Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix types in Security example snippets #794

Merged
merged 3 commits into from
Jul 22, 2024
Merged

Fix types in Security example snippets #794

merged 3 commits into from
Jul 22, 2024

Conversation

bact
Copy link
Collaborator

@bact bact commented Jun 29, 2024
edited
Loading

Revise example snippets ("Syntax" section) in *VulnAssessmentRelationship classes:

  • Put xsd:decimal value inside a quote
  • Put CvssSeverityType entry value to lower case, per https://spdx.github.io/spdx-spec/v3.0/model/Security/Vocabularies/CvssSeverityType/
  • Change to value to array (cardinality ..*) (in CvssV4VulnAssessmentRelationship)
  • externalRefs -> externalRef
  • externalIdentifiers -> externalIdentifier
  • "externalIdentifierType": "securityAdvisory" -> "externalIdentifierType": "securityOther"
    • There is no securityAdvisory entry in ExternalIdentifierType vocab (It is in ExternalRefType vocab)
  • Add security_ prefix to security properties
  • @id -> spdxId
  • @type -> type

@bact
Fix types in Security example snippets
b898dd1 
- `xsd:demical` value should be inside a quote
- `CvssSeverityType` entry value should be in lower case

Signed-off-by: Arthit Suriyawongkul <[email protected]>
@kestewart kestewart added this to the 3.0.1 milestone Jul 14, 2024
@bact
Copy link
Collaborator Author

bact commented Jul 15, 2024

@bact
Add namespace prefix
9442dc3 
- Add `security_` prefix for security properties
- `@id` -> `spdxId`
- `@type` -> `type`
- `externalRefs` -> `externalRef`
- `externalIdentifiers` -> `externalIdentifier`
- `"externalIdentifierType": "securityAdvisory"` -> `"externalIdentifierType": "securityOther"` (there is no `securityAdvisory` entry in `ExternalIdentifierType` vocab)
- CvssV4VulnAssessmentRelationship: change `to` value to array (cardinality ..*)

Signed-off-by: Arthit Suriyawongkul <[email protected]>
goneall
goneall approved these changes Jul 22, 2024
View reviewed changes
Copy link
Member

@goneall goneall left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - Verified that the severity types should be lower case

kestewart
kestewart approved these changes Jul 22, 2024
View reviewed changes
Copy link
Contributor

@kestewart kestewart left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for cleaning this up.

@kestewart kestewart merged commit 2fe6471 into spdx:main Jul 22, 2024
1 check passed
@bact bact deleted the fix-decimal-in-syntax branch July 22, 2024 22:54
@bact bact mentioned this pull request Jul 30, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@goneall goneall goneall approved these changes

@kestewart kestewart kestewart approved these changes

@rnjudge rnjudge Awaiting requested review from rnjudge

@zvr zvr Awaiting requested review from zvr

@jeff-schutt jeff-schutt Awaiting requested review from jeff-schutt

Assignees
No one assigned
Labels
Profile:Security
Projects
None yet
Milestone
3.0.1
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@bact @goneall @kestewart