Skip to content

Commit

Permalink
Merge pull request #839 from oasis-tcs/editor-revision-2024-11-27
Browse files Browse the repository at this point in the history 
Editor revision for TC meeting 2024-11-27
  • Loading branch information
@tschmidtb51
tschmidtb51 authored Jan 13, 2025
2 parents bdc6fd7 + 0c478eb commit 6dcea01
Show file tree
Hide file tree
Showing 63 changed files with 3,424 additions and 749 deletions.
31 changes: 31 additions & 0 deletions csaf_2.1/json_schema/csaf_json_schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -581,6 +581,37 @@
"tlp"
],
"properties": {
"sharing_group": {
"title": "Sharing Group",
"description": "Contains information about the group this document is intended to be shared with.",
"type": "object",
"required": [
"id"
],
"properties": {
"id": {
"title": "Sharing Group ID",
"description": "Provides the unique ID for the sharing group.",
"type": "string",
"format": "uuid",
"pattern": "^(([0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[0-9a-f]{4}-[0-9a-f]{12})|([0]{8}-([0]{4}-){3}[0]{12})|([f]{8}-([f]{4}-){3}[f]{12}))$"
},
"name": {
"title": "Sharing Group Name",
"description": "Contains a human-readable name for the sharing group.",
"type": "string",
"minLength": 1,
"examples": [
"Customer A",
"ISAC members",
"NIS2 regulated important entities in Germany, sector water",
"Pre-Sharing group for advisory discussion",
"Users of Product A",
"US Federal Civilian Authorities"
]
}
}
},
"text": {
"title": "Textual description",
"description": "Provides a textual description of additional constraints.",
Expand Down
5 changes: 5 additions & 0 deletions csaf_2.1/prose/edit/etc/bind.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,11 @@ tests-01-mndtr-33-multiple-flags-with-vex-justification-codes-per-product.md
tests-01-mndtr-34-branches-recursion-depth.md
tests-01-mndtr-35-contradicting-remediations.md
tests-01-mndtr-36-contradicting-product-status-remediation-combination.md
tests-01-mndtr-37-date-and-time.md
tests-01-mndtr-38-non-public-sharing-group-with-max-uuid.md
tests-01-mndtr-39-public-sharing-group-with-no-max-uuid.md
tests-01-mndtr-40-invalid-sharing-group-name.md
tests-01-mndtr-41-missing-sharing-group-name.md
tests-02-optional.md
tests-03-informative.md
distributing.md
Expand Down
259 changes: 134 additions & 125 deletions csaf_2.1/prose/edit/etc/example-global-to-local.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,130 +31,139 @@
"29": "version-type-semantic-versioning-eg-6",
"30": "document-property-aggregate-severity-eg-1",
"31": "document-property-category-eg-1",
"32": "document-property-distribution-text-eg-1",
"33": "document-property-distribution-tlp-eg-1",
"34": "document-property-publisher-contact-details-eg-1",
"35": "document-property-publisher-name-eg-1",
"36": "document-property-publisher-namespace-eg-1",
"37": "document-property-title-eg-1",
"38": "document-property-tracking-aliases-eg-1",
"39": "document-property-tracking-generator-eg-1",
"40": "document-property-tracking-generator-eg-2",
"41": "document-property-tracking-id-eg-1",
"42": "product-tree-property-product-groups-eg-1",
"43": "product-tree-property-relationships-eg-1",
"44": "vulnerabilities-property-cwes-eg-1",
"45": "vulnerabilities-property-cwes-eg-2",
"46": "vulnerabilities-property-cwes-eg-3",
"47": "vulnerabilities-property-ids-eg-1",
"48": "vulnerabilities-property-ids-eg-2",
"49": "filename-eg-1",
"50": "filename-eg-2",
"51": "missing-definition-of-product-id-eg-1",
"52": "multiple-definition-of-product-id-eg-1",
"53": "circular-definition-of-product-id-eg-1",
