Broken verification - Githubissues

apache / security-vulnogram

Vulnogram is a tool for creating and editing CVE information in CVE JSON format

https://vulnogram.github.io/

MIT License

5 stars 4 forks source link

Broken verification #36

Closed iamamoose closed 1 year ago

iamamoose commented 1 year ago

default/cve5/conf.js does schema verification that doesn't work, but it does on vulnogram.github.io, so likely I broke something.

raboof commented 1 year ago

Do you have an example of a validation that doesn't have the intended effect?

I thought we created this issue when we saw 'versionType' was not correctly flagged as required, but that seems to work now. That's an 'explicit' form validation and not a schema verification though.

iamamoose commented 1 year ago

A good example is the Tomcat issue CVE-2022-45143 which failed schema validation (versionType was semver for a single version with no range). vulnogram.github.io correctly flagged this, but we didn't.

iamamoose commented 1 year ago

our custom/cve5/conf.js validators[] is causing the default/cve5/conf.js validators[] function to not run

iamamoose commented 1 year ago

fixed, live