specification icon indicating copy to clipboard operation
specification copied to clipboard
Published 1 month ago verified publisher icon CycloneDX

BC: `proofOfConcept.reproductionSteps` should be array reuse `step` object

Open mrutkows opened this issue 2 years ago • 0 comments

Within the "vulnerabilities" a new v1.5 field "proofOfConcept` object was added with a field "reproductionSteps" which is a single string; it should be an array by implied name; however, it would be better to adopt the "formulation" concept of (set of tasks) "step" which itself is an object which can provide detailed information around each step and (any) commands used:

 "step": {
      "type": "object",
      "description": "Executes specific commands or tools in order to accomplish its owning task as part of a sequence.",
      "additionalProperties": false,
      "properties": {
        "name": {
          "title": "Name",
          "description": "A name for the step.",
          "type": "string"
        },
        "description": {
          "title": "Description",
          "description": "A description of the step.",
          "type": "string"
        },
        "commands": {
          "title": "Commands",
          "description": "Ordered list of commands or directives for the step",
          "type": "array",
          "items": {
            "$ref": "#/definitions/command"
          }
        },
        "properties": {
          "type": "array",
          "title": "Properties",
          "items": {
            "$ref": "#/definitions/property"
          }
        }
      }
    },

mrutkows avatar Jul 31 '23 13:07 mrutkows