feature(CVSSv4): Bump OSV schema version (#854)

* feature(CVSSv4): Bump OSV schema version The aim of this change is to support CVSS v4 Signed-off-by: Fran Mulero <francisco-jose.mulero@broacom.com> * Fix linter Signed-off-by: Fran Mulero <francisco-jose.mulero@broacom.com> --------- Signed-off-by: Fran Mulero <francisco-jose.mulero@broacom.com> Co-authored-by: Fran Mulero <francisco-jose.mulero@broacom.com>
2025-04-14 09:44:14 +02:00 · 2025-04-14 09:44:14 +02:00 · 9ce177ea3f
parent c34f8e65c1
commit 9ce177ea3f
2 changed files with 9 additions and 58 deletions
--- a/config/validation/README.md
+++ b/config/validation/README.md
@ -1,3 +1,3 @@
 # OSV schema

-The `schema.json` file in this repo is the one from [ossf/osv-schema](https://github.com/ossf/osv-schema/tree/789f1953425dcb78d82a38cbbb00eee3c21d6f8d/validation).
+The `schema.json` file in this repo is the one from [ossf/osv-schema](https://github.com/ossf/osv-schema/blob/1fcd55bc702d0c5f49fba4ba92742ed26047eb15/validation).
--- a/config/validation/schema.json
+++ b/config/validation/schema.json
@ -21,10 +21,7 @@
      "$ref": "#/$defs/timestamp"
    },
    "aliases": {
-      "type": [
-        "array",
-        "null"
-      ],
+      "type": ["array", "null"],
      "items": {
        "type": "string"
      }
@ -45,10 +42,7 @@
      "$ref": "#/$defs/severity"
    },
    "affected": {
-      "type": [
-        "array",
-        "null"
-      ],
+      "type": ["array", "null"],
      "items": {
        "type": "object",
        "properties": {
@ -171,9 +165,7 @@
                    "properties": {
                      "events": {
                        "contains": {
-                          "required": [
-                            "last_affected"
-                          ]
+                          "required": ["last_affected"]
                        }
                      }
                    }
@ -183,9 +175,7 @@
                      "properties": {
                        "events": {
                          "contains": {
-                            "required": [
-                              "fixed"
-                            ]
+                            "required": ["fixed"]
                          }
                        }
                      }
@ -215,10 +205,7 @@
      }
    },
    "references": {
-      "type": [
-        "array",
-        "null"
-      ],
+      "type": ["array", "null"],
      "items": {
        "type": "object",
        "properties": {
@ -294,10 +281,7 @@
  ],
  "$defs": {
    "severity": {
-      "type": [
-        "array",
-        "null"
-      ],
+      "type": ["array", "null"],
      "items": {
        "type": "object",
        "properties": {
@ -305,47 +289,14 @@
            "type": "string",
            "enum": [
              "CVSS_V2",
-              "CVSS_V3"
+              "CVSS_V3",
+              "CVSS_V4"
            ]
          },
          "score": {
            "type": "string"
          }
        },
-        "allOf": [
-          {
-            "if": {
-              "properties": {
-                "type": {
-                  "const": "CVSS_V2"
-                }
-              }
-            },
-            "then": {
-              "properties": {
-                "score": {
-                  "pattern": "AV:[NAL]\\/AC:[LMH]\\/A[Uu]:[NSM]\\/C:[NPC]\\/I:[NPC]\\/A:[NPC]"
-                }
-              }
-            }
-          },
-          {
-            "if": {
-              "properties": {
-                "type": {
-                  "const": "CVSS_V3"
-                }
-              }
-            },
-            "then": {
-              "properties": {
-                "score": {
-                  "pattern": "CVSS:3\\.[0-9]/AV:[NALP]\\/AC:[LH]\\/PR:[NLH]\\/UI:[NR]\\/S:[UC]\\/C:[NLH]\\/I:[NLH]\\/A:[NLH]"
-                }
-              }
-            }
-          }
-        ],
        "required": [
          "type",
          "score"