vulnrichment
vulnrichment copied to clipboard
cisagov
The JSON for "other" (SSVC) "options" is not succinct json
This is purely a suggestion, but the way data is stored in the "containers.adp.metrics.other.content.options" is suboptimal. All of the records at the time I created this issue are encoded this way, but I will use CVE-2007-3484 as an example.
The current encoding looks like this:
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
Right now there is only one value in the "options" array across the 6500 or so CVEs so that could just be a json object instead of array, but maybe you want future expansion. However, the separation of the three key-values into their own object is unnecessary and could be simplified to look like this:
"options": [
{
"Exploitation": "none",
"Automatable": "no",
"Technical Impact": "partial"
}
],
The current method causes some headache when flattening the JSON since it treats each of those objects as unique array entries and the missing keys as unset values:
options_id Exploitation Automatable `Technical Impact`
1 none NA NA
2 NA no NA
3 NA NA partial
But like I mentioned, you only ever have one array entry currently, so the whole thing could just be a single object (but your schema would have to be updated, since it allows for .* as a string or an array):
"options": {
"Exploitation": "none",
"Automatable": "no",
"Technical Impact": "partial"
}
And if you don't need the array in options, you could copy the way CVSS data is encoded and just drop the whole "options" section and just have keys for the three SSVC values:
"content": {
"id": "CVE-2007-3484",
"role": "CISA Coordinator",
"Exploitation": "none",
"Automatable": "no",
"Technical Impact": "partial",
"version": "2.0.3",
"timestamp": "2024-05-24T19:33:37.182425Z"
}
which would make the SSVC content simple and not nested JSON.
