search

RedHatProductSecurity / cvelib

A Python library and command line interface for CVE Services.
MIT License
56 stars 24 forks source link

Validation Error for descriptions property #56

Closed erwanlr closed 1 year ago

erwanlr commented 1 year ago

Trying to publish a CVE with cvelib 1.1.0 and getting the following error:

Error: ERROR: CVE record is not valid against the v5 JSON schema:
None of [{'lang': 'eng', 'value': 'Test'}] are valid under the given schema

The descriptions property is as below:

"descriptions": [
    {
      "lang": "eng",
      "value": "Test"
    }
  ],

According to the validation schema, that should be ok, but cvelib is not happy. Did I miss something ?

mprpic commented 1 year ago

The value you're using for lang is not valid according to:

https://github.com/CVEProject/cve-schema/blob/v5.0.0/schema/v5.0/CVE_JSON_5.0_schema.json#L1029

It needs to be a BCP47-compliant language code so either en or en-US or w/e other English region.

erwanlr commented 1 year ago

Thx a lot! What an embarrassing mistake :D

That also explains why with cvelib 1.0.0 I was getting a 500 from MITRE API (w/o details about why it failed :x) when sending such data.