"54": "missing-definition-of-product-group-id-eg-1",
"55": "multiple-definition-of-product-group-id-eg-1",
"56": "contradicting-product-status-eg-1",
"57": "multiple-scores-with-same-version-per-product-eg-1",
"58": "invalid-cvss-eg-1",
"59": "invalid-cvss-computation-eg-1",
"60": "inconsistent-cvss-eg-1",
"61": "cwe-eg-1",
"62": "language-eg-1",
"63": "purl-eg-1",
"64": "sorted-revision-history-eg-1",
"65": "translator-eg-1",
"66": "latest-document-version-eg-1",
"67": "document-status-draft-eg-1",
"68": "released-revision-history-eg-1",
"69": "revision-history-entries-for-pre-release-versions-eg-1",
"70": "non-draft-document-version-eg-1",
"71": "missing-item-in-revision-history-eg-1",
"72": "multiple-definition-in-revision-history-eg-1",
"73": "multiple-use-of-same-cve-eg-1",
"74": "multiple-definition-in-involvements-eg-1",
"75": "multiple-use-of-same-hash-algorithm-eg-1",
"76": "prohibited-document-category-name-eg-1",
"77": "prohibited-document-category-name-eg-2",
"78": "document-notes-eg-1",
"79": "document-references-eg-1",
"80": "vulnerabilities-for-informational-advisory-eg-1",
"81": "product-tree-eg-1",
"82": "vulnerability-notes-eg-1",
"83": "product-status-eg-1",
"84": "vex-product-status-eg-1",
"85": "vulnerability-id-eg-1",
"86": "impact-statement-eg-1",
"87": "action-statement-eg-1",
"88": "vulnerabilities-for-security-advisory-or-vex-eg-1",
"89": "translation-eg-1",
"90": "remediation-without-product-reference-eg-1",
"91": "mixed-integer-and-semantic-versioning-eg-1",
"92": "version-range-in-product-version-eg-1",
"93": "flag-without-product-reference-eg-1",
"94": "multiple-flags-with-vex-justification-codes-per-product-eg-1",
"95": "mandatory-tests--branches-recursion-depth-eg-1",
"96": "contradicting-remediations-eg-1",
"97": "contradicting-product-status-remediation-combination-eg-1",
"32": "document-property-distribution-eg-1",

"98": "unused-definition-of-product-id-eg-1",
"99": "missing-remediation-eg-1",
"100": "missing-metric-eg-1",
"101": "build-metadata-in-revision-history-eg-1",
"102": "older-initial-release-date-than-revision-history-eg-1",
"103": "older-current-release-date-than-revision-history-eg-1",
"104": "missing-date-in-involvements-eg-1",
"105": "use-of-md5-as-the-only-hash-algorithm-eg-1",
"106": "use-of-sha-1-as-the-only-hash-algorithm-eg-1",
"107": "missing-tlp-label-eg-1",
"108": "missing-canonical-url-eg-1",
"109": "missing-document-language-eg-1",
"110": "optional-tests--sorting-eg-1",
"111": "use-of-private-language-eg-1",
"112": "use-of-default-language-eg-1",
"113": "missing-product-identification-helper-eg-1",
"114": "cve-in-field-ids-eg-1",
"115": "product-version-range-without-vers-eg-1",
"116": "cvss-for-fixed-products-eg-1",
"117": "additional-properties-eg-1",
"118": "same-timestamps-in-revision-history-eg-1",
"119": "document-tracking-id-in-title-eg-1",
"120": "usage-of-deprecated-cwe-eg-1",
"121": "usage-of-non-latest-cwe-version-eg-1",
"122": "usage-of-cwe-not-allowed-for-vulnerability-mapping-eg-1",
"123": "usage-of-cwe-allowed-with-review-for-vulnerability-mapping-eg-1",
"124": "discouraged-product-status-remediation-combination-eg-1",
"125": "use-of-cvss-v2-as-the-only-scoring-system-eg-1",
"126": "use-of-cvss-v3-0-eg-1",
"127": "missing-cve-eg-1",
"128": "missing-cwe-eg-1",
"129": "use-of-short-hash-eg-1",
"130": "use-of-non-self-referencing-urls-failing-to-resolve-eg-1",
"131": "use-of-self-referencing-urls-failing-to-resolve-eg-1",
"132": "spell-check-eg-1",
"133": "branch-categories-eg-1",
