Slight discrepancy between assets/risk/comment in the schema and EXAMPLE.json

iriusrisk / OpenThreatModel

The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.

165 stars 13 forks source link

Slight discrepancy between assets/risk/comment in the schema and EXAMPLE.json #27

Closed xntrik closed 7 months ago

xntrik commented 7 months ago

I've noticed that schema for assets/risk/comment is not matched to the EXAMPLE.json

https://github.com/iriusrisk/OpenThreatModel/blob/main/otm_schema.json#L68 "comment": {"type": ["string", "null"]}

https://github.com/iriusrisk/OpenThreatModel/blob/main/EXAMPLE.json#L43 "riskComments": "We have decided that the values are a 100 for all values since this highly sensitive information"

Unsure if we should adjust EXAMPLE.json to be comment or adjust the spec to be riskComments.

jgadsden commented 7 months ago

in my opinion the schema is correct here and that the example should be changed the comment is given its context by the risk attribute, so riskComments unnecessarily repeats risk

dantolin-iriusrisk commented 7 months ago

Totally agree. Changed :heavy_check_mark:. Thanks!