last_option = {}; + /* Remove final keyword if exists */ + let last_option = {}; last_option[final_keyword] = final_outcome; - oexport['options'].push(last_option); + if(final_keyword in oexport['options']) { + delete oexport['options'][final_keyword]; + } } - oexport['$schema'] = location.origin + location.pathname + current_schema + oexport["outcome"] = {}; + oexport["outcome"][final_keyword] = [final_outcome]; + oexport['schema'] = location.origin + location.pathname + current_schema oexport['decision_tree_url'] = location.origin + location.pathname + current_tree; var a = document.createElement("a")