"134": "usage-of-product-version-range-eg-1",
"135": "usage-of-v-as-version-indicator-eg-1",
"136": "missing-cvss-v4-0-eg-1",
"137": "requirement-7-provider-metadata-json-eg-1",
"138": "requirement-8-security-txt-eg-1",
"139": "requirement-9-well-known-url-for-provider-metadata-json-eg-1",
"140": "requirement-11-one-folder-per-year-eg-1",
"141": "requirement-12-index-txt-eg-1",
"142": "requirement-13-changes-csv-eg-1",
"143": "requirement-15-rolie-feed-eg-1",
"144": "requirement-16-rolie-service-document-eg-1",
"145": "requirement-17-rolie-category-document-eg-1",
"146": "requirement-17-rolie-category-document-eg-2",
"147": "requirement-17-rolie-category-document-eg-3",
"148": "requirement-18-integrity-eg-1",
"149": "requirement-18-integrity-eg-2",
"150": "requirement-19-signatures-eg-1",
"151": "requirement-21-list-of-csaf-providers-eg-1",
"152": "requirement-23-mirror-eg-1",
"153": "conformance-clause-5-cvrf-csaf-converter-eg-1",
"154": "conformance-clause-5-cvrf-csaf-converter-eg-2",
"155": "conformance-clause-5-cvrf-csaf-converter-eg-3",
"156": "conformance-clause-5-cvrf-csaf-converter-eg-4"
"33": "document-property-distribution-text-eg-1",
"34": "document-property-distribution-tlp-eg-1",
"35": "document-property-publisher-contact-details-eg-1",
"36": "document-property-publisher-name-eg-1",
"37": "document-property-publisher-namespace-eg-1",
"38": "document-property-title-eg-1",
"39": "document-property-tracking-aliases-eg-1",
"40": "document-property-tracking-generator-eg-1",
"41": "document-property-tracking-generator-eg-2",
"42": "document-property-tracking-id-eg-1",
"43": "product-tree-property-product-groups-eg-1",
"44": "product-tree-property-relationships-eg-1",
"45": "vulnerabilities-property-cwes-eg-1",
"46": "vulnerabilities-property-cwes-eg-2",
"47": "vulnerabilities-property-cwes-eg-3",
"48": "vulnerabilities-property-ids-eg-1",
"49": "vulnerabilities-property-ids-eg-2",
"50": "filename-eg-1",
"51": "filename-eg-2",
"52": "missing-definition-of-product-id-eg-1",
"53": "multiple-definition-of-product-id-eg-1",
"54": "circular-definition-of-product-id-eg-1",
"55": "missing-definition-of-product-group-id-eg-1",
"56": "multiple-definition-of-product-group-id-eg-1",
"57": "contradicting-product-status-eg-1",
"58": "multiple-scores-with-same-version-per-product-eg-1",
"59": "invalid-cvss-eg-1",
"60": "invalid-cvss-computation-eg-1",
"61": "inconsistent-cvss-eg-1",
"62": "cwe-eg-1",
"63": "language-eg-1",
"64": "purl-eg-1",
"65": "sorted-revision-history-eg-1",
"66": "translator-eg-1",
"67": "latest-document-version-eg-1",
"68": "document-status-draft-eg-1",
"69": "released-revision-history-eg-1",
"70": "revision-history-entries-for-pre-release-versions-eg-1",
"71": "non-draft-document-version-eg-1",
"72": "missing-item-in-revision-history-eg-1",
"73": "multiple-definition-in-revision-history-eg-1",
"74": "multiple-use-of-same-cve-eg-1",
"75": "multiple-definition-in-involvements-eg-1",
"76": "multiple-use-of-same-hash-algorithm-eg-1",
"77": "prohibited-document-category-name-eg-1",
"78": "prohibited-document-category-name-eg-2",
"79": "document-notes-eg-1",
"80": "document-references-eg-1",
"81": "vulnerabilities-for-informational-advisory-eg-1",
"82": "product-tree-eg-1",
"83": "vulnerability-notes-eg-1",
"84": "product-status-eg-1",
"85": "vex-product-status-eg-1",
"86": "vulnerability-id-eg-1",
"87": "impact-statement-eg-1",
"88": "action-statement-eg-1",
"89": "vulnerabilities-for-security-advisory-or-vex-eg-1",
"90": "translation-eg-1",
"91": "remediation-without-product-reference-eg-1",
