Open julieqiu opened 2 years ago
v5.0 is a radical change from v4.0. Even the basic object keys are in a different format: dataVersion
vs. data_version
. I think we'll need a completely new set of Go structs for v5.
Currently, no CVEs use v5.
We can probably hold off on implementing this until we see actual v5.0 CVEs in the cvelist repo.
Change https://go.dev/cl/545300 mentions this issue: internal/cvelistrepo: add tests for FetchCVE and ParseCVE
Change https://go.dev/cl/545302 mentions this issue: internal/cvelistrepo: support fetch/parse v5 cves
Change https://go.dev/cl/545297 mentions this issue: internal/worker: make a copy of testdata repo for worker
Change https://go.dev/cl/545301 mentions this issue: internal/cvelistrepo: refactor ParseCVE and FetchCVE
Change https://go.dev/cl/545299 mentions this issue: internal/cvelistrepo: add test data for cvelistv5
Change https://go.dev/cl/545296 mentions this issue: internal: add some helper functions to support CVE v5
Change https://go.dev/cl/545298 mentions this issue: internal/cvelistrepo: use real CVE data for cvelistrepo tests
Change https://go.dev/cl/547497 mentions this issue: internal/report: add basic logic to convert cve5 to report
Change https://go.dev/cl/547556 mentions this issue: internal/report: add basic logic to convert cve5 to report
Add support for collectionUrl and packageName in cmd/cvetriage. This is introduced in CVE schema v5.0.
https://github.com/CVEProject/cve-schema/commit/3208d6d88de9132a559afad976d151275104da5e
https://github.com/CVEProject/cve-schema/blob/master/schema/v5.0/docs/versions.md