Closed mprpic closed 3 years ago
This change adds a method to both CVSS2 and CVSS3 objects to output data according to the official CVSS JSON schema.
This allows the library to be used to format CVSS data in a standard format, which is required for example in the CVE JSON schema:
https://github.com/CVEProject/cve-schema/blob/74f6baabe590adb17c274c9e8a3984fcbd63f421/schema/v5.0/CVE_JSON_5.0.schema#L868
or the CSAF schema:
https://github.com/oasis-tcs/csaf/blob/f042fc3b14b6ba1c59261da56eb76c02a0dd41fe/csaf_2.0/json_schema/csaf_json_schema.json#L1189
Tests are run against the list of random vectors and the JSON output is validated against the respective schema for each vector. The downside of this is that it takes a considerable amount of time, see e.g. timing in:
https://github.com/mprpic/cvss/actions/runs/757602131
Locally it's a bit faster but still takes about 5-10 mins depending on the hardware.
This change adds a method to both CVSS2 and CVSS3 objects to output data according to the official CVSS JSON schema.
This allows the library to be used to format CVSS data in a standard format, which is required for example in the CVE JSON schema:
https://github.com/CVEProject/cve-schema/blob/74f6baabe590adb17c274c9e8a3984fcbd63f421/schema/v5.0/CVE_JSON_5.0.schema#L868
or the CSAF schema:
https://github.com/oasis-tcs/csaf/blob/f042fc3b14b6ba1c59261da56eb76c02a0dd41fe/csaf_2.0/json_schema/csaf_json_schema.json#L1189
Tests are run against the list of random vectors and the JSON output is validated against the respective schema for each vector. The downside of this is that it takes a considerable amount of time, see e.g. timing in:
https://github.com/mprpic/cvss/actions/runs/757602131
Locally it's a bit faster but still takes about 5-10 mins depending on the hardware.