"92": "mixed-integer-and-semantic-versioning-eg-1",
"93": "version-range-in-product-version-eg-1",
"94": "flag-without-product-reference-eg-1",
"95": "multiple-flags-with-vex-justification-codes-per-product-eg-1",
"96": "mandatory-tests--branches-recursion-depth-eg-1",
"97": "contradicting-remediations-eg-1",
"98": "contradicting-product-status-remediation-combination-eg-1",
"99": "mandatory-tests--date-and-time-eg-1",
"100": "non-public-sharing-group-with-max-uuid-eg-1",
"101": "public-sharing-group-with-no-max-uuid-eg-1",
"102": "invalid-sharing-group-name-eg-1",
"103": "missing-sharing-group-name-eg-1",
"104": "unused-definition-of-product-id-eg-1",
"105": "missing-remediation-eg-1",
"107": "missing-metric-eg-1",
"108": "build-metadata-in-revision-history-eg-1",
"109": "older-initial-release-date-than-revision-history-eg-1",
"110": "older-current-release-date-than-revision-history-eg-1",
"111": "missing-date-in-involvements-eg-1",
"112": "use-of-md5-as-the-only-hash-algorithm-eg-1",
"113": "use-of-sha-1-as-the-only-hash-algorithm-eg-1",
"114": "missing-tlp-label-eg-1",
"115": "missing-canonical-url-eg-1",
"116": "missing-document-language-eg-1",
"117": "optional-tests--sorting-eg-1",
"118": "use-of-private-language-eg-1",
"119": "use-of-default-language-eg-1",
"120": "missing-product-identification-helper-eg-1",
"121": "cve-in-field-ids-eg-1",
"122": "product-version-range-without-vers-eg-1",
"123": "cvss-for-fixed-products-eg-1",
"124": "additional-properties-eg-1",
"125": "same-timestamps-in-revision-history-eg-1",
"126": "document-tracking-id-in-title-eg-1",
"127": "usage-of-deprecated-cwe-eg-1",
"128": "usage-of-non-latest-cwe-version-eg-1",
"129": "usage-of-cwe-not-allowed-for-vulnerability-mapping-eg-1",
"130": "usage-of-cwe-allowed-with-review-for-vulnerability-mapping-eg-1",
"131": "discouraged-product-status-remediation-combination-eg-1",
"132": "usage-of-max-uuid-eg-1",
"133": "usage-of-nil-uuid-eg-1",
"134": "usage-of-sharing-group-on-tlp-clear-eg-1",
"135": "use-of-cvss-v2-as-the-only-scoring-system-eg-1",
"136": "use-of-cvss-v3-0-eg-1",
"137": "missing-cve-eg-1",
"138": "missing-cwe-eg-1",
"139": "use-of-short-hash-eg-1",
"140": "use-of-non-self-referencing-urls-failing-to-resolve-eg-1",
"141": "use-of-self-referencing-urls-failing-to-resolve-eg-1",
"142": "spell-check-eg-1",
"143": "branch-categories-eg-1",
"144": "usage-of-product-version-range-eg-1",
"145": "usage-of-v-as-version-indicator-eg-1",
"146": "missing-cvss-v4-0-eg-1",
"147": "requirement-7-provider-metadata-json-eg-1",
"148": "requirement-8-security-txt-eg-1",
"149": "requirement-9-well-known-url-for-provider-metadata-json-eg-1",
"150": "requirement-11-one-folder-per-year-eg-1",
"151": "requirement-12-index-txt-eg-1",
"152": "requirement-13-changes-csv-eg-1",
"153": "requirement-15-rolie-feed-eg-1",
"154": "requirement-16-rolie-service-document-eg-1",
"155": "requirement-17-rolie-category-document-eg-1",
"156": "requirement-17-rolie-category-document-eg-2",
"157": "requirement-17-rolie-category-document-eg-3",
"158": "requirement-18-integrity-eg-1",
"159": "requirement-18-integrity-eg-2",
"160": "requirement-19-signatures-eg-1",
"161": "requirement-21-list-of-csaf-providers-eg-1",
"162": "requirement-23-mirror-eg-1",
"163": "conformance-clause-5-cvrf-csaf-converter-eg-1",
"164": "conformance-clause-5-cvrf-csaf-converter-eg-2",
"165": "conformance-clause-5-cvrf-csaf-converter-eg-3",
"166": "conformance-clause-5-cvrf-csaf-converter-eg-4"
}
Loading

0 comments on commit 6dcea01

Please sign in to comment.