From 4ec4c3d31fecd24ac61dba1b75a1bad9902d4551 Mon Sep 17 00:00:00 2001 From: David Waltermire Date: Thu, 22 Jun 2023 11:12:41 -0400 Subject: [PATCH 1/2] Fixed 6 cases where additionalProperties are allowed where they shouldn't be. --- schema/v5.0/CVE_JSON_5.0_schema.json | 34 +++++++++++++++++----------- 1 file changed, 21 insertions(+), 13 deletions(-) diff --git a/schema/v5.0/CVE_JSON_5.0_schema.json b/schema/v5.0/CVE_JSON_5.0_schema.json index effc3f63204..55392b672eb 100644 --- a/schema/v5.0/CVE_JSON_5.0_schema.json +++ b/schema/v5.0/CVE_JSON_5.0_schema.json @@ -247,7 +247,8 @@ "minLength": 1, "maxLength": 4096 } - } + }, + "additionalProperties": false } }, "platforms": { @@ -288,11 +289,10 @@ "maxProperties": 3 }, { - "required": ["version", "status", "versionType"], - "oneOf": [ - {"required": ["lessThan"]}, - {"required": ["lessThanOrEqual"]} - ] + "required": ["version", "status", "versionType", "lessThan"] + }, + { + "required": ["version", "status", "versionType", "lessThanOrEqual"] } ], "properties": { @@ -348,7 +348,8 @@ } } } - } + }, + "additionalProperties": false } } } @@ -722,7 +723,8 @@ "required": [ "type", "value" - ] + ], + "additionalProperties": false } } }, @@ -883,7 +885,8 @@ "required": [ "lang", "value" - ] + ], + "additionalProperties": false } }, "cvssV3_1": {"$ref": "file:imports/cvss/cvss-v3.1.json"}, @@ -905,13 +908,16 @@ }, "content": { "type": "object", + "$comment": "additionalProperties are allowed here, since this construct supports arbitrary JSON.", "description": "JSON object not covered by another metrics format.", "minProperties": 1 } - } + }, + "additionalProperties": false }, "additionalProperties": false - } + }, + "additionalProperties": false } }, "configurations": { @@ -1100,10 +1106,12 @@ "minLength": 1, "maxLength": 2048 } - } + }, + "additionalProperties": false } } - } + }, + "additionalProperties": false } }, "tagExtension": { From c55e85ee0220fed2f0093e2e2ad0108f78292fd5 Mon Sep 17 00:00:00 2001 From: David Waltermire Date: Thu, 22 Jun 2023 16:12:27 -0400 Subject: [PATCH 2/2] Removed a misplaced additionalProperties entry. --- schema/v5.0/CVE_JSON_5.0_schema.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/schema/v5.0/CVE_JSON_5.0_schema.json b/schema/v5.0/CVE_JSON_5.0_schema.json index 55392b672eb..f5131dcb674 100644 --- a/schema/v5.0/CVE_JSON_5.0_schema.json +++ b/schema/v5.0/CVE_JSON_5.0_schema.json @@ -914,8 +914,7 @@ } }, "additionalProperties": false - }, - "additionalProperties": false + } }, "additionalProperties": false }