search

CVEProject / cve-schema

This repository is used for the development of the CVE JSON record format. Releases of the CVE JSON record format will also be published here. This repository is managed by the CVE Quality Working Group.
Creative Commons Zero v1.0 Universal
244 stars 137 forks source link

JSON values: float vs int #319

Open jayjacobs opened 3 months ago

jayjacobs commented 3 months ago

I am not convinced this is something we should fix in the JSON schema, or even if we want to be bothered with it.

But strongly typed languages interpret "1" and "1.0" differently and can cause errors when combining values across CVE records with different types. This is heavily debated in the JSON Schema definition: https://github.com/json-schema/json-schema/issues/27

There are several fields in CVE records, specifically in the CVSS (metrics) section, that have different data types when parsing in python, but I am not sure if this is something we need to tackle at the data storage/validation step.

jayjacobs commented 3 months ago

Some clarification to add, the JSON specification does not differentiate between float and int data types, it allows strings, numbers and literals (null, true, false). So all but the last one listed above is valid JSON across the records.

So this is more of a formatting request that numbers in the fields above be formated with a ".0" appended if they are integers. But I don't feel very strongly about this change, it would help the json parsing in languages like python though.

Also, the containers.cna.metrics.other.content.version is a separate issue, not sure what the schema says about that field, but it is represented as both a number and string across different JSON records.

trolldbois commented 2 months ago

possibly a related problem (float vs decimal):

That can be solved by using json.load(x, parse_float=decimal.Decimal)