-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathinfo-security-1.schema.json
110 lines (110 loc) · 3.51 KB
/
info-security-1.schema.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
{
"$schema": "http://json-schema.org/draft-07/schema",
"$id": "https://schemas.conda.io/info-security-1.schema.json",
"type": "object",
"title": "info/security.json",
"description": "Security-related information for the package.",
"required": [
"schema_version"
],
"properties": {
"$schema": {
"type": "string",
"const": "https://schemas.conda.io/info-security-1.schema.json",
"format": "uri"
},
"schema_version": {
"type": "integer",
"minimum": 1,
"description": "Schema version for the current file."
},
"vulns_mitigated": {
"description": "Vulnerabilities that have been identified for the package but have actively been mitigated in this package build through a code patch.",
"type": "array",
"items": {
"allOf": [
{"$ref": "#/definitions/vuln_description_item"},
{
"properties": {
"patch_fn": {
"type": "string",
"description": "The path for the mitigating patch within the recipe."
},
"patch_src_url": {
"type": "string",
"format": "uri",
"description": "The public source for the mitigating patch being applied."
}
}
}
]
}
},
"vulns_disputed": {
"description": "Vulnerabilities where one party, particularly the project maintainers, disagrees with another party's assertion that a particular issue in software is a vulnerability",
"type": "array",
"items": {"$ref": "#/definitions/vuln_description_item"}
},
"vulns_cleared": {
"description": "Vulnerabilities associated with the package that have been analyzed and determined to not be applicable.",
"type": "array",
"items": {"$ref": "#/definitions/vuln_description_item"}
},
"vulns_active": {
"description": "Vulnerabilities that have been identified for the package that are potentially active and exploitable.",
"type": "array",
"items": {"$ref": "#/definitions/vuln_description_item"}
}
},
"definitions": {
"vuln_description_item": {
"$id": "#/definitions/vuln_description_item",
"type": "object",
"required": ["id"],
"properties": {
"id": {
"type": "string",
"title": "Vulnerability ID",
"pattern": "^CVE-[0-9]{4}-[0-9]{4,6}$"
},
"poc_url": {
"type": "string",
"format": "uri",
"description": "Location of vulnerability proof-of-concept or exploit demonstration."
},
"comment": {
"type": "string",
"description": "Comment field reserved for the recipe author."
},
"references": {
"description": "References determined to be relevant by the recipe author.",
"type": "array",
"items": {"$ref": "#/definitions/vuln_description_item_reference"}
}
}
},
"vuln_description_item_reference": {
"$id": "#/definitions/vuln_description_item_reference",
"type": "object",
"required": [
"type",
"url"
],
"properties": {
"type": {
"type": "string",
"description": "The type of reference. Prefer adding additional enum options rather than using 'other'.",
"enum": [
"nist",
"debian",
"other"
]
},
"url": {
"type": "string",
"format": "uri"
}
}
}
}
}